| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.10.2011, 11:02
| #1 |
 |  Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner Hallo liebe Forumsgemeinde, erstmal möcht ich mich vorstellen , ich bin Simon bin das erste mal hier Und vorerstmal hoffe ich, dass dies auch das richtige Unterforum ist, da ich ja sowohl ein Problem mit dem Scanner, als auch mit Befall habe.. Ich habe ein problem mit dem ESET Online Scanner. Mein PC hat im Arbeitsspeicher einen WIn 32 SpyZBot ZR Trojaner gefunden. Nun habe ich den ESET scanner eingesetzt ( in den Feldern ''Automatisches Deinstallieren der Schädlinge'' und ''Archive durchsuchen'' waren bei beiden die Häkchen drin). Jetzt müsste der Bildschirm nach dem Fund, ja theoretisch so aussehn : http://www.trojaner-board.de/attachm...er-nod32-5.png Das Problem ist, dass das unter dem Schriftfeld : '' Wählen sie Deinstallieren , wenn sie alle Dateien von ESET Online Scanner von ihrem Computer entfernen möchten. Wenn sie ESET Online Scanner das nächste mal online ausführen, müssen Sie sie wieder herunterladen '' NICHTS ist... blankes Weiß..nur noch rechts unten '' Fertig stellen'' sodass mir die Reinigung im Prinzip verweigert wird. Ich danke schonmal im Vorraus für die Hilfe Okay ich habe jetzt erstmal folgendes gemacht: Malware Bytes ( nichts gefunden ) Log : Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 7988 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 23.10.2011 13:49:31 mbam-log-2011-10-23 (13-49-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 293729 Laufzeit: 1 Stunde(n), 7 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ______________________________________________________________________________________________________________ Antivir: hat 2 Dateien gefunden ( wurden in Quarantäne verschoben) Log : Avira Free Antivirus Erstellungsdatum der Reportdatei: Sonntag, 23. Oktober 2011 13:58 Es wird nach 3421795 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows XP Windowsversion : (Service Pack 3) [5.1.2600] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : SIMON-14D0750F1 Versionsinformationen: BUILD.DAT : 12.0.0.855 41827 Bytes 12.10.2011 16:36:00 AVSCAN.EXE : 12.1.0.17 490448 Bytes 11.10.2011 12:59:38 AVSCAN.DLL : 12.1.0.17 65744 Bytes 11.10.2011 12:59:58 LUKE.DLL : 12.1.0.17 68304 Bytes 11.10.2011 12:59:47 AVSCPLR.DLL : 12.1.0.19 99536 Bytes 11.10.2011 12:59:38 AVREG.DLL : 12.1.0.20 227024 Bytes 11.10.2011 12:59:38 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39 VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 15:08:51 VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 10:00:55 VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 10:18:22 VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 12:12:53 VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 07:26:09 VBASE007.VDF : 7.11.15.106 2389504 Bytes 05.10.2011 12:59:54 VBASE008.VDF : 7.11.15.107 2048 Bytes 05.10.2011 12:59:54 VBASE009.VDF : 7.11.15.108 2048 Bytes 05.10.2011 12:59:54 VBASE010.VDF : 7.11.15.109 2048 Bytes 05.10.2011 12:59:54 VBASE011.VDF : 7.11.15.110 2048 Bytes 05.10.2011 12:59:54 VBASE012.VDF : 7.11.15.111 2048 Bytes 05.10.2011 12:59:54 VBASE013.VDF : 7.11.15.144 161792 Bytes 07.10.2011 12:59:54 VBASE014.VDF : 7.11.15.177 130048 Bytes 10.10.2011 12:59:54 VBASE015.VDF : 7.11.15.213 113664 Bytes 11.10.2011 13:35:57 VBASE016.VDF : 7.11.16.1 163328 Bytes 14.10.2011 20:34:20 VBASE017.VDF : 7.11.16.34 187904 Bytes 18.10.2011 21:28:16 VBASE018.VDF : 7.11.16.77 139264 Bytes 20.10.2011 08:52:18 VBASE019.VDF : 7.11.16.78 2048 Bytes 20.10.2011 08:52:18 VBASE020.VDF : 7.11.16.79 2048 Bytes 20.10.2011 08:52:18 VBASE021.VDF : 7.11.16.80 2048 Bytes 20.10.2011 08:52:18 VBASE022.VDF : 7.11.16.81 2048 Bytes 20.10.2011 08:52:18 VBASE023.VDF : 7.11.16.82 2048 Bytes 20.10.2011 08:52:19 VBASE024.VDF : 7.11.16.83 2048 Bytes 20.10.2011 08:52:19 VBASE025.VDF : 7.11.16.84 2048 Bytes 20.10.2011 08:52:19 VBASE026.VDF : 7.11.16.85 2048 Bytes 20.10.2011 08:52:19 VBASE027.VDF : 7.11.16.86 2048 Bytes 20.10.2011 08:52:19 VBASE028.VDF : 7.11.16.87 2048 Bytes 20.10.2011 08:52:19 VBASE029.VDF : 7.11.16.88 2048 Bytes 20.10.2011 08:52:19 VBASE030.VDF : 7.11.16.89 2048 Bytes 20.10.2011 08:52:20 VBASE031.VDF : 7.11.16.106 86016 Bytes 21.10.2011 08:52:01 Engineversion : 8.2.6.84 AEVDF.DLL : 8.1.2.1 106868 Bytes 01.09.2011 21:46:02 AESCRIPT.DLL : 8.1.3.81 467322 Bytes 11.10.2011 12:59:35 AESCN.DLL : 8.1.7.2 127349 Bytes 01.09.2011 21:46:02 AESBX.DLL : 8.2.1.34 323957 Bytes 01.09.2011 21:46:02 AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06 AEPACK.DLL : 8.2.10.11 684408 Bytes 22.09.2011 14:18:45 AEOFFICE.DLL : 8.1.2.15 201083 Bytes 15.09.2011 23:17:25 AEHEUR.DLL : 8.1.2.180 3748217 Bytes 12.10.2011 11:41:59 AEHELP.DLL : 8.1.17.7 254327 Bytes 01.09.2011 21:46:01 AEGEN.DLL : 8.1.5.9 401780 Bytes 01.09.2011 21:46:01 AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01 AECORE.DLL : 8.1.23.0 196983 Bytes 01.09.2011 21:46:01 AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01 AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 12:59:41 AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 12:59:38 AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 12:59:38 AVARKT.DLL : 12.1.0.17 223184 Bytes 11.10.2011 12:59:36 AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 12:59:37 SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 12:59:51 AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 12:59:39 NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 12:59:47 RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 13:00:00 RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 13:00:00 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: c:\programme\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Abweichende Gefahrenkategorien........: +APPL,+JOKE,+PCK,+SPR, Beginn des Suchlaufs: Sonntag, 23. Oktober 2011 13:58 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. HKEY_USERS\S-1-5-21-1454471165-2000478354-725345543-1003\Software\SecuROM\License information\datasecu [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-1454471165-2000478354-725345543-1003\Software\SecuROM\License information\rkeysecu [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'rsmsink.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'msdtc.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'dllhost.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'dllhost.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '72' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'alg.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiapsrv.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'iPodService.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'LVComSer.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'wscntfy.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'LVPrcSrv.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'LVComSer.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'jqs.exe' - '85' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'ctfmon.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'daemon.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'hkcmd.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxtray.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'Communications_Helper.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'vsnpstd3.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'tsnpstd3.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '120' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '161' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '58' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '74' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '12' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '2750' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\System Volume Information\_restore{104CED89-B2A6-4229-BE7C-30F3762A2E14}\RP406\A0099553.exe [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen5 C:\System Volume Information\_restore{104CED89-B2A6-4229-BE7C-30F3762A2E14}\RP423\A0100941.exe [FUND] Ist das Trojanische Pferd TR/Spy.ZBot.WX Beginne mit der Desinfektion: C:\System Volume Information\_restore{104CED89-B2A6-4229-BE7C-30F3762A2E14}\RP423\A0100941.exe [FUND] Ist das Trojanische Pferd TR/Spy.ZBot.WX [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c3bbe33.qua' verschoben! C:\System Volume Information\_restore{104CED89-B2A6-4229-BE7C-30F3762A2E14}\RP406\A0099553.exe [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen5 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54ad9194.qua' verschoben! Ende des Suchlaufs: Sonntag, 23. Oktober 2011 15:44 Benötigte Zeit: 1:45:40 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 29979 Verzeichnisse wurden überprüft 409331 Dateien wurden geprüft 2 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 2 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 409329 Dateien ohne Befall 6022 Archive wurden durchsucht 0 Warnungen 4 Hinweise 407833 Objekte wurden beim Rootkitscan durchsucht 2 Versteckte Objekte wurden gefunden ______________________________________________________________________________________________________________ Der Eset Scanner meldet allerdings weiterhin den Befall des Win32 SpyZBot ZR Trojaners. Der Zbot Killer von Kasprsky brachte kein ergebnis : Infected Files : 0 Infected Threads : 0 Unhooked Functions : 164 Deleted Files : 0 Fixed registry Files :0 |
|
24.10.2011, 18:58
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________Zitat:
__________________ |
|
24.10.2011, 19:08
| #3 |
| | Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner Hi
__________________ komisch, also wenn ich bei google bildersuche eset online scanner eingebe kommt das bild von hier. http://www.trojaner-board.de/80603-e...ner-nod32.html unterstes MWB logs gibt es seit dem problem keine...die, die ich von davor habe sind entweder ebenfalls ohne befund , oder hingen ( falls sie denn was hatten) mit einem ganz anderen problem zusammen..trotzdem posten? und schonmal  dafür, dass du dich des themas angenommen hast |
|
24.10.2011, 19:18
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner Versuch ESET bitte nochmal so: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.10.2011, 21:02
| #5 |
| | Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner Hier bitte!  ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=92601776bbb5294bb7852c636cb5c2ab # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-22 10:10:00 # local_time=2011-10-23 12:10:00 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1792 16777175 100 0 604483 604483 0 0 # compatibility_mode=8192 67108863 100 0 124 124 0 0 # scanned=158426 # found=1 # cleaned=0 # scan_time=6160 ${Memory} a variant of Win32/Spy.Zbot.ZR trojan 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=92601776bbb5294bb7852c636cb5c2ab # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-23 12:04:22 # local_time=2011-10-23 02:04:22 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1792 16777175 100 0 611008 611008 0 0 # compatibility_mode=8192 67108863 100 0 6649 6649 0 0 # scanned=158432 # found=1 # cleaned=0 # scan_time=6493 ${Memory} Variante von Win32/Spy.Zbot.ZR Trojaner 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=92601776bbb5294bb7852c636cb5c2ab # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-10-23 12:35:57 # local_time=2011-10-23 02:35:57 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1792 16777191 100 0 619356 619356 0 0 # compatibility_mode=8192 67108863 100 0 14997 14997 0 0 # scanned=1 # found=1 # cleaned=0 # scan_time=40 ${Memory} Variante von Win32/Spy.Zbot.ZR Trojaner 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=92601776bbb5294bb7852c636cb5c2ab # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-10-23 12:48:09 # local_time=2011-10-23 02:48:09 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1792 16777175 100 0 620040 620040 0 0 # compatibility_mode=8192 67108863 100 0 15681 15681 0 0 # scanned=1 # found=1 # cleaned=0 # scan_time=88 ${Memory} Variante von Win32/Spy.Zbot.ZR Trojaner 00000000000000000000000000000000 I # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=92601776bbb5294bb7852c636cb5c2ab # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-23 01:51:07 # local_time=2011-10-23 03:51:07 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1792 16777191 100 0 667061 667061 0 0 # compatibility_mode=8192 67108863 100 0 62702 62702 0 0 # scanned=1 # found=1 # cleaned=0 # scan_time=45 ${Memory} Variante von Win32/Spy.Zbot.ZR Trojaner 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=92601776bbb5294bb7852c636cb5c2ab # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-24 08:00:57 # local_time=2011-10-24 10:00:57 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1792 16777175 100 0 775632 775632 0 0 # compatibility_mode=8192 67108863 100 0 171273 171273 0 0 # scanned=1 # found=1 # cleaned=0 # scan_time=65 ${Memory} Variante von Win32/Spy.Zbot.ZR Trojaner 00000000000000000000000000000000 I |
|
25.10.2011, 10:03
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner Angeblich ist der im Arbeitsspeicher. CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner |
|
25.10.2011, 10:31
| #7 |
| | Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner Hier der Inhalt der OTL.log Textdatei: OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.10.2011 11:05:41 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,98 Mb Total Physical Memory | 647,73 Mb Available Physical Memory | 63,82% Memory free 2,39 Gb Paging File | 2,03 Gb Available in Paging File | 85,20% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,52 Gb Total Space | 50,33 Gb Free Space | 67,54% Space Free | Partition Type: NTFS Drive E: | 6,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SIMON-14D0750F1 | User Name: Simon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.25 11:05:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Downloads\OTL.exe PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.01.05 12:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2008.09.22 15:44:28 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2008.09.22 15:42:24 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe PRC - [2008.09.22 15:41:50 | 000,564,496 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.09.14 22:09:07 | 000,157,592 | ---- | M] (DT Soft Ltd.) -- C:\Programme\DAEMON Tools\daemon.exe PRC - [2006.08.21 14:35:10 | 000,114,688 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe PRC - [2006.05.10 09:20:52 | 000,344,064 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe ========== Modules (No Company Name) ========== MOD - [2011.10.11 14:59:51 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2010.11.17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2009.04.27 23:49:26 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2008.09.22 15:42:46 | 000,068,120 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVCSPS.dll MOD - [2008.09.22 15:41:50 | 000,564,496 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe MOD - [2006.08.21 14:35:10 | 000,114,688 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe MOD - [2006.07.14 07:34:00 | 000,007,680 | ---- | M] () -- C:\Programme\DAEMON Tools\Plugins\Images\bw5mount.dll MOD - [2006.05.10 09:20:52 | 000,344,064 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe ========== Win32 Services (SafeList) ========== SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.01.05 12:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.03.29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2008.09.22 15:44:28 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008.09.22 15:42:24 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer) SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2011.10.11 15:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.23 16:52:02 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.26 15:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 15:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 15:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 15:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.09.22 15:43:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008.05.20 20:59:10 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2008.05.20 20:59:00 | 004,658,456 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC) DRV - [2008.05.20 20:58:48 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008.05.20 20:58:02 | 000,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2006.02.06 20:19:54 | 008,410,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2005.10.13 15:46:08 | 000,035,328 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync03.sys -- (sfsync03) StarForce Protection Synchronization Driver (version 3.x) DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.3 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - prefs.js..network.proxy.ftp: " 84.72.71.238" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.gopher: " 84.72.71.238" FF - prefs.js..network.proxy.gopher_port: 80 FF - prefs.js..network.proxy.http: "184.106.213.192" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.socks: " 84.72.71.238" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: " 84.72.71.238" FF - prefs.js..network.proxy.ssl_port: 80 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.03 08:35:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.06.04 19:54:00 | 000,000,000 | ---D | M] [2009.06.09 23:10:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Extensions [2011.10.01 16:44:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions [2011.09.24 21:01:58 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2011.09.29 19:21:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2) [2011.08.31 18:13:16 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E} [2010.06.26 23:36:17 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011.08.31 18:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions [2011.08.31 18:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI [2011.10.21 17:41:59 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-1.xml [2011.06.22 21:58:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-10.xml [2011.08.24 12:50:07 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-11.xml [2011.08.31 18:13:27 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-12.xml [2011.09.01 10:40:41 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-13.xml [2011.09.07 19:54:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-14.xml [2011.09.29 17:38:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-15.xml [2010.10.29 16:03:27 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-2.xml [2010.12.11 15:08:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-3.xml [2011.03.03 23:41:31 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-4.xml [2011.03.06 10:43:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-5.xml [2011.03.24 09:34:23 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-6.xml [2011.05.01 01:36:09 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-7.xml [2011.06.04 19:55:23 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-8.xml [2011.06.22 16:00:15 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-9.xml [2010.07.23 12:16:59 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin.xml [2011.10.20 22:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.20 22:46:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.05.06 07:10:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SIMON\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\MEZZ9NJM.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SIMON\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\MEZZ9NJM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SIMON\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\MEZZ9NJM.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI [2009.06.28 03:02:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.10.03 08:35:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.10.03 08:35:22 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.03 08:35:22 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.10.03 08:35:22 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.10.03 08:35:22 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.03 08:35:22 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.03 08:35:22 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (no name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe File not found O4 - HKLM..\Run: [DAEMON Tools] C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe () O4 - HKCU..\Run: [giva.exe] C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Ycigy\giva.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274021090312 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274021082750 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{293D4BF7-24FC-4BF8-BF9C-B28219D622E8}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.09 20:47:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: vsmon - Service SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA844-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\CChat25.inf,PerUserAdd.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.dll (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.10.23 13:54:56 | 000,108,368 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Simon\Desktop\ZBotKiller.exe [2011.10.22 22:25:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2011.10.20 22:46:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2011.10.20 21:54:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\Temp [2011.10.20 21:54:41 | 000,000,000 | ---D | C] -- C:\Programme\Freeware.de [2011.10.20 21:54:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\Conduit [2011.10.20 21:54:37 | 000,000,000 | ---D | C] -- C:\cannonhill [2011.10.18 23:43:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\NFS Underground 2 [2011.10.18 23:43:14 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DirectX [2011.10.18 23:35:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Desktop\Need4speed Underground 2 [2011.10.17 12:06:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\TCM 2005 [2011.10.15 22:33:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Avira [2011.10.15 22:33:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2011.10.15 22:32:51 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2011.10.15 22:32:46 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011.10.15 22:32:46 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011.10.15 22:32:46 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2011.10.15 22:32:41 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.10.15 22:32:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2011.10.09 13:21:39 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Eigene Musik [2011.10.04 22:31:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\ICQ [2011.10.01 23:17:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Downloads [2011.09.29 20:04:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\DeepBurner [2011.09.29 20:04:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DeepBurner [2011.09.29 20:04:26 | 000,000,000 | ---D | C] -- C:\Programme\Astonsoft [2011.09.29 18:28:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Desktop\Music [2009.07.05 22:37:52 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll [2009.07.05 22:37:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\vsnpstd3.dll [2009.07.05 22:37:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.10.25 08:25:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.10.25 08:24:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.10.25 08:24:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2011.10.25 08:24:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad [2011.10.23 02:53:04 | 000,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.10.18 23:34:10 | 000,060,416 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.18 14:18:56 | 000,450,175 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\tasche.jpg [2011.10.17 11:53:04 | 000,281,865 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Bild002.jpg [2011.10.16 16:28:33 | 000,086,374 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Unbenannt.bmp [2011.10.15 22:33:06 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2011.10.11 19:35:10 | 000,445,795 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Bild003.jpg [2011.10.11 15:00:01 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2011.09.29 23:45:22 | 000,003,268 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.09.29 20:04:28 | 000,000,726 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Desktop\DeepBurner.lnk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.18 15:21:35 | 000,450,175 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\tasche.jpg [2011.10.18 00:25:26 | 000,317,847 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Desktop\02.jpg [2011.10.18 00:25:26 | 000,287,214 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Desktop\01.jpg [2011.10.17 12:54:43 | 000,445,795 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Bild003.jpg [2011.10.17 12:54:43 | 000,387,116 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Bild004.jpg [2011.10.17 12:54:42 | 000,364,859 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Bild001.jpg [2011.10.17 12:54:42 | 000,281,865 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Bild002.jpg [2011.10.17 12:54:41 | 000,299,219 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Bild000.jpg [2011.10.16 16:28:33 | 000,086,374 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Unbenannt.bmp [2011.10.15 22:33:06 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2011.09.29 20:04:28 | 000,000,726 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Desktop\DeepBurner.lnk [2011.08.11 13:31:47 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2011.08.10 16:25:11 | 000,183,040 | ---- | C] () -- C:\WINDOWS\PI.EXE [2011.07.12 15:37:48 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe [2011.04.20 11:47:43 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Loewe_4.ini [2010.12.25 23:33:45 | 000,000,329 | ---- | C] () -- C:\WINDOWS\cncscore.ini [2010.12.06 23:58:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll [2010.05.09 15:01:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2010.05.09 15:01:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2010.05.09 15:01:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2010.05.09 14:59:43 | 000,000,035 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2010.02.21 20:55:35 | 000,507,904 | ---- | C] () -- C:\WINDOWS\Silent Hunter II remove.exe [2010.02.21 20:42:36 | 000,000,526 | ---- | C] () -- C:\WINDOWS\eReg.dat [2009.11.08 15:39:25 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009.10.10 21:50:29 | 000,068,960 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2009.10.10 00:51:53 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe [2009.10.10 00:38:32 | 000,003,268 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009.10.09 23:44:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.08.26 19:38:22 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.07.05 22:37:54 | 000,344,064 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe [2009.07.05 22:37:54 | 000,114,688 | ---- | C] () -- C:\WINDOWS\tsnpstd3.exe [2009.07.05 22:37:53 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini [2009.07.05 22:37:52 | 008,410,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd3.sys [2009.07.05 22:37:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd3.exe [2009.06.20 09:56:36 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2009.06.14 15:23:58 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2009.06.09 23:11:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009.06.09 21:51:21 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2009.06.09 21:26:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.06.09 21:25:50 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.06.09 21:11:26 | 000,060,416 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.09 20:49:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009.06.09 20:44:18 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.09.22 15:43:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2004.08.04 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.08.04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.04 14:00:00 | 000,405,448 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004.08.04 14:00:00 | 000,392,432 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.08.04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.04 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.04 14:00:00 | 000,070,778 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004.08.04 14:00:00 | 000,058,732 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.08.04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.04 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.08.04 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.08.04 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004.08.04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003.02.03 05:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll ========== LOP Check ========== [2010.11.23 16:51:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2010.11.23 17:00:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro [2010.07.16 01:14:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2011.01.27 22:25:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2009.06.09 21:51:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier [2011.01.27 22:29:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2011.01.27 22:32:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2010.12.30 11:46:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhotoShow [2010.12.30 11:46:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhotoShow Shared Assets [2011.01.29 19:46:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.11.23 16:56:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\DAEMON Tools Lite [2010.11.23 17:00:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\DAEMON Tools Pro [2011.09.29 20:10:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\DeepBurner [2009.06.14 19:11:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\FileZilla [2011.10.25 08:39:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\ICQ [2011.10.23 02:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Meine Die Schlacht um Mittelerde-Dateien [2009.10.14 14:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\OpenOffice.org [2011.01.27 22:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\PC Suite [2010.11.29 00:36:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Red Alert 3 [2011.01.29 20:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\SharePod [2010.12.30 11:46:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Simple Star [2011.08.28 22:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\TS3Client [2010.12.20 22:16:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\VSO [2010.01.19 23:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\WAtomic [2011.09.21 12:51:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Ycigy [2011.10.24 00:28:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Zenay ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.06.16 22:55:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Adobe [2011.01.29 19:50:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Apple Computer [2011.10.15 22:33:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Avira [2009.07.05 19:54:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\CyberLink [2010.11.23 16:56:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\DAEMON Tools Lite [2010.11.23 17:00:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\DAEMON Tools Pro [2011.09.29 20:10:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\DeepBurner [2011.04.17 11:59:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\dvdcss [2009.06.14 19:11:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\FileZilla [2011.08.25 01:00:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Help [2011.10.25 08:39:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\ICQ [2009.06.09 20:51:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Identities [2010.05.07 19:25:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\InstallShield [2009.06.09 22:00:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Macromedia [2010.12.25 20:31:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Malwarebytes [2011.10.23 02:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Meine Die Schlacht um Mittelerde-Dateien [2010.12.25 20:21:10 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Microsoft [2009.06.09 23:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla [2009.10.14 14:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\OpenOffice.org [2011.01.27 22:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\PC Suite [2009.06.14 16:03:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Real [2010.11.29 00:36:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Red Alert 3 [2010.12.30 11:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Roxio [2009.09.21 10:04:25 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\SecuROM [2011.01.29 20:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\SharePod [2010.12.30 11:46:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Simple Star [2011.10.23 21:44:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Skype [2011.10.20 22:45:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\skypePM [2009.06.28 03:02:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Sun [2011.08.28 22:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\TS3Client [2011.10.07 23:59:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\vlc [2010.12.20 22:16:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\VSO [2010.01.19 23:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\WAtomic [2009.11.12 23:13:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\WinRAR [2011.09.21 12:51:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Ycigy [2011.10.24 00:28:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Zenay < %APPDATA%\*.exe /s > [2010.07.29 14:14:43 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe [2010.07.29 14:14:43 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe [2010.07.29 14:14:43 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe [2010.03.29 08:53:22 | 000,029,984 | ---- | M] (NOS Microsystems Ltd.) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe [2010.10.22 00:51:28 | 000,175,616 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Ycigy\giva.exe < %SYSTEMDRIVE%\*.exe > [2001.05.24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE < MD5 for: AGP440.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2009.06.09 22:04:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2009.06.09 22:04:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2009.06.09 22:04:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2009.06.09 22:04:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.11.23 16:52:02 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2009.06.09 22:25:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2009.06.09 22:25:23 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009.06.09 22:25:23 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
|
25.10.2011, 12:35
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..network.proxy.ftp: " 84.72.71.238"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: " 84.72.71.238"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "184.106.213.192"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.socks: " 84.72.71.238"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: " 84.72.71.238"
FF - prefs.js..network.proxy.ssl_port: 80
[2011.09.29 19:21:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)
[2011.08.31 18:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2011.08.31 18:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI
[2011.10.21 17:41:59 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-1.xml
[2011.06.22 21:58:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-10.xml
[2011.08.24 12:50:07 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-11.xml
[2011.08.31 18:13:27 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-12.xml
[2011.09.01 10:40:41 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-13.xml
[2011.09.07 19:54:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-14.xml
[2011.09.29 17:38:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-15.xml
[2010.10.29 16:03:27 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-2.xml
[2010.12.11 15:08:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-3.xml
[2011.03.03 23:41:31 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-4.xml
[2011.03.06 10:43:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-5.xml
[2011.03.24 09:34:23 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-6.xml
[2011.05.01 01:36:09 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-7.xml
[2011.06.04 19:55:23 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-8.xml
[2011.06.22 16:00:15 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-9.xml
[2010.07.23 12:16:59 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe File not found
O4 - HKCU..\Run: [giva.exe] C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Ycigy\giva.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.09 20:47:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[2011.09.21 12:51:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Ycigy
[2011.10.24 00:28:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Zenay
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2011, 12:57
| #9 |
| | Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner Hier das Log: All processes killed ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" removed from browser.search.defaulturl Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" removed from keyword.URL Prefs.js: " 84.72.71.238" removed from network.proxy.ftp Prefs.js: 80 removed from network.proxy.ftp_port Prefs.js: " 84.72.71.238" removed from network.proxy.gopher Prefs.js: 80 removed from network.proxy.gopher_port Prefs.js: "184.106.213.192" removed from network.proxy.http Prefs.js: 80 removed from network.proxy.http_port Prefs.js: " 84.72.71.238" removed from network.proxy.socks Prefs.js: 80 removed from network.proxy.socks_port Prefs.js: " 84.72.71.238" removed from network.proxy.ssl Prefs.js: 80 removed from network.proxy.ssl_port C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\search_engine(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\META-INF(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\defaults(2)\preferences(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\defaults(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\components(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\skin(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\tr(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\sk(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\ru(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\it(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\he(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\fr(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\es(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\en-US(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\de(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\cs(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\bg(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\content(2)\img(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\content(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2) folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions folder moved successfully. Folder C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI\ not found. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-1.xml moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-10.xml moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-11.xml moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-12.xml moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-13.xml moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-14.xml moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-15.xml moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-2.xml moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-3.xml moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-4.xml moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-5.xml moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-6.xml moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-7.xml moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-8.xml moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-9.xml moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7e111a5c-3d11-4f56-9463-5310c3c69025} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CameraFixer deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\giva.exe deleted successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Ycigy\giva.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\AUTOEXEC.BAT moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Ycigy folder moved successfully. C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Zenay folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49554 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 194364 bytes User: Simon ->Temp folder emptied: 1109614999 bytes ->Temporary Internet Files folder emptied: 14635328 bytes ->Java cache emptied: 59692065 bytes ->FireFox cache emptied: 1172803213 bytes ->Flash cache emptied: 190612 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2134333 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1923205 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2.252,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 10252011_134030 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot. Registry entries deleted on Reboot... Tante Edith sagt: ESET findet nichts mehr und es wird mir das erste mal nach dem Scan '' Anwendung nach dem Schließen deinstallieren'' angezeigt!  Geändert von KWKMH (25.10.2011 um 13:03 Uhr) |
|
25.10.2011, 14:38
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2011, 15:36
| #11 |
| | Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner Hier das Log: 16:32:37.0500 1932 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21 16:32:37.0609 1932 ============================================================ 16:32:37.0609 1932 Current date / time: 2011/10/25 16:32:37.0609 16:32:37.0609 1932 SystemInfo: 16:32:37.0609 1932 16:32:37.0609 1932 OS Version: 5.1.2600 ServicePack: 3.0 16:32:37.0609 1932 Product type: Workstation 16:32:37.0609 1932 ComputerName: SIMON-14D0750F1 16:32:37.0609 1932 UserName: Simon 16:32:37.0609 1932 Windows directory: C:\WINDOWS 16:32:37.0609 1932 System windows directory: C:\WINDOWS 16:32:37.0609 1932 Processor architecture: Intel x86 16:32:37.0609 1932 Number of processors: 1 16:32:37.0609 1932 Page size: 0x1000 16:32:37.0609 1932 Boot type: Normal boot 16:32:37.0609 1932 ============================================================ 16:32:38.0750 1932 Initialize success 16:33:21.0062 1232 ============================================================ 16:33:21.0062 1232 Scan started 16:33:21.0062 1232 Mode: Manual; SigCheck; TDLFS; 16:33:21.0062 1232 ============================================================ 16:33:21.0296 1232 Abiosdsk - ok 16:33:21.0312 1232 abp480n5 - ok 16:33:21.0375 1232 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 16:33:22.0046 1232 ACPI ( UnsignedFile.Multi.Generic ) - warning 16:33:22.0046 1232 ACPI - detected UnsignedFile.Multi.Generic (1) 16:33:22.0140 1232 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 16:33:22.0156 1232 ACPIEC ( UnsignedFile.Multi.Generic ) - warning 16:33:22.0156 1232 ACPIEC - detected UnsignedFile.Multi.Generic (1) 16:33:22.0187 1232 adpu160m - ok 16:33:22.0281 1232 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys 16:33:22.0296 1232 aeaudio ( UnsignedFile.Multi.Generic ) - warning 16:33:22.0296 1232 aeaudio - detected UnsignedFile.Multi.Generic (1) 16:33:22.0328 1232 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 16:33:22.0343 1232 aec ( UnsignedFile.Multi.Generic ) - warning 16:33:22.0343 1232 aec - detected UnsignedFile.Multi.Generic (1) 16:33:22.0437 1232 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 16:33:22.0468 1232 AFD ( UnsignedFile.Multi.Generic ) - warning 16:33:22.0468 1232 AFD - detected UnsignedFile.Multi.Generic (1) 16:33:22.0515 1232 Aha154x - ok 16:33:22.0562 1232 aic78u2 - ok 16:33:22.0609 1232 aic78xx - ok 16:33:22.0656 1232 AliIde - ok 16:33:22.0687 1232 amsint - ok 16:33:22.0718 1232 asc - ok 16:33:22.0734 1232 asc3350p - ok 16:33:22.0750 1232 asc3550 - ok 16:33:22.0796 1232 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16:33:22.0812 1232 AsyncMac ( UnsignedFile.Multi.Generic ) - warning 16:33:22.0812 1232 AsyncMac - detected UnsignedFile.Multi.Generic (1) 16:33:22.0890 1232 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 16:33:22.0906 1232 atapi ( UnsignedFile.Multi.Generic ) - warning 16:33:22.0906 1232 atapi - detected UnsignedFile.Multi.Generic (1) 16:33:22.0968 1232 Atdisk - ok 16:33:23.0031 1232 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 16:33:23.0046 1232 Atmarpc ( UnsignedFile.Multi.Generic ) - warning 16:33:23.0046 1232 Atmarpc - detected UnsignedFile.Multi.Generic (1) 16:33:23.0156 1232 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 16:33:23.0156 1232 audstub ( UnsignedFile.Multi.Generic ) - warning 16:33:23.0156 1232 audstub - detected UnsignedFile.Multi.Generic (1) 16:33:23.0234 1232 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 16:33:23.0328 1232 avgntflt - ok 16:33:23.0421 1232 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys 16:33:23.0437 1232 avipbb - ok 16:33:23.0515 1232 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys 16:33:23.0531 1232 avkmgr - ok 16:33:23.0593 1232 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 16:33:23.0609 1232 Beep ( UnsignedFile.Multi.Generic ) - warning 16:33:23.0609 1232 Beep - detected UnsignedFile.Multi.Generic (1) 16:33:23.0703 1232 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 16:33:23.0734 1232 cbidf2k ( UnsignedFile.Multi.Generic ) - warning 16:33:23.0734 1232 cbidf2k - detected UnsignedFile.Multi.Generic (1) 16:33:23.0812 1232 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 16:33:23.0812 1232 CCDECODE ( UnsignedFile.Multi.Generic ) - warning 16:33:23.0812 1232 CCDECODE - detected UnsignedFile.Multi.Generic (1) 16:33:23.0859 1232 cd20xrnt - ok 16:33:23.0937 1232 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 16:33:23.0953 1232 Cdaudio ( UnsignedFile.Multi.Generic ) - warning 16:33:23.0953 1232 Cdaudio - detected UnsignedFile.Multi.Generic (1) 16:33:24.0046 1232 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 16:33:24.0046 1232 Cdfs ( UnsignedFile.Multi.Generic ) - warning 16:33:24.0046 1232 Cdfs - detected UnsignedFile.Multi.Generic (1) 16:33:24.0140 1232 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 16:33:24.0156 1232 Cdrom ( UnsignedFile.Multi.Generic ) - warning 16:33:24.0156 1232 Cdrom - detected UnsignedFile.Multi.Generic (1) 16:33:24.0187 1232 Changer - ok 16:33:24.0250 1232 CmdIde - ok 16:33:24.0296 1232 Cpqarray - ok 16:33:24.0312 1232 dac2w2k - ok 16:33:24.0328 1232 dac960nt - ok 16:33:24.0390 1232 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 16:33:24.0421 1232 Disk ( UnsignedFile.Multi.Generic ) - warning 16:33:24.0421 1232 Disk - detected UnsignedFile.Multi.Generic (1) 16:33:24.0515 1232 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 16:33:24.0593 1232 dmboot ( UnsignedFile.Multi.Generic ) - warning 16:33:24.0593 1232 dmboot - detected UnsignedFile.Multi.Generic (1) 16:33:24.0687 1232 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 16:33:24.0718 1232 dmio ( UnsignedFile.Multi.Generic ) - warning 16:33:24.0718 1232 dmio - detected UnsignedFile.Multi.Generic (1) 16:33:24.0765 1232 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 16:33:24.0781 1232 dmload ( UnsignedFile.Multi.Generic ) - warning 16:33:24.0781 1232 dmload - detected UnsignedFile.Multi.Generic (1) 16:33:24.0875 1232 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 16:33:24.0890 1232 DMusic ( UnsignedFile.Multi.Generic ) - warning 16:33:24.0890 1232 DMusic - detected UnsignedFile.Multi.Generic (1) 16:33:24.0953 1232 dpti2o - ok 16:33:25.0000 1232 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 16:33:25.0015 1232 drmkaud ( UnsignedFile.Multi.Generic ) - warning 16:33:25.0015 1232 drmkaud - detected UnsignedFile.Multi.Generic (1) 16:33:25.0093 1232 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys 16:33:25.0109 1232 E100B ( UnsignedFile.Multi.Generic ) - warning 16:33:25.0109 1232 E100B - detected UnsignedFile.Multi.Generic (1) 16:33:25.0234 1232 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 16:33:25.0250 1232 Fastfat ( UnsignedFile.Multi.Generic ) - warning 16:33:25.0250 1232 Fastfat - detected UnsignedFile.Multi.Generic (1) 16:33:25.0343 1232 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 16:33:25.0359 1232 Fdc ( UnsignedFile.Multi.Generic ) - warning 16:33:25.0359 1232 Fdc - detected UnsignedFile.Multi.Generic (1) 16:33:25.0421 1232 FilterService (c9993169e75e75e8f2f450b172ddf814) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys 16:33:25.0421 1232 FilterService - ok 16:33:25.0500 1232 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 16:33:25.0515 1232 Fips ( UnsignedFile.Multi.Generic ) - warning 16:33:25.0515 1232 Fips - detected UnsignedFile.Multi.Generic (1) 16:33:25.0546 1232 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 16:33:25.0562 1232 Flpydisk ( UnsignedFile.Multi.Generic ) - warning 16:33:25.0562 1232 Flpydisk - detected UnsignedFile.Multi.Generic (1) 16:33:25.0640 1232 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 16:33:25.0703 1232 FltMgr ( UnsignedFile.Multi.Generic ) - warning 16:33:25.0703 1232 FltMgr - detected UnsignedFile.Multi.Generic (1) 16:33:25.0781 1232 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 16:33:25.0796 1232 Fs_Rec ( UnsignedFile.Multi.Generic ) - warning 16:33:25.0796 1232 Fs_Rec - detected UnsignedFile.Multi.Generic (1) 16:33:25.0906 1232 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 16:33:25.0921 1232 Ftdisk ( UnsignedFile.Multi.Generic ) - warning 16:33:25.0921 1232 Ftdisk - detected UnsignedFile.Multi.Generic (1) 16:33:26.0015 1232 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 16:33:26.0015 1232 GEARAspiWDM - ok 16:33:26.0078 1232 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 16:33:26.0109 1232 Gpc ( UnsignedFile.Multi.Generic ) - warning 16:33:26.0109 1232 Gpc - detected UnsignedFile.Multi.Generic (1) 16:33:26.0203 1232 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 16:33:26.0203 1232 hidusb ( UnsignedFile.Multi.Generic ) - warning 16:33:26.0203 1232 hidusb - detected UnsignedFile.Multi.Generic (1) 16:33:26.0250 1232 hpn - ok 16:33:26.0343 1232 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 16:33:26.0359 1232 HTTP ( UnsignedFile.Multi.Generic ) - warning 16:33:26.0359 1232 HTTP - detected UnsignedFile.Multi.Generic (1) 16:33:26.0421 1232 i2omgmt - ok 16:33:26.0453 1232 i2omp - ok 16:33:26.0500 1232 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 16:33:26.0515 1232 i8042prt ( UnsignedFile.Multi.Generic ) - warning 16:33:26.0515 1232 i8042prt - detected UnsignedFile.Multi.Generic (1) 16:33:26.0625 1232 ialm (16f8de7a7f9023aac04dec6a8a264441) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 16:33:26.0687 1232 ialm ( UnsignedFile.Multi.Generic ) - warning 16:33:26.0687 1232 ialm - detected UnsignedFile.Multi.Generic (1) 16:33:26.0781 1232 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 16:33:26.0796 1232 Imapi ( UnsignedFile.Multi.Generic ) - warning 16:33:26.0796 1232 Imapi - detected UnsignedFile.Multi.Generic (1) 16:33:26.0859 1232 ini910u - ok 16:33:26.0937 1232 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys 16:33:26.0953 1232 IntelIde ( UnsignedFile.Multi.Generic ) - warning 16:33:26.0953 1232 IntelIde - detected UnsignedFile.Multi.Generic (1) 16:33:27.0046 1232 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys 16:33:27.0062 1232 intelppm ( UnsignedFile.Multi.Generic ) - warning 16:33:27.0062 1232 intelppm - detected UnsignedFile.Multi.Generic (1) 16:33:27.0156 1232 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 16:33:27.0171 1232 Ip6Fw ( UnsignedFile.Multi.Generic ) - warning 16:33:27.0171 1232 Ip6Fw - detected UnsignedFile.Multi.Generic (1) 16:33:27.0234 1232 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 16:33:27.0234 1232 IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning 16:33:27.0234 1232 IpFilterDriver - detected UnsignedFile.Multi.Generic (1) 16:33:27.0328 1232 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 16:33:27.0343 1232 IpInIp ( UnsignedFile.Multi.Generic ) - warning 16:33:27.0343 1232 IpInIp - detected UnsignedFile.Multi.Generic (1) 16:33:27.0437 1232 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 16:33:27.0453 1232 IpNat ( UnsignedFile.Multi.Generic ) - warning 16:33:27.0453 1232 IpNat - detected UnsignedFile.Multi.Generic (1) 16:33:27.0546 1232 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 16:33:27.0546 1232 IPSec ( UnsignedFile.Multi.Generic ) - warning 16:33:27.0546 1232 IPSec - detected UnsignedFile.Multi.Generic (1) 16:33:27.0593 1232 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 16:33:27.0609 1232 IRENUM ( UnsignedFile.Multi.Generic ) - warning 16:33:27.0609 1232 IRENUM - detected UnsignedFile.Multi.Generic (1) 16:33:27.0718 1232 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 16:33:27.0718 1232 isapnp ( UnsignedFile.Multi.Generic ) - warning 16:33:27.0718 1232 isapnp - detected UnsignedFile.Multi.Generic (1) 16:33:27.0796 1232 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 16:33:27.0812 1232 Kbdclass ( UnsignedFile.Multi.Generic ) - warning 16:33:27.0812 1232 Kbdclass - detected UnsignedFile.Multi.Generic (1) 16:33:27.0875 1232 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 16:33:27.0890 1232 kmixer ( UnsignedFile.Multi.Generic ) - warning 16:33:27.0890 1232 kmixer - detected UnsignedFile.Multi.Generic (1) 16:33:27.0984 1232 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 16:33:28.0000 1232 KSecDD ( UnsignedFile.Multi.Generic ) - warning 16:33:28.0000 1232 KSecDD - detected UnsignedFile.Multi.Generic (1) 16:33:28.0062 1232 lbrtfdc - ok 16:33:28.0156 1232 LVPr2Mon (9af4d60b777832834e6fe424ede60fcd) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 16:33:28.0156 1232 LVPr2Mon - ok 16:33:28.0265 1232 LVRS (c0bb2a314dbf04cfde45868ddeee204d) C:\WINDOWS\system32\DRIVERS\lvrs.sys 16:33:28.0328 1232 LVRS - ok 16:33:28.0421 1232 LVUSBSta (c77adb4c1c0767e2e7b2c54375cd7a09) C:\WINDOWS\system32\drivers\LVUSBSta.sys 16:33:28.0421 1232 LVUSBSta - ok 16:33:28.0609 1232 LVUVC (cb971e3cba88339e43625f16d1cb9f1b) C:\WINDOWS\system32\DRIVERS\lvuvc.sys 16:33:28.0859 1232 LVUVC - ok 16:33:28.0968 1232 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 16:33:28.0984 1232 mnmdd ( UnsignedFile.Multi.Generic ) - warning 16:33:28.0984 1232 mnmdd - detected UnsignedFile.Multi.Generic (1) 16:33:29.0062 1232 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 16:33:29.0062 1232 Modem ( UnsignedFile.Multi.Generic ) - warning 16:33:29.0062 1232 Modem - detected UnsignedFile.Multi.Generic (1) 16:33:29.0125 1232 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 16:33:29.0140 1232 Mouclass ( UnsignedFile.Multi.Generic ) - warning 16:33:29.0140 1232 Mouclass - detected UnsignedFile.Multi.Generic (1) 16:33:29.0234 1232 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 16:33:29.0234 1232 mouhid ( UnsignedFile.Multi.Generic ) - warning 16:33:29.0234 1232 mouhid - detected UnsignedFile.Multi.Generic (1) 16:33:29.0312 1232 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 16:33:29.0343 1232 MountMgr ( UnsignedFile.Multi.Generic ) - warning 16:33:29.0343 1232 MountMgr - detected UnsignedFile.Multi.Generic (1) 16:33:29.0359 1232 mraid35x - ok 16:33:29.0437 1232 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 16:33:29.0453 1232 MRxDAV ( UnsignedFile.Multi.Generic ) - warning 16:33:29.0453 1232 MRxDAV - detected UnsignedFile.Multi.Generic (1) 16:33:29.0546 1232 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 16:33:29.0625 1232 MRxSmb ( UnsignedFile.Multi.Generic ) - warning 16:33:29.0625 1232 MRxSmb - detected UnsignedFile.Multi.Generic (1) 16:33:29.0718 1232 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 16:33:29.0734 1232 Msfs ( UnsignedFile.Multi.Generic ) - warning 16:33:29.0734 1232 Msfs - detected UnsignedFile.Multi.Generic (1) 16:33:29.0828 1232 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 16:33:29.0859 1232 MSKSSRV ( UnsignedFile.Multi.Generic ) - warning 16:33:29.0859 1232 MSKSSRV - detected UnsignedFile.Multi.Generic (1) 16:33:29.0953 1232 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 16:33:29.0953 1232 MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning 16:33:29.0953 1232 MSPCLOCK - detected UnsignedFile.Multi.Generic (1) 16:33:30.0046 1232 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 16:33:30.0062 1232 MSPQM ( UnsignedFile.Multi.Generic ) - warning 16:33:30.0062 1232 MSPQM - detected UnsignedFile.Multi.Generic (1) 16:33:30.0187 1232 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16:33:30.0203 1232 mssmbios ( UnsignedFile.Multi.Generic ) - warning 16:33:30.0203 1232 mssmbios - detected UnsignedFile.Multi.Generic (1) 16:33:30.0296 1232 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 16:33:30.0328 1232 MSTEE ( UnsignedFile.Multi.Generic ) - warning 16:33:30.0328 1232 MSTEE - detected UnsignedFile.Multi.Generic (1) 16:33:30.0406 1232 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 16:33:30.0406 1232 Mup ( UnsignedFile.Multi.Generic ) - warning 16:33:30.0406 1232 Mup - detected UnsignedFile.Multi.Generic (1) 16:33:30.0515 1232 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 16:33:30.0531 1232 NABTSFEC ( UnsignedFile.Multi.Generic ) - warning 16:33:30.0531 1232 NABTSFEC - detected UnsignedFile.Multi.Generic (1) 16:33:30.0640 1232 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 16:33:30.0671 1232 NDIS ( UnsignedFile.Multi.Generic ) - warning 16:33:30.0671 1232 NDIS - detected UnsignedFile.Multi.Generic (1) 16:33:30.0750 1232 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 16:33:30.0781 1232 NdisIP ( UnsignedFile.Multi.Generic ) - warning 16:33:30.0781 1232 NdisIP - detected UnsignedFile.Multi.Generic (1) 16:33:30.0828 1232 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 16:33:30.0843 1232 NdisTapi ( UnsignedFile.Multi.Generic ) - warning 16:33:30.0843 1232 NdisTapi - detected UnsignedFile.Multi.Generic (1) 16:33:30.0890 1232 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16:33:30.0906 1232 Ndisuio ( UnsignedFile.Multi.Generic ) - warning 16:33:30.0906 1232 Ndisuio - detected UnsignedFile.Multi.Generic (1) 16:33:30.0968 1232 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 16:33:30.0984 1232 NdisWan ( UnsignedFile.Multi.Generic ) - warning 16:33:30.0984 1232 NdisWan - detected UnsignedFile.Multi.Generic (1) 16:33:31.0046 1232 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 16:33:31.0062 1232 NDProxy ( UnsignedFile.Multi.Generic ) - warning 16:33:31.0062 1232 NDProxy - detected UnsignedFile.Multi.Generic (1) 16:33:31.0125 1232 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 16:33:31.0140 1232 NetBIOS ( UnsignedFile.Multi.Generic ) - warning 16:33:31.0140 1232 NetBIOS - detected UnsignedFile.Multi.Generic (1) 16:33:31.0218 1232 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 16:33:31.0234 1232 NetBT ( UnsignedFile.Multi.Generic ) - warning 16:33:31.0234 1232 NetBT - detected UnsignedFile.Multi.Generic (1) 16:33:31.0343 1232 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys 16:33:31.0359 1232 nmwcd ( UnsignedFile.Multi.Generic ) - warning 16:33:31.0359 1232 nmwcd - detected UnsignedFile.Multi.Generic (1) 16:33:31.0406 1232 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys 16:33:31.0421 1232 nmwcdc ( UnsignedFile.Multi.Generic ) - warning 16:33:31.0421 1232 nmwcdc - detected UnsignedFile.Multi.Generic (1) 16:33:31.0515 1232 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 16:33:31.0546 1232 Npfs ( UnsignedFile.Multi.Generic ) - warning 16:33:31.0546 1232 Npfs - detected UnsignedFile.Multi.Generic (1) 16:33:31.0609 1232 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 16:33:31.0687 1232 Ntfs ( UnsignedFile.Multi.Generic ) - warning 16:33:31.0687 1232 Ntfs - detected UnsignedFile.Multi.Generic (1) 16:33:31.0781 1232 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 16:33:31.0812 1232 Null ( UnsignedFile.Multi.Generic ) - warning 16:33:31.0812 1232 Null - detected UnsignedFile.Multi.Generic (1) 16:33:31.0890 1232 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 16:33:31.0921 1232 NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning 16:33:31.0921 1232 NwlnkFlt - detected UnsignedFile.Multi.Generic (1) 16:33:32.0015 1232 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 16:33:32.0031 1232 NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning 16:33:32.0031 1232 NwlnkFwd - detected UnsignedFile.Multi.Generic (1) 16:33:32.0125 1232 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 16:33:32.0140 1232 Parport ( UnsignedFile.Multi.Generic ) - warning 16:33:32.0140 1232 Parport - detected UnsignedFile.Multi.Generic (1) 16:33:32.0234 1232 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 16:33:32.0250 1232 PartMgr ( UnsignedFile.Multi.Generic ) - warning 16:33:32.0250 1232 PartMgr - detected UnsignedFile.Multi.Generic (1) 16:33:32.0343 1232 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 16:33:32.0359 1232 ParVdm ( UnsignedFile.Multi.Generic ) - warning 16:33:32.0359 1232 ParVdm - detected UnsignedFile.Multi.Generic (1) 16:33:32.0437 1232 pccsmcfd - ok 16:33:32.0500 1232 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 16:33:32.0515 1232 PCI ( UnsignedFile.Multi.Generic ) - warning 16:33:32.0515 1232 PCI - detected UnsignedFile.Multi.Generic (1) 16:33:32.0609 1232 PCIDump - ok 16:33:32.0671 1232 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\drivers\PCIIde.sys 16:33:32.0687 1232 PCIIde ( UnsignedFile.Multi.Generic ) - warning 16:33:32.0687 1232 PCIIde - detected UnsignedFile.Multi.Generic (1) 16:33:32.0781 1232 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 16:33:32.0796 1232 Pcmcia ( UnsignedFile.Multi.Generic ) - warning 16:33:32.0796 1232 Pcmcia - detected UnsignedFile.Multi.Generic (1) 16:33:32.0843 1232 PDCOMP - ok 16:33:32.0890 1232 PDFRAME - ok 16:33:32.0906 1232 PDRELI - ok 16:33:32.0921 1232 PDRFRAME - ok 16:33:32.0937 1232 perc2 - ok 16:33:32.0953 1232 perc2hib - ok 16:33:33.0031 1232 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 16:33:33.0046 1232 PptpMiniport ( UnsignedFile.Multi.Generic ) - warning 16:33:33.0046 1232 PptpMiniport - detected UnsignedFile.Multi.Generic (1) 16:33:33.0156 1232 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 16:33:33.0171 1232 PSched ( UnsignedFile.Multi.Generic ) - warning 16:33:33.0171 1232 PSched - detected UnsignedFile.Multi.Generic (1) 16:33:33.0265 1232 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 16:33:33.0265 1232 Ptilink ( UnsignedFile.Multi.Generic ) - warning 16:33:33.0265 1232 Ptilink - detected UnsignedFile.Multi.Generic (1) 16:33:33.0312 1232 ql1080 - ok 16:33:33.0375 1232 Ql10wnt - ok 16:33:33.0390 1232 ql12160 - ok 16:33:33.0406 1232 ql1240 - ok 16:33:33.0421 1232 ql1280 - ok 16:33:33.0468 1232 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 16:33:33.0500 1232 RasAcd ( UnsignedFile.Multi.Generic ) - warning 16:33:33.0500 1232 RasAcd - detected UnsignedFile.Multi.Generic (1) 16:33:33.0593 1232 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 16:33:33.0609 1232 Rasl2tp ( UnsignedFile.Multi.Generic ) - warning 16:33:33.0609 1232 Rasl2tp - detected UnsignedFile.Multi.Generic (1) 16:33:33.0703 1232 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 16:33:33.0718 1232 RasPppoe ( UnsignedFile.Multi.Generic ) - warning 16:33:33.0718 1232 RasPppoe - detected UnsignedFile.Multi.Generic (1) 16:33:33.0812 1232 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 16:33:33.0828 1232 Raspti ( UnsignedFile.Multi.Generic ) - warning 16:33:33.0828 1232 Raspti - detected UnsignedFile.Multi.Generic (1) 16:33:33.0890 1232 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 16:33:33.0906 1232 Rdbss ( UnsignedFile.Multi.Generic ) - warning 16:33:33.0906 1232 Rdbss - detected UnsignedFile.Multi.Generic (1) 16:33:34.0000 1232 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 16:33:34.0000 1232 RDPCDD ( UnsignedFile.Multi.Generic ) - warning 16:33:34.0000 1232 RDPCDD - detected UnsignedFile.Multi.Generic (1) 16:33:34.0078 1232 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 16:33:34.0093 1232 rdpdr ( UnsignedFile.Multi.Generic ) - warning 16:33:34.0093 1232 rdpdr - detected UnsignedFile.Multi.Generic (1) 16:33:34.0156 1232 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 16:33:34.0171 1232 RDPWD ( UnsignedFile.Multi.Generic ) - warning 16:33:34.0171 1232 RDPWD - detected UnsignedFile.Multi.Generic (1) 16:33:34.0234 1232 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 16:33:34.0250 1232 redbook ( UnsignedFile.Multi.Generic ) - warning 16:33:34.0250 1232 redbook - detected UnsignedFile.Multi.Generic (1) 16:33:34.0375 1232 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 16:33:34.0390 1232 Secdrv ( UnsignedFile.Multi.Generic ) - warning 16:33:34.0390 1232 Secdrv - detected UnsignedFile.Multi.Generic (1) 16:33:34.0453 1232 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 16:33:34.0468 1232 serenum ( UnsignedFile.Multi.Generic ) - warning 16:33:34.0468 1232 serenum - detected UnsignedFile.Multi.Generic (1) 16:33:34.0531 1232 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 16:33:34.0546 1232 Serial ( UnsignedFile.Multi.Generic ) - warning 16:33:34.0546 1232 Serial - detected UnsignedFile.Multi.Generic (1) 16:33:34.0640 1232 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys 16:33:34.0640 1232 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning 16:33:34.0656 1232 sfdrv01 - detected UnsignedFile.Multi.Generic (1) 16:33:34.0703 1232 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys 16:33:34.0718 1232 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning 16:33:34.0718 1232 sfhlp02 - detected UnsignedFile.Multi.Generic (1) 16:33:34.0828 1232 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 16:33:34.0843 1232 Sfloppy ( UnsignedFile.Multi.Generic ) - warning 16:33:34.0843 1232 Sfloppy - detected UnsignedFile.Multi.Generic (1) 16:33:34.0953 1232 sfsync03 (344b5af83cca5377752b8855d4324e69) C:\WINDOWS\system32\drivers\sfsync03.sys 16:33:34.0968 1232 sfsync03 ( UnsignedFile.Multi.Generic ) - warning 16:33:34.0968 1232 sfsync03 - detected UnsignedFile.Multi.Generic (1) 16:33:35.0046 1232 Simbad - ok 16:33:35.0093 1232 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 16:33:35.0125 1232 SLIP ( UnsignedFile.Multi.Generic ) - warning 16:33:35.0125 1232 SLIP - detected UnsignedFile.Multi.Generic (1) 16:33:35.0218 1232 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys 16:33:35.0359 1232 smwdm ( UnsignedFile.Multi.Generic ) - warning 16:33:35.0359 1232 smwdm - detected UnsignedFile.Multi.Generic (1) 16:33:37.0093 1232 SNPSTD3 (de2dc31ed0b921c223691462059f7183) C:\WINDOWS\system32\DRIVERS\snpstd3.sys 16:33:39.0234 1232 SNPSTD3 ( UnsignedFile.Multi.Generic ) - warning 16:33:39.0234 1232 SNPSTD3 - detected UnsignedFile.Multi.Generic (1) 16:33:39.0281 1232 Sparrow - ok 16:33:39.0343 1232 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 16:33:39.0359 1232 splitter ( UnsignedFile.Multi.Generic ) - warning 16:33:39.0359 1232 splitter - detected UnsignedFile.Multi.Generic (1) 16:33:39.0500 1232 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 16:33:39.0500 1232 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 16:33:39.0500 1232 sptd ( LockedFile.Multi.Generic ) - warning 16:33:39.0500 1232 sptd - detected LockedFile.Multi.Generic (1) 16:33:39.0546 1232 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 16:33:39.0578 1232 sr ( UnsignedFile.Multi.Generic ) - warning 16:33:39.0578 1232 sr - detected UnsignedFile.Multi.Generic (1) 16:33:39.0656 1232 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys 16:33:39.0687 1232 Srv ( UnsignedFile.Multi.Generic ) - warning 16:33:39.0687 1232 Srv - detected UnsignedFile.Multi.Generic (1) 16:33:39.0781 1232 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 16:33:39.0781 1232 ssmdrv - ok 16:33:39.0906 1232 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 16:33:39.0921 1232 streamip ( UnsignedFile.Multi.Generic ) - warning 16:33:39.0921 1232 streamip - detected UnsignedFile.Multi.Generic (1) 16:33:39.0984 1232 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 16:33:39.0984 1232 swenum ( UnsignedFile.Multi.Generic ) - warning 16:33:39.0984 1232 swenum - detected UnsignedFile.Multi.Generic (1) 16:33:40.0078 1232 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 16:33:40.0093 1232 swmidi ( UnsignedFile.Multi.Generic ) - warning 16:33:40.0093 1232 swmidi - detected UnsignedFile.Multi.Generic (1) 16:33:40.0125 1232 symc810 - ok 16:33:40.0171 1232 symc8xx - ok 16:33:40.0203 1232 sym_hi - ok 16:33:40.0265 1232 sym_u3 - ok 16:33:40.0296 1232 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 16:33:40.0312 1232 sysaudio ( UnsignedFile.Multi.Generic ) - warning 16:33:40.0312 1232 sysaudio - detected UnsignedFile.Multi.Generic (1) 16:33:40.0421 1232 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 16:33:40.0500 1232 Tcpip ( UnsignedFile.Multi.Generic ) - warning 16:33:40.0500 1232 Tcpip - detected UnsignedFile.Multi.Generic (1) 16:33:40.0609 1232 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 16:33:40.0640 1232 TDPIPE ( UnsignedFile.Multi.Generic ) - warning 16:33:40.0640 1232 TDPIPE - detected UnsignedFile.Multi.Generic (1) 16:33:40.0671 1232 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 16:33:40.0671 1232 TDTCP ( UnsignedFile.Multi.Generic ) - warning 16:33:40.0671 1232 TDTCP - detected UnsignedFile.Multi.Generic (1) 16:33:40.0765 1232 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 16:33:40.0796 1232 TermDD ( UnsignedFile.Multi.Generic ) - warning 16:33:40.0796 1232 TermDD - detected UnsignedFile.Multi.Generic (1) 16:33:40.0843 1232 TosIde - ok 16:33:40.0937 1232 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 16:33:40.0953 1232 Udfs ( UnsignedFile.Multi.Generic ) - warning 16:33:40.0953 1232 Udfs - detected UnsignedFile.Multi.Generic (1) 16:33:40.0968 1232 ultra - ok 16:33:41.0062 1232 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 16:33:41.0125 1232 Update ( UnsignedFile.Multi.Generic ) - warning 16:33:41.0125 1232 Update - detected UnsignedFile.Multi.Generic (1) 16:33:41.0203 1232 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 16:33:41.0218 1232 upperdev ( UnsignedFile.Multi.Generic ) - warning 16:33:41.0218 1232 upperdev - detected UnsignedFile.Multi.Generic (1) 16:33:41.0296 1232 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys 16:33:41.0328 1232 USBAAPL ( UnsignedFile.Multi.Generic ) - warning 16:33:41.0328 1232 USBAAPL - detected UnsignedFile.Multi.Generic (1) 16:33:41.0406 1232 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 16:33:41.0421 1232 usbaudio ( UnsignedFile.Multi.Generic ) - warning 16:33:41.0421 1232 usbaudio - detected UnsignedFile.Multi.Generic (1) 16:33:41.0500 1232 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 16:33:41.0515 1232 usbccgp ( UnsignedFile.Multi.Generic ) - warning 16:33:41.0515 1232 usbccgp - detected UnsignedFile.Multi.Generic (1) 16:33:41.0609 1232 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 16:33:41.0625 1232 usbehci ( UnsignedFile.Multi.Generic ) - warning 16:33:41.0625 1232 usbehci - detected UnsignedFile.Multi.Generic (1) 16:33:41.0703 1232 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 16:33:41.0718 1232 usbhub ( UnsignedFile.Multi.Generic ) - warning 16:33:41.0718 1232 usbhub - detected UnsignedFile.Multi.Generic (1) 16:33:41.0796 1232 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 16:33:41.0828 1232 usbscan ( UnsignedFile.Multi.Generic ) - warning 16:33:41.0828 1232 usbscan - detected UnsignedFile.Multi.Generic (1) 16:33:41.0921 1232 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys 16:33:41.0937 1232 usbser ( UnsignedFile.Multi.Generic ) - warning 16:33:41.0937 1232 usbser - detected UnsignedFile.Multi.Generic (1) 16:33:42.0015 1232 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 16:33:42.0031 1232 UsbserFilt ( UnsignedFile.Multi.Generic ) - warning 16:33:42.0031 1232 UsbserFilt - detected UnsignedFile.Multi.Generic (1) 16:33:42.0140 1232 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:33:42.0156 1232 USBSTOR ( UnsignedFile.Multi.Generic ) - warning 16:33:42.0156 1232 USBSTOR - detected UnsignedFile.Multi.Generic (1) 16:33:42.0250 1232 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 16:33:42.0265 1232 usbuhci ( UnsignedFile.Multi.Generic ) - warning 16:33:42.0265 1232 usbuhci - detected UnsignedFile.Multi.Generic (1) 16:33:42.0359 1232 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 16:33:42.0406 1232 usbvideo ( UnsignedFile.Multi.Generic ) - warning 16:33:42.0406 1232 usbvideo - detected UnsignedFile.Multi.Generic (1) 16:33:42.0515 1232 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 16:33:42.0531 1232 VgaSave ( UnsignedFile.Multi.Generic ) - warning 16:33:42.0531 1232 VgaSave - detected UnsignedFile.Multi.Generic (1) 16:33:42.0593 1232 ViaIde - ok 16:33:42.0656 1232 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 16:33:42.0671 1232 VolSnap ( UnsignedFile.Multi.Generic ) - warning 16:33:42.0671 1232 VolSnap - detected UnsignedFile.Multi.Generic (1) 16:33:42.0781 1232 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 16:33:42.0781 1232 Wanarp ( UnsignedFile.Multi.Generic ) - warning 16:33:42.0781 1232 Wanarp - detected UnsignedFile.Multi.Generic (1) 16:33:42.0890 1232 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 16:33:42.0937 1232 Wdf01000 - ok 16:33:43.0031 1232 WDICA - ok 16:33:43.0093 1232 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 16:33:43.0109 1232 wdmaud ( UnsignedFile.Multi.Generic ) - warning 16:33:43.0109 1232 wdmaud - detected UnsignedFile.Multi.Generic (1) 16:33:43.0234 1232 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 16:33:43.0265 1232 WpdUsb ( UnsignedFile.Multi.Generic ) - warning 16:33:43.0265 1232 WpdUsb - detected UnsignedFile.Multi.Generic (1) 16:33:43.0375 1232 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 16:33:43.0406 1232 WSTCODEC ( UnsignedFile.Multi.Generic ) - warning 16:33:43.0406 1232 WSTCODEC - detected UnsignedFile.Multi.Generic (1) 16:33:43.0468 1232 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 16:33:43.0484 1232 WudfPf ( UnsignedFile.Multi.Generic ) - warning 16:33:43.0484 1232 WudfPf - detected UnsignedFile.Multi.Generic (1) 16:33:43.0562 1232 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 16:33:43.0578 1232 WudfRd ( UnsignedFile.Multi.Generic ) - warning 16:33:43.0578 1232 WudfRd - detected UnsignedFile.Multi.Generic (1) 16:33:43.0640 1232 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 16:33:43.0890 1232 \Device\Harddisk0\DR0 - ok 16:33:43.0921 1232 Boot (0x1200) (b4acdcb8fb3fa8fa9756c11a20aff5e7) \Device\Harddisk0\DR0\Partition0 16:33:43.0921 1232 \Device\Harddisk0\DR0\Partition0 - ok 16:33:43.0921 1232 ============================================================ 16:33:43.0921 1232 Scan finished 16:33:43.0921 1232 ============================================================ 16:33:44.0046 1200 Detected object count: 139 16:33:44.0046 1200 Actual detected object count: 139 16:34:04.0421 1200 ACPI ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0437 1200 ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0437 1200 ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0437 1200 ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0437 1200 aeaudio ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0437 1200 aeaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0437 1200 aec ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0437 1200 aec ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0437 1200 AFD ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0437 1200 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0437 1200 AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0437 1200 AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0437 1200 atapi ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0437 1200 atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0437 1200 Atmarpc ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0437 1200 Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0437 1200 audstub ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0437 1200 audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0437 1200 Beep ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0437 1200 Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0437 1200 cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0437 1200 cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0437 1200 CCDECODE ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0437 1200 CCDECODE ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0437 1200 Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0437 1200 Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0437 1200 Cdfs ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0437 1200 Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0453 1200 Cdrom ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0453 1200 Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0453 1200 Disk ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0453 1200 Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0453 1200 dmboot ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0453 1200 dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0453 1200 dmio ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0453 1200 dmio ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0453 1200 dmload ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0453 1200 dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0453 1200 DMusic ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0453 1200 DMusic ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0453 1200 drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0453 1200 drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0453 1200 E100B ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0453 1200 E100B ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0453 1200 Fastfat ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0453 1200 Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0453 1200 Fdc ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0453 1200 Fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0468 1200 Fips ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0468 1200 Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0468 1200 Flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0468 1200 Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0468 1200 FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0468 1200 FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0468 1200 Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0468 1200 Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0468 1200 Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0468 1200 Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0468 1200 Gpc ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0468 1200 Gpc ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0468 1200 hidusb ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0468 1200 hidusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0468 1200 HTTP ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0468 1200 HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0468 1200 i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0468 1200 i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0468 1200 ialm ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0468 1200 ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0468 1200 Imapi ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0468 1200 Imapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0484 1200 IntelIde ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0484 1200 IntelIde ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0484 1200 intelppm ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0484 1200 intelppm ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0484 1200 Ip6Fw ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0484 1200 Ip6Fw ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0484 1200 IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0484 1200 IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0484 1200 IpInIp ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0484 1200 IpInIp ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0484 1200 IpNat ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0484 1200 IpNat ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0484 1200 IPSec ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0484 1200 IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0484 1200 IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0484 1200 IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0484 1200 isapnp ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0484 1200 isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0484 1200 Kbdclass ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0484 1200 Kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0484 1200 kmixer ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0484 1200 kmixer ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0484 1200 KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0484 1200 KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0484 1200 mnmdd ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0484 1200 mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0484 1200 Modem ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0484 1200 Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0484 1200 Mouclass ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0484 1200 Mouclass ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0500 1200 mouhid ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0500 1200 mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0500 1200 MountMgr ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0500 1200 MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0500 1200 MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0500 1200 MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0500 1200 MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0500 1200 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0500 1200 Msfs ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0500 1200 Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0500 1200 MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0500 1200 MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0500 1200 MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0500 1200 MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0500 1200 MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0500 1200 MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0500 1200 mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0500 1200 mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0500 1200 MSTEE ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0500 1200 MSTEE ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0515 1200 Mup ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0515 1200 Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0515 1200 NABTSFEC ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0515 1200 NABTSFEC ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0515 1200 NDIS ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0515 1200 NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0515 1200 NdisIP ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0515 1200 NdisIP ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0515 1200 NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0515 1200 NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0515 1200 Ndisuio ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0515 1200 Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0515 1200 NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0515 1200 NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0515 1200 NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0515 1200 NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0515 1200 NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0515 1200 NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0515 1200 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0515 1200 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0531 1200 nmwcd ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0531 1200 nmwcd ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0531 1200 nmwcdc ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0531 1200 nmwcdc ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0531 1200 Npfs ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0531 1200 Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0531 1200 Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0531 1200 Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0531 1200 Null ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0531 1200 Null ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0531 1200 NwlnkFlt ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0531 1200 NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0531 1200 NwlnkFwd ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0531 1200 NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0531 1200 Parport ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0531 1200 Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0531 1200 PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0531 1200 PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0531 1200 ParVdm ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0531 1200 ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0531 1200 PCI ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0531 1200 PCI ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0531 1200 PCIIde ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0531 1200 PCIIde ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0546 1200 Pcmcia ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0546 1200 Pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0546 1200 PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0546 1200 PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0546 1200 PSched ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0546 1200 PSched ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0546 1200 Ptilink ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0546 1200 Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0546 1200 RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0546 1200 RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0546 1200 Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0546 1200 Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0546 1200 RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0546 1200 RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0546 1200 Raspti ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0546 1200 Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0546 1200 Rdbss ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0546 1200 Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0546 1200 RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0546 1200 RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0562 1200 rdpdr ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0562 1200 rdpdr ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0562 1200 RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0562 1200 RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0562 1200 redbook ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0562 1200 redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0562 1200 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0562 1200 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0562 1200 serenum ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0562 1200 serenum ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0562 1200 Serial ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0562 1200 Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0562 1200 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0562 1200 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0562 1200 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0562 1200 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0562 1200 Sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0562 1200 Sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0562 1200 sfsync03 ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0562 1200 sfsync03 ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0578 1200 SLIP ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0578 1200 SLIP ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0578 1200 smwdm ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0578 1200 smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0578 1200 SNPSTD3 ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0578 1200 SNPSTD3 ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0578 1200 splitter ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0578 1200 splitter ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0578 1200 sptd ( LockedFile.Multi.Generic ) - skipped by user 16:34:04.0578 1200 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 16:34:04.0578 1200 sr ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0578 1200 sr ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0578 1200 Srv ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0578 1200 Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0578 1200 streamip ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0578 1200 streamip ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0578 1200 swenum ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0578 1200 swenum ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0578 1200 swmidi ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0578 1200 swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0593 1200 sysaudio ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0593 1200 sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0593 1200 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0593 1200 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0593 1200 TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0593 1200 TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0593 1200 TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0593 1200 TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0593 1200 TermDD ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0593 1200 TermDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0593 1200 Udfs ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0593 1200 Udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0593 1200 Update ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0593 1200 Update ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0593 1200 upperdev ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0593 1200 upperdev ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0593 1200 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0593 1200 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0593 1200 usbaudio ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0593 1200 usbaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0609 1200 usbccgp ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0609 1200 usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0609 1200 usbehci ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0609 1200 usbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0609 1200 usbhub ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0609 1200 usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0609 1200 usbscan ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0609 1200 usbscan ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0609 1200 usbser ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0609 1200 usbser ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0609 1200 UsbserFilt ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0609 1200 UsbserFilt ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0609 1200 USBSTOR ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0609 1200 USBSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0609 1200 usbuhci ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0609 1200 usbuhci ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0609 1200 usbvideo ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0609 1200 usbvideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0609 1200 VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0609 1200 VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0625 1200 VolSnap ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0625 1200 VolSnap ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0625 1200 Wanarp ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0625 1200 Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0625 1200 wdmaud ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0625 1200 wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0625 1200 WpdUsb ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0625 1200 WpdUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0625 1200 WSTCODEC ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0625 1200 WSTCODEC ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0625 1200 WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0625 1200 WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:34:04.0625 1200 WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user 16:34:04.0625 1200 WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
25.10.2011, 15:44
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2011, 16:16
| #13 |
| | Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner Hier das Combo Fix Log: Combofix Logfile: Code:
ATTFilter ComboFix 11-10-25.03 - Simon 25.10.2011 16:56:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1015.689 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Simon\Eigene Dateien\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Simon\Anwendungsdaten\Help\coredb\storage
c:\dokumente und einstellungen\Simon\WINDOWS
c:\windows\ehome\medctrro.exe
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\IsUn0407.exe
c:\windows\pi.exe
c:\windows\system32\d3d9caps.dat
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-09-25 bis 2011-10-25 ))))))))))))))))))))))))))))))
.
.
2011-10-25 11:40 . 2011-10-25 11:40 -------- d-----w- C:\_OTL
2011-10-23 13:45 . 2011-10-23 13:45 -------- d-----r- c:\dokumente und einstellungen\LocalService\Eigene Dateien
2011-10-22 20:25 . 2011-10-22 20:25 -------- d-----w- c:\programme\ESET
2011-10-20 19:54 . 2011-10-20 19:54 -------- d-----w- c:\programme\Freeware.de
2011-10-20 19:54 . 2011-10-20 19:54 -------- d-----w- c:\dokumente und einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\Temp
2011-10-20 19:54 . 2011-10-20 19:54 -------- d-----w- c:\dokumente und einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\Conduit
2011-10-20 19:54 . 2011-10-20 19:54 -------- d-----w- C:\cannonhill
2011-10-18 21:43 . 2011-10-24 20:16 -------- d-----w- c:\dokumente und einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\NFS Underground 2
2011-10-18 21:43 . 2011-10-18 21:43 -------- d-----w- c:\programme\Gemeinsame Dateien\DirectX
2011-10-15 20:33 . 2011-10-15 20:33 -------- d-----w- c:\dokumente und einstellungen\Simon\Anwendungsdaten\Avira
2011-10-15 20:32 . 2011-10-11 13:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-15 20:32 . 2011-10-11 13:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-15 20:32 . 2011-10-11 13:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-15 20:32 . 2011-10-15 20:32 -------- d-----w- c:\programme\Avira
2011-10-15 20:32 . 2011-10-15 20:32 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2011-10-10 09:09 . 2011-10-10 09:09 4550304 ----a-w- c:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-10-05 07:33 . 2011-10-05 07:33 -------- d-----r- c:\dokumente und einstellungen\NetworkService\Favoriten
2011-09-29 18:04 . 2011-09-29 18:10 -------- d-----w- c:\dokumente und einstellungen\Simon\Anwendungsdaten\DeepBurner
2011-09-29 18:04 . 2011-09-29 18:04 -------- d-----w- c:\programme\Astonsoft
2011-09-29 17:23 . 2011-09-29 17:23 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-14 03:22 . 2011-05-17 18:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 06:35 . 2011-06-04 17:54 134104 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 -csh--r- c:\windows\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . B128FC0A5CD83F669D5DE4B58F77C7D6 . 25216 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . D8653DCD80CF2EBB333FC4FCC43A7DEF . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 183805EB05BCA5A1E4AAAED4D2BE3690 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2004-08-04 . CDF4DA6B518105343FE9E8AFBBF8FBF4 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
.
[-] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-04 12:00 . 4B9D9E2708019763C5A72DA776DB1158 . 846848 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 3A5E54A9AB96EF2D273B58136FB58EFE . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . D3D765E8455A961AE567B408F767D4F9 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2004-08-04 . 9F28FF58D6D67B123272869D89D14004 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
.
[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . F0A7D59AF279326528715B206669B86C . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . EDB6B81761BD60F32F740BBC40AFB676 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2004-08-04 . 54E7113A4BD696E430919BCAF5C65E06 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . 3C93CE6C6985C55952B7BE6673E9FD15 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2004-08-04 . 2CF914215226B3F7FA1AE4A47E4D261C . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 . 9D0F57B9C65BF8A07DB655A9ED6EB2EE . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 1A5F9DB98DF7955B4C7CBDBF2C638238 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . ADA7241C16F3F42C7F210539FAD5F3AA . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2004-08-04 12:00 . 4E1A8645EE77CB9454FFE53C59620A25 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\es.dll
.
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 94101D13A1818A9D08337EEC12ED277A . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 3EB703BFC2ED26A3D8ACB8626AB2C006 . 1065472 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2004-08-04 . E6CD85D0D37416CF138F01F4BB0FC872 . 1057280 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
.
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-04 . 3898FFF548E2968CB3AC5A71D7F4E425 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
[-] 2004-08-04 . B4AD65C79F85C61D32C015B11E03CAAD . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2009-05-13 . CF58DCA3ED911C4C942B941D4ECF6862 . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[-] 2009-05-13 . CF58DCA3ED911C4C942B941D4ECF6862 . 5936128 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\6288fd9db6b86408ce7baea2379e011e\SP3QFE\mshtml.dll
[-] 2009-05-13 . C671F2C4655B3EB04A07CF04C961DD2D . 5936128 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\6288fd9db6b86408ce7baea2379e011e\SP3GDR\mshtml.dll
[-] 2009-05-13 . C671F2C4655B3EB04A07CF04C961DD2D . 5936128 . . [8.00.6001.18783] . . c:\windows\system32\mshtml.dll
[-] 2009-05-13 . C671F2C4655B3EB04A07CF04C961DD2D . 5936128 . . [8.00.6001.18783] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[-] 2008-04-14 . 72AE55A9FFBC60650339CB12E35C7DD5 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie8\mshtml.dll
[-] 2008-04-14 . 72AE55A9FFBC60650339CB12E35C7DD5 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2004-08-04 . CAC51AD576713E5F0CE2251ED3A7FE82 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
.
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . C536AAD8A71608FE33CD956214EDD366 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2004-08-04 . B30BAA48E5063E71C76280E34E7E4802 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 . 365B3C43810E1CF41B3BE1E7180F583B . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . B36E08F680BAE4DFC5C24D00A2DFC9E7 . 247296 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
.
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . D27395EDCD3416AFD125A9370DCB585C . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 5604574D490B798BD9A946B021A766AD . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 64DC26B3CF7BCCAD431CE360A4C625D5 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . F62934BC94299083EBFC8810242D8640 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 65A819B121EB6FDAB4400EA42BDFFE64 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-04 . 4584E2A5FE662AB3E7C32936E1449043 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2004-08-04 . 56785FD5236D7B22CF471A6DA9DB46D8 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . D1E53DC57143F2584B1DD53B036C0633 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2009-05-13 . 13521D5B5A6F1A47459909D32409A369 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2009-05-13 . 13521D5B5A6F1A47459909D32409A369 . 915456 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\6288fd9db6b86408ce7baea2379e011e\SP3QFE\wininet.dll
[-] 2009-05-13 . F85681C65CA3CD5D4B0E4CE88FDF6685 . 915456 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\6288fd9db6b86408ce7baea2379e011e\SP3GDR\wininet.dll
[-] 2009-05-13 . F85681C65CA3CD5D4B0E4CE88FDF6685 . 915456 . . [8.00.6001.18783] . . c:\windows\system32\wininet.dll
[-] 2009-05-13 . F85681C65CA3CD5D4B0E4CE88FDF6685 . 915456 . . [8.00.6001.18783] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2008-04-14 . B4AEE98A48917B274FACFB78BBE0BC84 . 671744 . . [6.00.2900.5512] . . c:\windows\ie8\wininet.dll
[-] 2008-04-14 . B4AEE98A48917B274FACFB78BBE0BC84 . 671744 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2004-08-04 . B1A1DA99C4A6EBFD59F86A453BF02F39 . 662016 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll
.
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . D569240A22421D5F670BB6FB6DD522B5 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-04 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
[-] 2004-08-04 . 8193CE5FB09E83F2699FD65BBCBE2FD2 . 153600 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2004-08-04 . D700449AD3045E81680C25A79620A171 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\usp10.dll
[-] 2004-08-04 . E4E40EAFF464EBE7752BAD3D82AF1715 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2002-12-11 23:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\Driver Cache\i386\ksuser.dll
[-] 2002-12-11 23:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 7D3E0BEB62799112F5C9FF717D72BF29 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
[-] 2004-08-04 . 8302DE1C64618D72346DD0034DBC5D9B . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . B932C077D5A65B71B4512544AC404CB4 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 80F7B7198B869C07C98627AF812D68B6 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2004-08-04 . BAC5F7F0C2B8C1B9832594851E0F9914 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
.
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . AE81CF7D7CFA79CD03E8FB99788A7E09 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . D5E73842F38E24457C63FEF8CEFFBE19 . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 6FA03B462B2FFFE2627171B7FE73EE29 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . 1850BC10DE5DCCCEDE063FC2D0F2CEDA . 297472 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-04 . AE93E415220A4C0112768A0DEE36D28D . 348672 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll
[-] 2004-08-04 . BECD5328E7869807D6557BE4FE60C72F . 175616 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-04 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2004-08-04 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2004-08-04 12:00 . 31DD27AB47F62D383505F35CA972748B . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
[-] 2004-08-04 . E5215AB942C5AC5F7EB0E54871D7A27C . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2008-04-14 02:22 . 6E18978B749F0696A774DE3F2CB142DD . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 12:00 . D68CC4EBF7B03FD770D5962295AD814E . 52736 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll
.
[-] 2009-08-04 . C50ED62BB5CDC5AD4F3985ED39C6AE87 . 2068480 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 602A85B23E5D9E6402D7205AFBE6FEB4 . 2068352 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-08-04 . 602A85B23E5D9E6402D7205AFBE6FEB4 . 2068352 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . 602A85B23E5D9E6402D7205AFBE6FEB4 . 2068352 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-10 . 321917CFF934663C48C1E91A930E5D71 . 2068352 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-09 . 1F9DA92672B8B5720C5FB1E87D8F249F . 2068480 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 . E51980EF65CED4490A7395A06C08DA34 . 2068224 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 . E51980EF65CED4490A7395A06C08DA34 . 2068224 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2004-08-04 . CE41FC4C06499A389D39B301879535FB . 2059136 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
[-] 2004-08-04 12:00 . 428AA946A8D9F32DBB4260C8E6E13377 . 438272 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-04 . 09D4A2D7C5A8ABEC227D118765FAADDF . 185856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 7DB3393F98E4211F5CE8F003DE0615CF . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
[-] 2004-07-09 03:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
[-] 2004-07-09 03:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . 20AE7889467887B869F30308EEED9A2A . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . CAC545A56482DE01640E6B791DE19944 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
[-] 2004-07-09 03:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
[-] 2004-07-09 03:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 12:00 . 1404D3DD4ED4F5E2A938B43794049A81 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 007BFD01772B5202C5CE4F208A2F3F46 . 41984 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-04 . 4EF2FDC0A085C8339ED4D9C59CE8FC60 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2009-08-04 . 121AEDCE2F5A65D63C9D51B9198FA7B3 . 2191488 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-08-04 . 121AEDCE2F5A65D63C9D51B9198FA7B3 . 2191488 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . 121AEDCE2F5A65D63C9D51B9198FA7B3 . 2191488 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-08-04 . 4B86421F2D85D9A4ECB06885C40B8EEB . 2191616 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-10 . D3453310FC92736E674FFDC6E3F455B7 . 2191488 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . FEE1600B76B196D9993CD468DA7524F7 . 2191360 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-04-14 . 354C9291513BCE4D0ED6B0C6A15470F8 . 2191360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-14 . 354C9291513BCE4D0ED6B0C6A15470F8 . 2191360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2004-08-04 . DC888C9C4CA0EEA7A3CB7E6B610F75C7 . 2183296 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-04 . C6D874CD2A5B83CD11CDEBD28A638584 . 176640 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2004-08-04 . 7E751068ADA60FC77638622E86A7CD9E . 333824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-04 . 32641AE4D340C1AC2D9B3A3BD71F5C47 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2004-08-04 . 84028E2EBE7A25494766673A5FF4B304 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-08-21 114688]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-05-10 344064]
"LogitechCommunicationsManager"="c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [2008-09-22 564496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-01 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-01 118784]
"DAEMON Tools"="c:\programme\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\\Programme\\ICQ7.5\\ICQ.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Dokumente und Einstellungen\\Simon\\Eigene Dateien\\Star Trek Klingon Academy\\ka.exe"=
"c:\\Dokumente und Einstellungen\\Simon\\Desktop\\Need4speed Underground 2\\speed2.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [13.10.2005 15:46 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.11.2010 16:52 691696]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [15.10.2011 22:32 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [15.10.2011 22:32 86224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = iexplore
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programme\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/firefox
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-giva.exe - c:\dokumente und einstellungen\Simon\Anwendungsdaten\Ycigy\giva.exe
HKLM-Run-SunJavaUpdateSched - c:\programme\Java\jre6\bin\jusched.exe
AddRemove-FINAL FANTASY VIII - c:\windows\IsUn0407.exe
AddRemove-Klingon Academy - c:\dokumente und einstellungen\Simon\Eigene Dateien\Star Trek Klingon Academy\Uninst.isu
AddRemove-Star Trek Voyager Elite Force - c:\windows\IsUn0407.exe
AddRemove-Tomb Raider II - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-10-25 17:04
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-2000478354-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8e,5b,0e,82,6f,c1,78,aa,82,7c,25,ef,67,a0,b5,65,d0,ce,cb,64,41,94,17,
78,f4,ad,f1,54,21,72,e6,40,8a,32,ca,13,56,6f,02,78,fa,29,3b,21,5c,a4,d9,c9,\
"??"=hex:fe,be,75,61,98,6c,35,fd,67,56,b5,fd,28,12,c9,34
.
[HKEY_USERS\S-1-5-21-1454471165-2000478354-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:53,87,40,f2,a9,c1,22,1b,ab,ee,1d,71,f1,c5,41,c9,42,26,38,02,d6,
45,4b,7f,60,de,22,14,ff,9b,c7,d4,87,36,34,8b,b7,5e,53,5b,1e,31,04,14,52,11,\
"rkeysecu"=hex:c1,5f,d8,66,fd,e3,e3,c1,bd,74,fa,57,a6,f2,11,9f
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(1296)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
c:\programme\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-10-25 17:13:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-10-25 15:13
.
Vor Suchlauf: 13 Verzeichnis(se), 56.306.176.000 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 56.293.036.032 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - EF0EA06551F9A897B6A48444F0A232F6
Edit: Für alles ( bis hierhin und weiter ) danke ich dir , Cosinus/Arne schonmal sehr herzlich !!  Geändert von KWKMH (25.10.2011 um 16:27 Uhr) |
|
25.10.2011, 18:02
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.10.2011, 15:04
| #15 |
| | Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner Hier schonmal das Log von GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-10-26 15:55:04
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-19JHC0 rev.05.01C05
Running: xumeqjmw.exe; Driver: C:\DOKUME~1\Simon\LOKALE~1\Temp\fwriyfog.sys
---- System - GMER 1.0.15 ----
SSDT F7D00DAC ZwClose
SSDT F7D00D66 ZwCreateKey
SSDT F7D00DB6 ZwCreateSection
SSDT F7D00D5C ZwCreateThread
SSDT F7D00D6B ZwDeleteKey
SSDT F7D00D75 ZwDeleteValueKey
SSDT F7D00DA7 ZwDuplicateObject
SSDT spse.sys ZwEnumerateKey [0xF750EDA4]
SSDT spse.sys ZwEnumerateValueKey [0xF750F132]
SSDT F7D00D7A ZwLoadKey
SSDT spse.sys ZwOpenKey [0xF74F60C0]
SSDT F7D00D48 ZwOpenProcess
SSDT F7D00D4D ZwOpenThread
SSDT spse.sys ZwQueryKey [0xF750F20A]
SSDT F7D00DCF ZwQueryValueKey
SSDT F7D00D84 ZwReplaceKey
SSDT F7D00DC0 ZwRequestWaitReplyPort
SSDT F7D00D7F ZwRestoreKey
SSDT F7D00DBB ZwSetContextThread
SSDT F7D00DC5 ZwSetSecurityObject
SSDT F7D00D70 ZwSetValueKey
SSDT F7D00DCA ZwSystemDebugControl
SSDT F7D00D57 ZwTerminateProcess
INT 0x62 ? 863DABF8
INT 0x63 ? 8601EF00
INT 0x82 ? 863DABF8
INT 0x83 ? 8601EF00
INT 0x83 ? 8601EF00
INT 0xA4 ? 8601EF00
INT 0xB4 ? 8601EF00
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 169 804E27C5 3 Bytes [ED, 50, F7]
? spse.sys Das System kann die angegebene Datei nicht finden. !
.sfrelocÿÿÿÿsfsync03unknown last section [0xF7636000, 0xA20, 0x40000040] C:\WINDOWS\system32\drivers\sfsync03.sys unknown last section [0xF7636000, 0xA20, 0x40000040]
.text USBPORT.SYS!DllUnload F689A8AC 5 Bytes JMP 8601E4E0
? System32\Drivers\azpxowka.SYS Das System kann den angegebenen Pfad nicht finden. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8636F2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7521DDC] spse.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7521E30] spse.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74F7042] spse.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74F713E] spse.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74F70C0] spse.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74F7800] spse.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74F76D6] spse.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8601E5E0
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7506B90] spse.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Downloads\xumeqjmw.exe[1308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Downloads\xumeqjmw.exe[1308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Downloads\xumeqjmw.exe[1308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Downloads\xumeqjmw.exe[1308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02372F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02372CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02372D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02372CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 863D91F8
Device \FileSystem\Fastfat \FatCdrom 85DAD500
Device \FileSystem\Udfs \UdfsCdRom 8607F360
Device \FileSystem\Udfs \UdfsDisk 8607F360
Device \Driver\usbuhci \Device\USBPDO-0 861F51F8
Device \Driver\PCI_PNP7652 \Device\00000044 spse.sys
Device \Driver\PCI_PNP7652 \Device\00000044 spse.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8636D1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8636D1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8636D1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8636D1F8
Device \Driver\usbuhci \Device\USBPDO-1 861F51F8
Device \Driver\usbuhci \Device\USBPDO-2 861F51F8
Device \Driver\usbuhci \Device\USBPDO-3 861F51F8
Device \Driver\usbehci \Device\USBPDO-4 861F41F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 863DB1F8
Device \Driver\Cdrom \Device\CdRom0 860041F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom1 860041F8
Device \Driver\Cdrom \Device\CdRom2 860041F8
Device \Driver\Cdrom \Device\CdRom3 860041F8
Device \Driver\Cdrom \Device\CdRom4 860041F8
Device \Driver\Cdrom \Device\CdRom5 860041F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 863321F8
Device \Driver\NetBT \Device\NetbiosSmb 863321F8
Device \Driver\sptd \Device\754443902 spse.sys
Device \Driver\sptd \Device\754443902 spse.sys
Device \Driver\usbuhci \Device\USBFDO-0 861F51F8
Device \Driver\usbuhci \Device\USBFDO-1 861F51F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85D911F8
Device \Driver\usbuhci \Device\USBFDO-2 861F51F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85D911F8
Device \Driver\usbuhci \Device\USBFDO-3 861F51F8
Device \Driver\usbehci \Device\USBFDO-4 861F41F8
Device \Driver\Ftdisk \Device\FtControl 863DB1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{293D4BF7-24FC-4BF8-BF9C-B28219D622E8} 863321F8
Device \Driver\azpxowka \Device\Scsi\azpxowka1Port2Path0Target2Lun0 85FFE1F8
Device \Driver\azpxowka \Device\Scsi\azpxowka1Port2Path0Target2Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\azpxowka \Device\Scsi\azpxowka1Port2Path0Target0Lun0 85FFE1F8
Device \Driver\azpxowka \Device\Scsi\azpxowka1Port2Path0Target0Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\azpxowka \Device\Scsi\azpxowka1 85FFE1F8
Device \Driver\azpxowka \Device\Scsi\azpxowka1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\azpxowka \Device\Scsi\azpxowka1Port2Path0Target1Lun0 85FFE1F8
Device \Driver\azpxowka \Device\Scsi\azpxowka1Port2Path0Target1Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\azpxowka \Device\Scsi\azpxowka1Port2Path0Target3Lun0 85FFE1F8
Device \Driver\azpxowka \Device\Scsi\azpxowka1Port2Path0Target3Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fastfat \Fat 85DAD500
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 8602F398
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD8 0x09 0x9C 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5F 0xDC 0xAF 0x22 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x46 0x08 0xD3 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCC 0xBA 0x5C 0x48 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x6F 0x72 0x4E 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF0 0x3A 0xA6 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x5E 0x09 0x18 0x1E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD8 0x09 0x9C 0xEB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5F 0xDC 0xAF 0x22 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x46 0x08 0xD3 0xB8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCC 0xBA 0x5C 0x48 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x6F 0x72 0x4E 0x36 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF0 0x3A 0xA6 0x55 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x5E 0x09 0x18 0x1E ...
---- EOF - GMER 1.0.15 ----
Der alarm von Antivir beim entpacken von OSAM als TR/ Gendal ist also Fehlalarm? |
|
| Themen zu Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner |
| arbeitsspeicher, archive, befall, bildschirm, bla, computer, dateien, dllhost.exe, entfernen, erste mal, eset, fertig, fund, nichts, nt.dll, online, problem, rechts, scan, scanner, sched.exe, schonmal, schädlinge, tr/crypt.xpack.ge, trojane, trojaner, unterforum, variante, verweise, virus gefunden, win, win 32, win32 |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
