| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malware trotz AdwCleaner und Junkware Removal ToolWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.07.2013, 14:32
| #1 |
 |  Malware trotz AdwCleaner und Junkware Removal Tool Hallo, vor drei Wochen hatte ich mir Malware eingefangen und bekam von schrauber großartige Hilfe. Mein Rechner ist jetzt clean. Am Wochenende ließ ich Malwarebytes auf dem Rechner meines Sohnes laufen und bekam ein paar üble Funde zu sehen. Ich habe den Rechner der von schrauber empfohlenen "Rosskur" unterzogen mit: 1. AdwCleaner 2. Junkware Removal Tool 3. ESET Das Logfile von ESET nachfolgend. ESET hat sieben Funde gelistet. Für eine Hilfestellung wäre ich dankbar, wie man die (restliche) Malware los wird und was als nächstes geschehen sollte. Vielen Dank! Code:
ATTFilter C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Anwendungsdaten\Temp\a4f5Installer.exe Win32/Adware.Lollipop.H application
C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Temp\instloffer.exe Win32/Adware.Lollipop.H application
C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Temp\LyricsPal.exe Win32/Adware.AddLyrics.F application
C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Temp\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC.B application
C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Temporary Internet Files\Content.IE5\DM6BGAT5\freetorrentviewer_com[1].htm HTML/ScrInject.B.Gen virus
C:\Programme\Windows_Theme_Pack_290413\Themespack.zip multiple threats
C:\RECYCLER\S-1-5-21-88857016-41956022-1571098572-1006\Dc87.zip multiple threats
 |
|
08.07.2013, 14:34
| #2 |
| /// Malware-holic   | Malware trotz AdwCleaner und Junkware Removal Tool Hi, reiche noch die anderen Fundlogs nach.
__________________http://www.trojaner-board.de/125889-...en-posten.html
__________________ |
|
08.07.2013, 15:47
| #3 |
| | Malware trotz AdwCleaner und Junkware Removal Tool hallo markusg,
__________________vielen Dank für die Hilfe. Die Fundlogs: 1. MalwareBytes (1. Suchlauf) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.07.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Alexander****** :: ALEXANDER [Administrator] 07.07.2013 17:40:36 mbam-log-2013-07-07 (17-40-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 296455 Laufzeit: 2 Stunde(n), 45 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\RECYCLER\S-1-5-21-88857016-41956022-1571098572-1006\Dc112.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Temp\pricepeep_90001_0101.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CMYBTFHA\FlashPlayer[1].exe (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.07.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Alexander****** :: ALEXANDER [Administrator] 07.07.2013 20:34:14 mbam-log-2013-07-07 (20-34-14).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 204031 Laufzeit: 18 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\RECYCLER\S-1-5-21-88857016-41956022-1571098572-1006\Dc112.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.07.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Alexander****** :: ALEXANDER [Administrator] 07.07.2013 21:40:40 mbam-log-2013-07-07 (21-40-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 296585 Laufzeit: 2 Stunde(n), 45 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v2.304 - Datei am 08/07/2013 um 10:25:54 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Alexander****** - ALEXANDER
# Bootmodus : Normal
# Ausgeführt unter : E:\adwcleaner_2.3.0.4.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Mozilla\Firefox\Profiles\eqztyw2v.default\bprotector_extensions.sqlite
Datei Gefunden : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Mozilla\Firefox\Profiles\eqztyw2v.default\bprotector_prefs.js
Datei Gefunden : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Mozilla\Firefox\Profiles\eqztyw2v.default\searchplugins\Babylon.xml
Datei Gefunden : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Mozilla\Firefox\Profiles\eqztyw2v.default\searchplugins\delta.xml
Datei Gefunden : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Mozilla\Firefox\Profiles\eqztyw2v.default\searchplugins\SweetIM Search.xml
Datei Gefunden : C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gefunden : C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gefunden : C:\Dokumente und Einstellungen\Alexander******\Startmenü\Programme\iLivid.lnk
Datei Gefunden : C:\END
Datei Gefunden : C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\WINDOWS\system32\roboot.exe
Datei Gefunden : C:\WINDOWS\Tasks\EPUpdater.job
Ordner Gefunden : C:\DOKUME~1\ALEXAN~1\LOKALE~1\Temp\Iminent
Ordner Gefunden : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\BabSolution
Ordner Gefunden : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Babylon
Ordner Gefunden : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Delta
Ordner Gefunden : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\dvdvideosoftiehelpers
Ordner Gefunden : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Iminent
Ordner Gefunden : C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Anwendungsdaten\Amazon Browser Bar
Ordner Gefunden : C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Anwendungsdaten\Wajam
Ordner Gefunden : C:\Dokumente und Einstellungen\Alexander******\Startmenü\Programme\Wajam
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
Ordner Gefunden : C:\Programme\SweetIM
Ordner Gefunden : C:\Programme\Wajam
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\a6dedab23eef10
Schlüssel Gefunden : HKCU\Software\Alexa Internet
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\AutoLyrics
Schlüssel Gefunden : HKCU\Software\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\BI
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Delta
Schlüssel Gefunden : HKCU\Software\delta LTD
Schlüssel Gefunden : HKCU\Software\ilivid
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\Iminent
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DAEB9E85-4694-4F9B-85CB-2F28987872D7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAEB9E85-4694-4F9B-85CB-2F28987872D7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Wajam
Schlüssel Gefunden : HKCU\Software\WNLT
Schlüssel Gefunden : HKCU\Software\XingHaoLyrics
Schlüssel Gefunden : HKLM\SOFTWARE\a6dedab23eef10
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : HKU\S-1-5-21-88857016-41956022-1571098572-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\extensions [lrcspal@xinghao.net]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www2.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=A00390E6BA8DC031
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www2.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=A00390E6BA8DC031
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www2.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=A00390E6BA8DC031
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Mozilla\Firefox\Profiles\eqztyw2v.default\prefs.js
Gefunden : user_pref("browser.search.selectedEngine", "SweetIM Search");
Gefunden : user_pref("extensions.delta.admin", false);
Gefunden : user_pref("extensions.delta.aflt", "babsst");
Gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gefunden : user_pref("extensions.delta.autoRvrt", "false");
Gefunden : user_pref("extensions.delta.dfltLng", "en");
Gefunden : user_pref("extensions.delta.excTlbr", false);
Gefunden : user_pref("extensions.delta.ffxUnstlRst", true);
Gefunden : user_pref("extensions.delta.id", "a003623a00000000000090e6ba8dc031");
Gefunden : user_pref("extensions.delta.instlDay", "15823");
Gefunden : user_pref("extensions.delta.instlRef", "sst");
Gefunden : user_pref("extensions.delta.newTab", false);
Gefunden : user_pref("extensions.delta.prdct", "delta");
Gefunden : user_pref("extensions.delta.prtnrId", "delta");
Gefunden : user_pref("extensions.delta.rvrt", "false");
Gefunden : user_pref("extensions.delta.smplGrp", "none");
Gefunden : user_pref("extensions.delta.tlbrId", "base");
Gefunden : user_pref("extensions.delta.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.delta.vrsn", "1.8.16.16");
Gefunden : user_pref("extensions.delta.vrsnTs", "1.8.16.1621:31:04");
Gefunden : user_pref("extensions.delta.vrsni", "1.8.16.16");
Gefunden : user_pref("extensions.wajam.affiliate_id", "2555");
Gefunden : user_pref("extensions.wajam.firstrun", "false");
Gefunden : user_pref("extensions.wajam.log_send_info", "false");
Gefunden : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21086\",\"supported_sites\":{\[...]
Gefunden : user_pref("extensions.wajam.no_trace", "false");
Gefunden : user_pref("extensions.wajam.server_current_mapping_version", "0.21086");
Gefunden : user_pref("extensions.wajam.trace_log", "1367178401864 - processInstallationUpgrade - version set to[...]
Gefunden : user_pref("extensions.wajam.unique_id", "9FE1F12CE33281668AE98C15D279C612");
Gefunden : user_pref("extensions.wajam.user_current_mapping_version", "0");
Gefunden : user_pref("extensions.wajam.version", "1.26");
-\\ Google Chrome v27.0.1453.116
Datei : C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Preferences
Gefunden [l.1814] : homepage = "hxxp://www2.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=A00390E6BA8DC031",
Gefunden [l.2048] : urls_to_restore_on_startup = [ "hxxp://www2.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=A00390E6BA8DC031" ]
*************************
AdwCleaner[R1].txt - [10827 octets] - [08/07/2013 10:25:54]
########## EOF - C:\AdwCleaner[R1].txt - [10888 octets] ##########
Code:
ATTFilter # AdwCleaner v2.304 - Datei am 08/07/2013 um 10:31:47 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Alexander****** - ALEXANDER
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Alexander******\Eigene Dateien\adwcleaner_2.3.0.4.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Mozilla\Firefox\Profiles\eqztyw2v.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Mozilla\Firefox\Profiles\eqztyw2v.default\bprotector_prefs.js
Datei Gelöscht : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Mozilla\Firefox\Profiles\eqztyw2v.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Mozilla\Firefox\Profiles\eqztyw2v.default\searchplugins\delta.xml
Datei Gelöscht : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Mozilla\Firefox\Profiles\eqztyw2v.default\searchplugins\SweetIM Search.xml
Datei Gelöscht : C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Dokumente und Einstellungen\Alexander******\Startmenü\Programme\iLivid.lnk
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\WINDOWS\system32\roboot.exe
Datei Gelöscht : C:\WINDOWS\Tasks\EPUpdater.job
Ordner Gelöscht : C:\DOKUME~1\ALEXAN~1\LOKALE~1\Temp\Iminent
Ordner Gelöscht : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\BabSolution
Ordner Gelöscht : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Babylon
Ordner Gelöscht : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Delta
Ordner Gelöscht : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Iminent
Ordner Gelöscht : C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Anwendungsdaten\Amazon Browser Bar
Ordner Gelöscht : C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Anwendungsdaten\Wajam
Ordner Gelöscht : C:\Dokumente und Einstellungen\Alexander******\Startmenü\Programme\Wajam
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
Ordner Gelöscht : C:\Programme\SweetIM
Ordner Gelöscht : C:\Programme\Wajam
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\a6dedab23eef10
Schlüssel Gelöscht : HKCU\Software\Alexa Internet
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AutoLyrics
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DAEB9E85-4694-4F9B-85CB-2F28987872D7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAEB9E85-4694-4F9B-85CB-2F28987872D7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Wajam
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\XingHaoLyrics
Schlüssel Gelöscht : HKLM\SOFTWARE\a6dedab23eef10
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\Software\PIP
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [lrcspal@xinghao.net]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www2.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=A00390E6BA8DC031 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www2.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=A00390E6BA8DC031 --> hxxp://www.google.com
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Mozilla\Firefox\Profiles\eqztyw2v.default\prefs.js
C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Mozilla\Firefox\Profiles\eqztyw2v.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.selectedEngine", "SweetIM Search");
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "a003623a00000000000090e6ba8dc031");
Gelöscht : user_pref("extensions.delta.instlDay", "15823");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.16.16");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.16.1621:31:04");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.16.16");
Gelöscht : user_pref("extensions.wajam.affiliate_id", "2555");
Gelöscht : user_pref("extensions.wajam.firstrun", "false");
Gelöscht : user_pref("extensions.wajam.log_send_info", "false");
Gelöscht : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21086\",\"supported_sites\":{\[...]
Gelöscht : user_pref("extensions.wajam.no_trace", "false");
Gelöscht : user_pref("extensions.wajam.server_current_mapping_version", "0.21086");
Gelöscht : user_pref("extensions.wajam.trace_log", "1367178401864 - processInstallationUpgrade - version set to[...]
Gelöscht : user_pref("extensions.wajam.unique_id", "9FE1F12CE33281668AE98C15D279C612");
Gelöscht : user_pref("extensions.wajam.user_current_mapping_version", "0");
Gelöscht : user_pref("extensions.wajam.version", "1.26");
-\\ Google Chrome v27.0.1453.116
Datei : C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.1814] : homepage = "hxxp://www2.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=A00390E6BA8DC031",
Gelöscht [l.2048] : urls_to_restore_on_startup = [ "hxxp://www2.delta-search.com/?affID=119816&babsrc=HP_ss&mntrI[...]
*************************
AdwCleaner[R1].txt - [10958 octets] - [08/07/2013 10:25:54]
AdwCleaner[S1].txt - [10822 octets] - [08/07/2013 10:31:47]
########## EOF - C:\AdwCleaner[S1].txt - [10883 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.5 (07.07.2013:1)
OS: Microsoft Windows XP x86
Ran by Alexander****** on 08.07.2013 at 10:46:15,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\systweak"
~~~ FireFox
Successfully deleted the following from C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\mozilla\firefox\profiles\eqztyw2v.default\prefs.js
user_pref("extensions.AMAZONNEW_NS_PH.searchconf", "{\n \"google\": {\n \"urlexp\": \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n \"rankometer\":
user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
user_pref("iminent.webbooster.scripts.minibar.Services.BHPCode", "01");
user_pref("iminent.webbooster.scripts.minibar.Services.DefaultEvent", "000");
user_pref("iminent.webbooster.scripts.minibar.Services.DefaultWebSite", "000");
user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11");
user_pref("iminent.webbooster.scripts.minibar.Services.SmartFavCode", "02");
user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
user_pref("iminent.webbooster.scripts.minibar.displayFavLinks", "1");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1367048579154");
user_pref("iminent.webbooster.scripts.sslminibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
user_pref("iminent.webbooster.scripts.sslminibar.Services.BHPCode", "01");
user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultEvent", "000");
user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultWebSite", "000");
user_pref("iminent.webbooster.scripts.sslminibar.Services.IminentClientCode", "11");
user_pref("iminent.webbooster.scripts.sslminibar.Services.SmartFavCode", "02");
user_pref("iminent.webbooster.scripts.sslminibar.ShowThankyouPixel", "0");
user_pref("iminent.webbooster.scripts.sslminibar.displayFavLinks", "1");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent134", "1367011166599");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.07.2013 at 10:50:19,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Anwendungsdaten\Temp\a4f5Installer.exe Win32/Adware.Lollipop.H application
C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Temp\instloffer.exe Win32/Adware.Lollipop.H application
C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Temp\LyricsPal.exe Win32/Adware.AddLyrics.F application
C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Temp\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC.B application
C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Temporary Internet Files\Content.IE5\DM6BGAT5\freetorrentviewer_com[1].htm HTML/ScrInject.B.Gen virus
C:\Programme\Windows_Theme_Pack_290413\Themespack.zip multiple threats
C:\RECYCLER\S-1-5-21-88857016-41956022-1571098572-1006\Dc87.zip multiple threats
|
|
08.07.2013, 15:51
| #4 |
| /// Malware-holic | Malware trotz AdwCleaner und Junkware Removal Tool Hi, Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.07.2013, 16:06
| #5 |
| | Malware trotz AdwCleaner und Junkware Removal Tool hi markusg, der Link zu OTL funzt nicht. Gibt es eine Alternative? Danke! |
|
08.07.2013, 16:53
| #6 |
| /// Malware-holic | Malware trotz AdwCleaner und Junkware Removal Tool
__________________ --> Malware trotz AdwCleaner und Junkware Removal Tool |
|
08.07.2013, 18:01
| #7 |
| | Malware trotz AdwCleaner und Junkware Removal Tool hi markusg, die otl.txt: Code:
ATTFilter OTL logfile created on: 08.07.2013 17:35:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Alexander******\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1015,17 Mb Total Physical Memory | 500,46 Mb Available Physical Memory | 49,30% Memory free 2,38 Gb Paging File | 1,88 Gb Available in Paging File | 79,01% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 72,06 Gb Total Space | 30,70 Gb Free Space | 42,61% Space Free | Partition Type: NTFS Drive D: | 72,05 Gb Total Space | 71,96 Gb Free Space | 99,87% Space Free | Partition Type: NTFS Computer Name: ALEXANDER | User Name: Alexander****** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.08 17:32:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Alexander******\Desktop\OTL.exe PRC - [2013.07.04 15:08:22 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.07.03 21:14:03 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2013.03.12 07:32:50 | 000,253,816 | ---- | M] (Oracle Corporation) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.08.17 15:03:35 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CD-Burner\CDBurnerXP\NMSAccessU.exe PRC - [2010.01.14 00:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp_130510\Winamp\winampa.exe PRC - [2009.07.27 16:58:38 | 000,397,312 | ---- | M] () -- C:\Programme\ASUS\Eee Docking\Eee Docking.exe PRC - [2009.06.25 11:25:40 | 000,712,704 | ---- | M] () -- C:\Programme\ASUS\LiveUpdate\LiveUpdate.exe PRC - [2009.04.16 19:46:30 | 000,630,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsAcpiSvr.exe PRC - [2009.04.16 18:58:54 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsTray.exe PRC - [2009.03.30 11:34:36 | 000,241,664 | ---- | M] () -- C:\Programme\T-Moblie-Internet-Manager03\AssistantServices.exe PRC - [2009.03.30 11:33:34 | 000,132,608 | ---- | M] () -- C:\Programme\T-Moblie-Internet-Manager03\UIExec.exe PRC - [2009.03.25 10:43:40 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe PRC - [2009.03.13 16:15:02 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsEPCMon.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2013.07.04 15:08:22 | 003,285,912 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.05.26 17:53:32 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla\FileZilla FTP Client\fzshellext.dll MOD - [2013.03.10 21:04:18 | 000,043,520 | ---- | M] () -- C:\WINDOWS\system32\CmdLineExt03.dll MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CD-Burner\CDBurnerXP\NMSAccessU.exe MOD - [2009.07.27 16:58:38 | 000,397,312 | ---- | M] () -- C:\Programme\ASUS\Eee Docking\Eee Docking.exe MOD - [2009.06.25 11:25:40 | 000,712,704 | ---- | M] () -- C:\Programme\ASUS\LiveUpdate\LiveUpdate.exe MOD - [2009.06.25 10:15:22 | 000,135,168 | ---- | M] () -- C:\Programme\ASUS\LiveUpdate\Enumeration.dll MOD - [2009.03.30 11:34:36 | 000,241,664 | ---- | M] () -- C:\Programme\T-Moblie-Internet-Manager03\AssistantServices.exe MOD - [2009.03.30 11:33:34 | 000,132,608 | ---- | M] () -- C:\Programme\T-Moblie-Internet-Manager03\UIExec.exe MOD - [2009.03.23 17:55:50 | 000,176,128 | ---- | M] () -- C:\Programme\ASUS\LiveUpdate\Parser.dll MOD - [2009.03.23 17:53:46 | 000,106,496 | ---- | M] () -- C:\Programme\ASUS\LiveUpdate\ClientSocket.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013.07.04 15:08:22 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.07.03 21:14:03 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013.06.12 16:33:47 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.27 01:04:16 | 000,101,888 | ---- | M] (Freemake) [Auto | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CD-Burner\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009.03.30 11:34:36 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Programme\T-Moblie-Internet-Manager03\AssistantServices.exe -- (UI Assistant Service) SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AmUStor.SYS -- (AmUStor) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.03.14 11:26:51 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV09.sys -- (ACEDRV09) DRV - [2010.03.14 10:52:25 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.07.10 21:33:36 | 001,015,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86) DRV - [2009.04.27 13:26:44 | 005,074,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2009.03.13 23:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2009.03.13 16:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2009.03.02 07:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c) DRV - [2009.02.06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2009.01.12 09:12:56 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.01.04 17:29:50 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.01.04 17:29:50 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2008.12.11 22:11:04 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad) DRV - [2008.12.11 22:11:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2008.11.19 10:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf) DRV - [2008.10.29 16:35:32 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2008.08.05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008.04.08 15:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI) DRV - [2006.01.04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Programme\T-Moblie-Internet-Manager03\addon [2010.07.09 09:15:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Programme\FreemakeVideoConverter\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013.05.15 09:51:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Programme\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\autolyrics@man-soft.net: C:\Programme\AutoLyrics\FF\ [2010.03.17 21:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Mozilla\Extensions [2013.05.15 09:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Mozilla\Firefox\Profiles\eqztyw2v.default\extensions [2013.07.04 15:08:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.07.04 15:08:23 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Bing (Enabled) CHR - default_search_provider: search_url = hxxp://www.bing.com/search?setmkt=de-DE&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Programme\Google\Chrome\Application\27.0.1453.94\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\27.0.1453.94\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Freemake Video Converter = C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\ CHR - Extension: Delta Toolbar = C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nohfdhapjjlndfgjnmdlcabloeembdkj\1.0_0\ CHR - Extension: Amazon f\u00FCr Chrome = C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\2.2.2012.275_0\ O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LiveUpdate] C:\Programme\Asus\LiveUpdate\LiveUpdate.exe () O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation) O4 - HKLM..\Run: [UIExec] C:\Programme\T-Moblie-Internet-Manager03\UIExec.exe () O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp_130510\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [Eee Docking] C:\Programme\ASUS\Eee Docking\Eee Docking.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ SuperHybridEngine.lnk = C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46935935-0E97-49E0-A606-6BC5EABE1545}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.08.13 20:44:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0b91eefc-8b29-11df-8228-0025d38fdd35}\Shell - "" = AutoRun O33 - MountPoints2\{0b91eefc-8b29-11df-8228-0025d38fdd35}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0b91eefc-8b29-11df-8228-0025d38fdd35}\Shell\AutoRun\command - "" = E:\Install.exe O33 - MountPoints2\{40881f84-175a-11df-8196-0025d38fdd35}\Shell\AutoRun\command - "" = F:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597) ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Programme\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: MsnMsgr - hkey= - key= - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.07.08 17:31:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Alexander******\Desktop\OTL.exe [2013.07.08 14:24:56 | 000,000,000 | ---D | C] -- C:\080713 [2013.07.08 11:02:35 | 002,347,384 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Alexander******\Eigene Dateien\esetsmartinstaller_enu.exe [2013.07.08 10:46:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013.07.08 10:45:50 | 000,000,000 | ---D | C] -- C:\JRT [2013.07.08 10:43:51 | 000,546,604 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Alexander******\Eigene Dateien\JRT.exe [2013.07.07 17:39:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Malwarebytes [2013.07.07 17:38:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.07.07 17:38:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.07.07 17:38:48 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.07.07 17:37:27 | 000,000,000 | ---D | C] -- C:\Programme\MalwareBytes_070713 [2013.07.04 15:08:02 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.06.17 15:13:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alexander******\Eigene Dateien\Scratch Projects [2013.06.17 15:11:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alexander******\Startmenü\Programme\Scratch [2013.06.17 15:09:46 | 000,000,000 | ---D | C] -- C:\170613 [2013.06.17 15:03:57 | 000,000,000 | ---D | C] -- C:\Programme\Scratch 1.4_170613 [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.08 17:33:00 | 000,001,108 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.07.08 17:33:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.07.08 17:32:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Alexander******\Desktop\OTL.exe [2013.07.08 15:43:12 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.07.08 15:43:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.07.08 10:54:08 | 002,347,384 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Alexander******\Eigene Dateien\esetsmartinstaller_enu.exe [2013.07.08 10:40:54 | 000,546,604 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Alexander******\Eigene Dateien\JRT.exe [2013.07.08 10:20:10 | 000,650,027 | ---- | M] () -- C:\Dokumente und Einstellungen\Alexander******\Eigene Dateien\adwcleaner_2.3.0.4.exe [2013.07.07 17:38:52 | 000,000,979 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.06 16:43:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.06.20 15:41:55 | 000,001,814 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.06.17 15:13:02 | 000,001,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Alexander******\Desktop\Scratch.lnk [2013.06.16 12:52:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.06.16 10:28:32 | 087,985,920 | ---- | M] () -- C:\Die drei ...® und der Doppelgänger (Neuvertonung).mp3 [2013.06.12 19:36:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.08 15:51:58 | 000,650,027 | ---- | C] () -- C:\Dokumente und Einstellungen\Alexander******\Eigene Dateien\adwcleaner_2.3.0.4.exe [2013.07.07 17:38:52 | 000,000,979 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.17 15:13:02 | 000,001,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Alexander******\Desktop\Scratch.lnk [2013.06.16 10:08:16 | 087,985,920 | ---- | C] () -- C:\Die drei ...® und der Doppelgänger (Neuvertonung).mp3 [2013.04.28 21:28:00 | 000,161,984 | ---- | C] () -- C:\Programme\7ZipSetup.exe [2013.04.28 21:24:21 | 001,758,823 | ---- | C] () -- C:\Programme\winrar_280413.exe [2013.04.28 20:58:50 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\wklnhst.dat [2013.03.30 22:23:38 | 001,648,186 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-88857016-41956022-1571098572-1006-0.dat [2013.03.30 22:23:38 | 000,286,346 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2013.03.19 20:07:50 | 000,000,036 | -H-- | C] () -- C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\swk.ini [2012.09.26 20:57:14 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2012.09.26 20:57:14 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2012.09.26 20:57:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2012.09.26 20:57:14 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2012.02.26 20:05:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.11.26 09:50:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.04.21 15:34:14 | 000,023,552 | ---- | C] () -- C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2010.02.12 04:56:22 | 000,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2010.02.12 01:00:46 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\Alexander******\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.08.14 11:46:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009.03.03 01:10:15 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.05.15 09:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\.minecraft [2010.07.01 18:24:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Canneverbe Limited [2010.11.27 23:00:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\ChessBase [2012.07.15 18:19:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\DVDVideoSoft [2013.06.01 17:30:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\FileZilla [2010.03.13 17:50:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Leadertech [2010.07.09 09:15:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Programme [2012.10.27 18:41:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Samsung [2013.04.28 20:58:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alexander******\Anwendungsdaten\Template [2010.07.01 18:24:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2010.04.17 10:33:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Disney Imagineering [2013.03.30 22:06:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake [2010.09.14 16:16:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HMH [2009.08.14 11:33:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ralink Driver [2012.10.27 18:41:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.07.08 15:57:34 | 000,000,000 | ---D | M] -- C:\080713 [2013.06.17 15:10:44 | 000,000,000 | ---D | M] -- C:\170613 [2013.05.31 14:36:39 | 000,000,000 | ---D | M] -- C:\Alex samsung handy bilder [2013.07.03 21:14:31 | 000,000,000 | ---D | M] -- C:\Config.Msi [2013.06.01 12:37:09 | 000,000,000 | ---D | M] -- C:\doc [2013.05.18 15:16:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2011.10.22 16:53:39 | 000,000,000 | ---D | M] -- C:\flv [2013.06.01 17:34:39 | 000,000,000 | ---D | M] -- C:\Fotos JPG [2013.05.10 09:30:58 | 000,000,000 | -HSD | M] -- C:\found.000 [2010.05.08 21:19:23 | 000,000,000 | ---D | M] -- C:\HTML [2010.12.22 14:43:38 | 000,000,000 | ---D | M] -- C:\Intel [2013.07.08 15:55:27 | 000,000,000 | ---D | M] -- C:\JRT [2013.03.17 11:54:05 | 000,000,000 | ---D | M] -- C:\Meine Downloads [2013.05.15 09:51:34 | 000,000,000 | ---D | M] -- C:\mp4 [2011.06.13 23:04:14 | 000,000,000 | ---D | M] -- C:\MPEG-4 [2013.06.01 13:48:09 | 000,000,000 | RH-D | M] -- C:\MSOCache [2013.02.02 12:34:20 | 000,000,000 | ---D | M] -- C:\PDF-Dateien_080511 [2013.07.08 15:37:02 | 000,000,000 | ---D | M] -- C:\Programme [2013.05.15 10:29:32 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2013.06.02 16:21:21 | 000,000,000 | ---D | M] -- C:\RTF [2010.02.22 19:59:25 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.03.10 11:18:25 | 000,000,000 | ---D | M] -- C:\Video [2013.07.08 10:46:13 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > [2013.04.26 17:22:41 | 000,161,984 | ---- | M] () -- C:\Programme\7ZipSetup.exe [2013.04.28 21:22:33 | 001,758,823 | ---- | M] () -- C:\Programme\winrar_280413.exe Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2008.04.14 14:00:00 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp [2008.04.14 14:00:00 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2008.04.14 14:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp [2008.04.14 14:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2008.04.14 14:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2008.04.14 14:00:00 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2008.04.14 14:00:00 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [7 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2009.08.13 20:32:22 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2009.08.13 20:47:40 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2010.03.17 20:34:47 | 000,001,104 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2010.03.17 20:34:47 | 000,001,108 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [2012.07.15 18:05:21 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys [2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: IASTOR.SYS > [2008.09.12 07:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\I386\$OEM$\TEXTMODE\IASTOR.SYS [2008.09.12 07:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\OemDir\iaStor.sys [2008.09.12 07:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Programme\MalwareBytes_070713\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009.08.13 22:38:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2009.08.13 22:38:22 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009.08.13 22:38:22 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2013.07.08 15:38:05 | 004,456,448 | ---- | M] () -- C:\Dokumente und Einstellungen\Alexander******\ntuser.dat [2013.07.08 17:44:47 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Alexander******\ntuser.dat.LOG [2013.07.08 15:38:01 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Alexander******\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2013.04.12 16:00:54 | 001,876,480 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > und die Extra.txt: Code:
ATTFilter OTL Extras logfile created on: 08.07.2013 17:35:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Alexander******\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1015,17 Mb Total Physical Memory | 500,46 Mb Available Physical Memory | 49,30% Memory free
2,38 Gb Paging File | 1,88 Gb Available in Paging File | 79,01% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 72,06 Gb Total Space | 30,70 Gb Free Space | 42,61% Space Free | Partition Type: NTFS
Drive D: | 72,05 Gb Total Space | 71,96 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Computer Name: ALEXANDER | User Name: Alexander****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp_130510\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp_130510\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp_130510\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu
"C:\WINDOWS\system32\ARFC\wrtc.exe" = C:\WINDOWS\system32\ARFC\wrtc.exe:*:Enabled:wrtc
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = ASUS USB2.0 UVC VGA WebCam
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = T-Mobile Internet Manager 03
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F000DE4C-B6CB-4181-BAFF-EC5DA2A9C156}" = RuntimeLibsVC90
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Eee Docking_is1" = Eee Docking 1.3.6.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.7.0.2
"FLV Player" = FLV Player 2.0, build 24
"Freemake Video Converter_is1" = Freemake Video Converter Version 4.0.0
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Revo Uninstaller" = Revo Uninstaller 1.94
"Scratch" = Scratch
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGlobe" = WinGlobe
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.05.2013 03:29:00 | Computer Name = ALEXANDER | Source = .NET Runtime | ID = 0
Description =
Error - 15.05.2013 04:02:24 | Computer Name = ALEXANDER | Source = .NET Runtime | ID = 0
Description =
Error - 15.05.2013 04:04:22 | Computer Name = ALEXANDER | Source = .NET Runtime | ID = 0
Description =
Error - 15.05.2013 05:11:42 | Computer Name = ALEXANDER | Source = .NET Runtime | ID = 0
Description =
Error - 15.05.2013 05:13:40 | Computer Name = ALEXANDER | Source = .NET Runtime | ID = 0
Description =
Error - 15.05.2013 05:47:52 | Computer Name = ALEXANDER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Au_.exe, Version 1.4.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 01.06.2013 15:29:59 | Computer Name = ALEXANDER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 12.06.2013 10:33:25 | Computer Name = ALEXANDER | Source = Freemake Improver | ID = 0
Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine
Verbindung zum Dienstcontroller herstellen
Error - 15.06.2013 05:33:38 | Computer Name = ALEXANDER | Source = Freemake Improver | ID = 0
Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine
Verbindung zum Dienstcontroller herstellen
Error - 16.06.2013 04:18:16 | Computer Name = ALEXANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung asacpisvr.exe, Version 6.1.1.1008, fehlgeschlagenes
Modul asacpisvr.exe, Version 6.1.1.1008, Fehleradresse 0x00006279.
[ System Events ]
Error - 07.07.2013 14:29:56 | Computer Name = ALEXANDER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Freemake Improver" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 07.07.2013 15:37:38 | Computer Name = ALEXANDER | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Freemake
Improver.
Error - 07.07.2013 15:37:38 | Computer Name = ALEXANDER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Freemake Improver" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 08.07.2013 04:35:26 | Computer Name = ALEXANDER | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Freemake
Improver.
Error - 08.07.2013 04:35:26 | Computer Name = ALEXANDER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Freemake Improver" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 08.07.2013 05:22:01 | Computer Name = ALEXANDER | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "C:" aus.
Error - 08.07.2013 05:47:57 | Computer Name = ALEXANDER | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SAMSUNG1211",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{46935935-0E97-49-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 08.07.2013 09:43:53 | Computer Name = ALEXANDER | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Freemake
Improver.
Error - 08.07.2013 09:43:53 | Computer Name = ALEXANDER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Freemake Improver" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 08.07.2013 11:50:47 | Computer Name = ALEXANDER | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "C:" aus.
< End of report >
|
|
08.07.2013, 18:02
| #8 |
| /// Malware-holic | Malware trotz AdwCleaner und Junkware Removal Tool Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.07.2013, 18:52
| #9 |
| | Malware trotz AdwCleaner und Junkware Removal Tool hi markusg, nachfolgend die logfile von kaspersky. Sieht irgendwie nach viel Arbeit aus ... Vielen Dank für die Hilfe! Code:
ATTFilter 19:35:26.0078 2740 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:35:26.0281 2740 ============================================================
19:35:26.0281 2740 Current date / time: 2013/07/08 19:35:26.0281
19:35:26.0281 2740 SystemInfo:
19:35:26.0281 2740
19:35:26.0281 2740 OS Version: 5.1.2600 ServicePack: 3.0
19:35:26.0281 2740 Product type: Workstation
19:35:26.0281 2740 ComputerName: ALEXANDER
19:35:26.0281 2740 UserName: Alexander******
19:35:26.0281 2740 Windows directory: C:\WINDOWS
19:35:26.0281 2740 System windows directory: C:\WINDOWS
19:35:26.0281 2740 Processor architecture: Intel x86
19:35:26.0281 2740 Number of processors: 2
19:35:26.0281 2740 Page size: 0x1000
19:35:26.0281 2740 Boot type: Normal boot
19:35:26.0281 2740 ============================================================
19:35:27.0171 2740 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:35:27.0187 2740 ============================================================
19:35:27.0187 2740 \Device\Harddisk0\DR0:
19:35:27.0187 2740 MBR partitions:
19:35:27.0187 2740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x901F5C0
19:35:27.0187 2740 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x901F5FF, BlocksNum 0x901B73E
19:35:27.0187 2740 ============================================================
19:35:27.0296 2740 C: <-> \Device\Harddisk0\DR0\Partition1
19:35:27.0328 2740 D: <-> \Device\Harddisk0\DR0\Partition2
19:35:27.0328 2740 ============================================================
19:35:27.0328 2740 Initialize success
19:35:27.0328 2740 ============================================================
19:37:18.0484 1972 ============================================================
19:37:18.0484 1972 Scan started
19:37:18.0484 1972 Mode: Manual; SigCheck; TDLFS;
19:37:18.0484 1972 ============================================================
19:37:18.0718 1972 ================ Scan system memory ========================
19:37:18.0718 1972 System memory - ok
19:37:18.0734 1972 ================ Scan services =============================
19:37:18.0937 1972 Abiosdsk - ok
19:37:18.0953 1972 abp480n5 - ok
19:37:19.0031 1972 [ 4E5451DD0AEC8504D7F8030DD2D4C416 ] ACEDRV07 C:\WINDOWS\system32\drivers\ACEDRV07.sys
19:37:20.0390 1972 ACEDRV07 ( UnsignedFile.Multi.Generic ) - warning
19:37:20.0390 1972 ACEDRV07 - detected UnsignedFile.Multi.Generic (1)
19:37:20.0484 1972 [ EC818AED40E3359FE49DDB1700151E56 ] ACEDRV09 C:\WINDOWS\system32\drivers\ACEDRV09.sys
19:37:20.0843 1972 ACEDRV09 - ok
19:37:20.0921 1972 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:37:20.0953 1972 ACPI ( UnsignedFile.Multi.Generic ) - warning
19:37:20.0953 1972 ACPI - detected UnsignedFile.Multi.Generic (1)
19:37:21.0000 1972 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:37:21.0000 1972 ACPIEC ( UnsignedFile.Multi.Generic ) - warning
19:37:21.0000 1972 ACPIEC - detected UnsignedFile.Multi.Generic (1)
19:37:21.0125 1972 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:37:21.0156 1972 AdobeFlashPlayerUpdateSvc - ok
19:37:21.0171 1972 adpu160m - ok
19:37:21.0250 1972 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:37:21.0265 1972 aec ( UnsignedFile.Multi.Generic ) - warning
19:37:21.0265 1972 aec - detected UnsignedFile.Multi.Generic (1)
19:37:21.0343 1972 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:37:21.0359 1972 AFD ( UnsignedFile.Multi.Generic ) - warning
19:37:21.0359 1972 AFD - detected UnsignedFile.Multi.Generic (1)
19:37:21.0375 1972 Aha154x - ok
19:37:21.0375 1972 aic78u2 - ok
19:37:21.0390 1972 aic78xx - ok
19:37:21.0468 1972 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:37:21.0500 1972 Alerter ( UnsignedFile.Multi.Generic ) - warning
19:37:21.0500 1972 Alerter - detected UnsignedFile.Multi.Generic (1)
19:37:21.0578 1972 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
19:37:21.0593 1972 ALG ( UnsignedFile.Multi.Generic ) - warning
19:37:21.0593 1972 ALG - detected UnsignedFile.Multi.Generic (1)
19:37:21.0609 1972 AliIde - ok
19:37:21.0750 1972 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
19:37:21.0921 1972 Ambfilt ( UnsignedFile.Multi.Generic ) - warning
19:37:21.0921 1972 Ambfilt - detected UnsignedFile.Multi.Generic (1)
19:37:21.0937 1972 amsint - ok
19:37:21.0953 1972 AmUStor - ok
19:37:22.0140 1972 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
19:37:22.0203 1972 AntiVirSchedulerService - ok
19:37:22.0250 1972 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
19:37:22.0296 1972 AntiVirService - ok
19:37:22.0312 1972 AppMgmt - ok
19:37:22.0453 1972 [ E0EE769D14128014965E03B433F5F46E ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
19:37:22.0656 1972 AR5416 ( UnsignedFile.Multi.Generic ) - warning
19:37:22.0656 1972 AR5416 - detected UnsignedFile.Multi.Generic (1)
19:37:22.0671 1972 asc - ok
19:37:22.0687 1972 asc3350p - ok
19:37:22.0703 1972 asc3550 - ok
19:37:22.0921 1972 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:37:23.0000 1972 aspnet_state - ok
19:37:23.0062 1972 [ 12415A4B61DED200FE9932B47A35FA42 ] AsusACPI C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
19:37:23.0078 1972 AsusACPI ( UnsignedFile.Multi.Generic ) - warning
19:37:23.0078 1972 AsusACPI - detected UnsignedFile.Multi.Generic (1)
19:37:23.0171 1972 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:37:23.0187 1972 AsyncMac ( UnsignedFile.Multi.Generic ) - warning
19:37:23.0187 1972 AsyncMac - detected UnsignedFile.Multi.Generic (1)
19:37:23.0250 1972 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
19:37:23.0265 1972 atapi ( UnsignedFile.Multi.Generic ) - warning
19:37:23.0281 1972 atapi - detected UnsignedFile.Multi.Generic (1)
19:37:23.0281 1972 Atdisk - ok
19:37:23.0343 1972 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:37:23.0359 1972 Atmarpc ( UnsignedFile.Multi.Generic ) - warning
19:37:23.0359 1972 Atmarpc - detected UnsignedFile.Multi.Generic (1)
19:37:23.0421 1972 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:37:23.0468 1972 AudioSrv ( UnsignedFile.Multi.Generic ) - warning
19:37:23.0468 1972 AudioSrv - detected UnsignedFile.Multi.Generic (1)
19:37:23.0531 1972 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:37:23.0546 1972 audstub ( UnsignedFile.Multi.Generic ) - warning
19:37:23.0546 1972 audstub - detected UnsignedFile.Multi.Generic (1)
19:37:23.0625 1972 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:37:23.0671 1972 avgntflt - ok
19:37:23.0750 1972 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:37:23.0812 1972 avipbb - ok
19:37:23.0890 1972 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
19:37:23.0953 1972 avkmgr - ok
19:37:24.0031 1972 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:37:24.0046 1972 Beep ( UnsignedFile.Multi.Generic ) - warning
19:37:24.0046 1972 Beep - detected UnsignedFile.Multi.Generic (1)
19:37:24.0125 1972 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
19:37:24.0187 1972 BITS ( UnsignedFile.Multi.Generic ) - warning
19:37:24.0187 1972 BITS - detected UnsignedFile.Multi.Generic (1)
19:37:24.0265 1972 [ D002033C1A37F6AF51B5F0BA6D0211BC ] BMLoad C:\WINDOWS\system32\drivers\BMLoad.sys
19:37:24.0281 1972 BMLoad ( UnsignedFile.Multi.Generic ) - warning
19:37:24.0281 1972 BMLoad - detected UnsignedFile.Multi.Generic (1)
19:37:24.0343 1972 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
19:37:24.0484 1972 Browser - ok
19:37:24.0500 1972 btaudio - ok
19:37:24.0515 1972 BTDriver - ok
19:37:24.0531 1972 BTWDNDIS - ok
19:37:24.0546 1972 btwhid - ok
19:37:24.0562 1972 BTWUSB - ok
19:37:24.0609 1972 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:37:24.0625 1972 cbidf2k ( UnsignedFile.Multi.Generic ) - warning
19:37:24.0625 1972 cbidf2k - detected UnsignedFile.Multi.Generic (1)
19:37:24.0671 1972 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:37:24.0687 1972 CCDECODE ( UnsignedFile.Multi.Generic ) - warning
19:37:24.0687 1972 CCDECODE - detected UnsignedFile.Multi.Generic (1)
19:37:24.0687 1972 cd20xrnt - ok
19:37:24.0750 1972 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:37:24.0781 1972 Cdaudio ( UnsignedFile.Multi.Generic ) - warning
19:37:24.0781 1972 Cdaudio - detected UnsignedFile.Multi.Generic (1)
19:37:24.0796 1972 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:37:24.0812 1972 Cdfs ( UnsignedFile.Multi.Generic ) - warning
19:37:24.0812 1972 Cdfs - detected UnsignedFile.Multi.Generic (1)
19:37:24.0890 1972 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:37:24.0906 1972 Cdrom ( UnsignedFile.Multi.Generic ) - warning
19:37:24.0906 1972 Cdrom - detected UnsignedFile.Multi.Generic (1)
19:37:24.0906 1972 Changer - ok
19:37:24.0984 1972 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:37:25.0000 1972 CiSvc ( UnsignedFile.Multi.Generic ) - warning
19:37:25.0000 1972 CiSvc - detected UnsignedFile.Multi.Generic (1)
19:37:25.0031 1972 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:37:25.0046 1972 ClipSrv ( UnsignedFile.Multi.Generic ) - warning
19:37:25.0046 1972 ClipSrv - detected UnsignedFile.Multi.Generic (1)
19:37:25.0109 1972 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:37:25.0203 1972 clr_optimization_v2.0.50727_32 - ok
19:37:25.0328 1972 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:37:25.0406 1972 clr_optimization_v4.0.30319_32 - ok
19:37:25.0468 1972 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:37:25.0484 1972 CmBatt ( UnsignedFile.Multi.Generic ) - warning
19:37:25.0484 1972 CmBatt - detected UnsignedFile.Multi.Generic (1)
19:37:25.0500 1972 CmdIde - ok
19:37:25.0531 1972 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:37:25.0546 1972 Compbatt ( UnsignedFile.Multi.Generic ) - warning
19:37:25.0546 1972 Compbatt - detected UnsignedFile.Multi.Generic (1)
19:37:25.0562 1972 COMSysApp - ok
19:37:25.0578 1972 Cpqarray - ok
19:37:25.0656 1972 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:37:25.0671 1972 CryptSvc ( UnsignedFile.Multi.Generic ) - warning
19:37:25.0671 1972 CryptSvc - detected UnsignedFile.Multi.Generic (1)
19:37:25.0687 1972 dac2w2k - ok
19:37:25.0703 1972 dac960nt - ok
19:37:25.0812 1972 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:37:25.0859 1972 DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
19:37:25.0859 1972 DcomLaunch - detected UnsignedFile.Multi.Generic (1)
19:37:25.0937 1972 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:37:25.0953 1972 Dhcp ( UnsignedFile.Multi.Generic ) - warning
19:37:25.0953 1972 Dhcp - detected UnsignedFile.Multi.Generic (1)
19:37:26.0031 1972 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:37:26.0046 1972 Disk ( UnsignedFile.Multi.Generic ) - warning
19:37:26.0046 1972 Disk - detected UnsignedFile.Multi.Generic (1)
19:37:26.0062 1972 dmadmin - ok
19:37:26.0140 1972 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:37:26.0234 1972 dmboot ( UnsignedFile.Multi.Generic ) - warning
19:37:26.0234 1972 dmboot - detected UnsignedFile.Multi.Generic (1)
19:37:26.0281 1972 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:37:26.0312 1972 dmio ( UnsignedFile.Multi.Generic ) - warning
19:37:26.0312 1972 dmio - detected UnsignedFile.Multi.Generic (1)
19:37:26.0359 1972 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:37:26.0390 1972 dmload ( UnsignedFile.Multi.Generic ) - warning
19:37:26.0406 1972 dmload - detected UnsignedFile.Multi.Generic (1)
19:37:26.0468 1972 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:37:26.0484 1972 dmserver ( UnsignedFile.Multi.Generic ) - warning
19:37:26.0484 1972 dmserver - detected UnsignedFile.Multi.Generic (1)
19:37:26.0546 1972 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:37:26.0578 1972 DMusic ( UnsignedFile.Multi.Generic ) - warning
19:37:26.0578 1972 DMusic - detected UnsignedFile.Multi.Generic (1)
19:37:26.0640 1972 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:37:26.0656 1972 Dnscache ( UnsignedFile.Multi.Generic ) - warning
19:37:26.0656 1972 Dnscache - detected UnsignedFile.Multi.Generic (1)
19:37:26.0671 1972 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:37:26.0703 1972 Dot3svc ( UnsignedFile.Multi.Generic ) - warning
19:37:26.0703 1972 Dot3svc - detected UnsignedFile.Multi.Generic (1)
19:37:26.0703 1972 dpti2o - ok
19:37:26.0781 1972 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:37:26.0796 1972 drmkaud ( UnsignedFile.Multi.Generic ) - warning
19:37:26.0796 1972 drmkaud - detected UnsignedFile.Multi.Generic (1)
19:37:26.0859 1972 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:37:26.0875 1972 EapHost ( UnsignedFile.Multi.Generic ) - warning
19:37:26.0875 1972 EapHost - detected UnsignedFile.Multi.Generic (1)
19:37:26.0921 1972 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:37:26.0937 1972 ERSvc ( UnsignedFile.Multi.Generic ) - warning
19:37:26.0937 1972 ERSvc - detected UnsignedFile.Multi.Generic (1)
19:37:27.0000 1972 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
19:37:27.0031 1972 Eventlog ( UnsignedFile.Multi.Generic ) - warning
19:37:27.0031 1972 Eventlog - detected UnsignedFile.Multi.Generic (1)
19:37:27.0125 1972 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
19:37:27.0156 1972 EventSystem ( UnsignedFile.Multi.Generic ) - warning
19:37:27.0156 1972 EventSystem - detected UnsignedFile.Multi.Generic (1)
19:37:27.0234 1972 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:37:27.0250 1972 Fastfat ( UnsignedFile.Multi.Generic ) - warning
19:37:27.0250 1972 Fastfat - detected UnsignedFile.Multi.Generic (1)
19:37:27.0359 1972 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:37:27.0390 1972 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - warning
19:37:27.0390 1972 FastUserSwitchingCompatibility - detected UnsignedFile.Multi.Generic (1)
19:37:27.0484 1972 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:37:27.0500 1972 Fdc ( UnsignedFile.Multi.Generic ) - warning
19:37:27.0500 1972 Fdc - detected UnsignedFile.Multi.Generic (1)
19:37:27.0515 1972 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:37:27.0531 1972 Fips ( UnsignedFile.Multi.Generic ) - warning
19:37:27.0531 1972 Fips - detected UnsignedFile.Multi.Generic (1)
19:37:27.0609 1972 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:37:27.0625 1972 Flpydisk ( UnsignedFile.Multi.Generic ) - warning
19:37:27.0625 1972 Flpydisk - detected UnsignedFile.Multi.Generic (1)
19:37:27.0687 1972 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:37:27.0703 1972 FltMgr ( UnsignedFile.Multi.Generic ) - warning
19:37:27.0703 1972 FltMgr - detected UnsignedFile.Multi.Generic (1)
19:37:27.0812 1972 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:37:27.0859 1972 FontCache3.0.0.0 - ok
19:37:28.0015 1972 [ 14C35BFFA4D5CA6127CF5CDC01732A7B ] Freemake Improver C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
19:37:28.0031 1972 Freemake Improver ( UnsignedFile.Multi.Generic ) - warning
19:37:28.0031 1972 Freemake Improver - detected UnsignedFile.Multi.Generic (1)
19:37:28.0109 1972 [ 960F5E5E4E1F720465311AC68A99C2DF ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:37:28.0171 1972 fssfltr - ok
19:37:28.0312 1972 [ 9B1622EBEB31B3411B13382FFCB8737D ] fsssvc C:\Programme\Windows Live\Family Safety\fsssvc.exe
19:37:28.0421 1972 fsssvc - ok
19:37:28.0484 1972 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:37:28.0500 1972 Fs_Rec ( UnsignedFile.Multi.Generic ) - warning
19:37:28.0500 1972 Fs_Rec - detected UnsignedFile.Multi.Generic (1)
19:37:28.0593 1972 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:37:28.0609 1972 Ftdisk ( UnsignedFile.Multi.Generic ) - warning
19:37:28.0609 1972 Ftdisk - detected UnsignedFile.Multi.Generic (1)
19:37:28.0671 1972 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:37:28.0687 1972 Gpc ( UnsignedFile.Multi.Generic ) - warning
19:37:28.0687 1972 Gpc - detected UnsignedFile.Multi.Generic (1)
19:37:28.0781 1972 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
19:37:28.0843 1972 gupdate - ok
19:37:28.0859 1972 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
19:37:28.0906 1972 gupdatem - ok
19:37:28.0937 1972 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:37:28.0953 1972 HDAudBus ( UnsignedFile.Multi.Generic ) - warning
19:37:28.0953 1972 HDAudBus - detected UnsignedFile.Multi.Generic (1)
19:37:29.0109 1972 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:37:29.0125 1972 helpsvc ( UnsignedFile.Multi.Generic ) - warning
19:37:29.0125 1972 helpsvc - detected UnsignedFile.Multi.Generic (1)
19:37:29.0203 1972 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
19:37:29.0218 1972 HidServ ( UnsignedFile.Multi.Generic ) - warning
19:37:29.0218 1972 HidServ - detected UnsignedFile.Multi.Generic (1)
19:37:29.0281 1972 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:37:29.0296 1972 hidusb ( UnsignedFile.Multi.Generic ) - warning
19:37:29.0296 1972 hidusb - detected UnsignedFile.Multi.Generic (1)
19:37:29.0375 1972 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:37:29.0390 1972 hkmsvc ( UnsignedFile.Multi.Generic ) - warning
19:37:29.0390 1972 hkmsvc - detected UnsignedFile.Multi.Generic (1)
19:37:29.0406 1972 hpn - ok
19:37:29.0484 1972 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:37:29.0515 1972 HTTP ( UnsignedFile.Multi.Generic ) - warning
19:37:29.0515 1972 HTTP - detected UnsignedFile.Multi.Generic (1)
19:37:29.0578 1972 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:37:29.0593 1972 HTTPFilter ( UnsignedFile.Multi.Generic ) - warning
19:37:29.0593 1972 HTTPFilter - detected UnsignedFile.Multi.Generic (1)
19:37:29.0609 1972 i2omgmt - ok
19:37:29.0625 1972 i2omp - ok
19:37:29.0703 1972 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:37:29.0718 1972 i8042prt ( UnsignedFile.Multi.Generic ) - warning
19:37:29.0718 1972 i8042prt - detected UnsignedFile.Multi.Generic (1)
19:37:30.0015 1972 [ 0F68E2EC713F132FFB19E45415B09679 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:37:30.0562 1972 ialm ( UnsignedFile.Multi.Generic ) - warning
19:37:30.0562 1972 ialm - detected UnsignedFile.Multi.Generic (1)
19:37:30.0640 1972 [ 8EF427C54497C5F8A7A645990E4278C7 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
19:37:30.0671 1972 iaStor - ok
19:37:30.0812 1972 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:37:30.0921 1972 idsvc - ok
19:37:31.0000 1972 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:37:31.0015 1972 Imapi ( UnsignedFile.Multi.Generic ) - warning
19:37:31.0015 1972 Imapi - detected UnsignedFile.Multi.Generic (1)
19:37:31.0078 1972 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
19:37:31.0109 1972 ImapiService ( UnsignedFile.Multi.Generic ) - warning
19:37:31.0109 1972 ImapiService - detected UnsignedFile.Multi.Generic (1)
19:37:31.0125 1972 ini910u - ok
19:37:31.0359 1972 [ 9037C8BD3E896D7F2803A171FDEAEEF4 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:37:31.0875 1972 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - warning
19:37:31.0875 1972 IntcAzAudAddService - detected UnsignedFile.Multi.Generic (1)
19:37:31.0875 1972 IntelIde - ok
19:37:31.0953 1972 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:37:31.0953 1972 intelppm ( UnsignedFile.Multi.Generic ) - warning
19:37:31.0953 1972 intelppm - detected UnsignedFile.Multi.Generic (1)
19:37:32.0000 1972 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:37:32.0031 1972 Ip6Fw ( UnsignedFile.Multi.Generic ) - warning
19:37:32.0031 1972 Ip6Fw - detected UnsignedFile.Multi.Generic (1)
19:37:32.0046 1972 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:37:32.0046 1972 IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning
19:37:32.0046 1972 IpFilterDriver - detected UnsignedFile.Multi.Generic (1)
19:37:32.0062 1972 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:37:32.0062 1972 IpInIp ( UnsignedFile.Multi.Generic ) - warning
19:37:32.0062 1972 IpInIp - detected UnsignedFile.Multi.Generic (1)
19:37:32.0093 1972 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:37:32.0109 1972 IpNat ( UnsignedFile.Multi.Generic ) - warning
19:37:32.0109 1972 IpNat - detected UnsignedFile.Multi.Generic (1)
19:37:32.0156 1972 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:37:32.0203 1972 IPSec ( UnsignedFile.Multi.Generic ) - warning
19:37:32.0203 1972 IPSec - detected UnsignedFile.Multi.Generic (1)
19:37:32.0265 1972 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:37:32.0265 1972 IRENUM ( UnsignedFile.Multi.Generic ) - warning
19:37:32.0265 1972 IRENUM - detected UnsignedFile.Multi.Generic (1)
19:37:32.0328 1972 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:37:32.0328 1972 isapnp ( UnsignedFile.Multi.Generic ) - warning
19:37:32.0328 1972 isapnp - detected UnsignedFile.Multi.Generic (1)
19:37:32.0515 1972 [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
19:37:32.0578 1972 JavaQuickStarterService - ok
19:37:32.0656 1972 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:37:32.0687 1972 Kbdclass ( UnsignedFile.Multi.Generic ) - warning
19:37:32.0687 1972 Kbdclass - detected UnsignedFile.Multi.Generic (1)
19:37:32.0750 1972 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:37:32.0765 1972 kbdhid ( UnsignedFile.Multi.Generic ) - warning
19:37:32.0765 1972 kbdhid - detected UnsignedFile.Multi.Generic (1)
19:37:32.0812 1972 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:37:32.0843 1972 kmixer ( UnsignedFile.Multi.Generic ) - warning
19:37:32.0843 1972 kmixer - detected UnsignedFile.Multi.Generic (1)
19:37:32.0921 1972 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:37:32.0937 1972 KSecDD ( UnsignedFile.Multi.Generic ) - warning
19:37:32.0937 1972 KSecDD - detected UnsignedFile.Multi.Generic (1)
19:37:33.0000 1972 [ 6C8658587E91EA25B0FD2E71781AD228 ] L1c C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
19:37:33.0015 1972 L1c ( UnsignedFile.Multi.Generic ) - warning
19:37:33.0015 1972 L1c - detected UnsignedFile.Multi.Generic (1)
19:37:33.0093 1972 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
19:37:33.0109 1972 LanmanServer ( UnsignedFile.Multi.Generic ) - warning
19:37:33.0109 1972 LanmanServer - detected UnsignedFile.Multi.Generic (1)
19:37:33.0187 1972 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:37:33.0218 1972 lanmanworkstation ( UnsignedFile.Multi.Generic ) - warning
19:37:33.0218 1972 lanmanworkstation - detected UnsignedFile.Multi.Generic (1)
19:37:33.0234 1972 lbrtfdc - ok
19:37:33.0312 1972 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:37:33.0328 1972 LmHosts ( UnsignedFile.Multi.Generic ) - warning
19:37:33.0328 1972 LmHosts - detected UnsignedFile.Multi.Generic (1)
19:37:33.0390 1972 [ F0435FE3C1EC2659D2BBF073CA0752EE ] massfilter C:\WINDOWS\system32\drivers\massfilter.sys
19:37:33.0406 1972 massfilter ( UnsignedFile.Multi.Generic ) - warning
19:37:33.0406 1972 massfilter - detected UnsignedFile.Multi.Generic (1)
19:37:33.0453 1972 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:37:33.0468 1972 Messenger ( UnsignedFile.Multi.Generic ) - warning
19:37:33.0468 1972 Messenger - detected UnsignedFile.Multi.Generic (1)
19:37:33.0656 1972 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
19:37:33.0718 1972 Microsoft Office Groove Audit Service - ok
19:37:33.0781 1972 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:37:33.0812 1972 mnmdd ( UnsignedFile.Multi.Generic ) - warning
19:37:33.0812 1972 mnmdd - detected UnsignedFile.Multi.Generic (1)
19:37:33.0875 1972 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:37:33.0890 1972 mnmsrvc ( UnsignedFile.Multi.Generic ) - warning
19:37:33.0906 1972 mnmsrvc - detected UnsignedFile.Multi.Generic (1)
19:37:33.0937 1972 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:37:33.0953 1972 Modem ( UnsignedFile.Multi.Generic ) - warning
19:37:33.0953 1972 Modem - detected UnsignedFile.Multi.Generic (1)
19:37:34.0062 1972 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
19:37:34.0218 1972 Monfilt ( UnsignedFile.Multi.Generic ) - warning
19:37:34.0218 1972 Monfilt - detected UnsignedFile.Multi.Generic (1)
19:37:34.0281 1972 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:37:34.0312 1972 Mouclass ( UnsignedFile.Multi.Generic ) - warning
19:37:34.0312 1972 Mouclass - detected UnsignedFile.Multi.Generic (1)
19:37:34.0359 1972 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:37:34.0375 1972 mouhid ( UnsignedFile.Multi.Generic ) - warning
19:37:34.0375 1972 mouhid - detected UnsignedFile.Multi.Generic (1)
19:37:34.0437 1972 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:37:34.0437 1972 MountMgr ( UnsignedFile.Multi.Generic ) - warning
19:37:34.0437 1972 MountMgr - detected UnsignedFile.Multi.Generic (1)
19:37:34.0546 1972 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
19:37:34.0609 1972 MozillaMaintenance - ok
19:37:34.0625 1972 mraid35x - ok
19:37:34.0671 1972 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:37:34.0687 1972 MRxDAV ( UnsignedFile.Multi.Generic ) - warning
19:37:34.0687 1972 MRxDAV - detected UnsignedFile.Multi.Generic (1)
19:37:34.0750 1972 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:37:34.0812 1972 MRxSmb ( UnsignedFile.Multi.Generic ) - warning
19:37:34.0812 1972 MRxSmb - detected UnsignedFile.Multi.Generic (1)
19:37:34.0890 1972 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:37:34.0906 1972 MSDTC ( UnsignedFile.Multi.Generic ) - warning
19:37:34.0906 1972 MSDTC - detected UnsignedFile.Multi.Generic (1)
19:37:34.0937 1972 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:37:34.0953 1972 Msfs ( UnsignedFile.Multi.Generic ) - warning
19:37:34.0953 1972 Msfs - detected UnsignedFile.Multi.Generic (1)
19:37:34.0953 1972 MSIServer - ok
19:37:35.0015 1972 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:37:35.0046 1972 MSKSSRV ( UnsignedFile.Multi.Generic ) - warning
19:37:35.0046 1972 MSKSSRV - detected UnsignedFile.Multi.Generic (1)
19:37:35.0093 1972 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:37:35.0109 1972 MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning
19:37:35.0109 1972 MSPCLOCK - detected UnsignedFile.Multi.Generic (1)
19:37:35.0156 1972 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:37:35.0171 1972 MSPQM ( UnsignedFile.Multi.Generic ) - warning
19:37:35.0171 1972 MSPQM - detected UnsignedFile.Multi.Generic (1)
19:37:35.0250 1972 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:37:35.0265 1972 mssmbios ( UnsignedFile.Multi.Generic ) - warning
19:37:35.0265 1972 mssmbios - detected UnsignedFile.Multi.Generic (1)
19:37:35.0281 1972 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:37:35.0328 1972 MSTEE ( UnsignedFile.Multi.Generic ) - warning
19:37:35.0328 1972 MSTEE - detected UnsignedFile.Multi.Generic (1)
19:37:35.0375 1972 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:37:35.0390 1972 Mup ( UnsignedFile.Multi.Generic ) - warning
19:37:35.0390 1972 Mup - detected UnsignedFile.Multi.Generic (1)
19:37:35.0437 1972 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:37:35.0453 1972 NABTSFEC ( UnsignedFile.Multi.Generic ) - warning
19:37:35.0453 1972 NABTSFEC - detected UnsignedFile.Multi.Generic (1)
19:37:35.0500 1972 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
19:37:35.0546 1972 napagent ( UnsignedFile.Multi.Generic ) - warning
19:37:35.0546 1972 napagent - detected UnsignedFile.Multi.Generic (1)
19:37:35.0609 1972 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:37:35.0640 1972 NDIS ( UnsignedFile.Multi.Generic ) - warning
19:37:35.0640 1972 NDIS - detected UnsignedFile.Multi.Generic (1)
19:37:35.0671 1972 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:37:35.0687 1972 NdisIP ( UnsignedFile.Multi.Generic ) - warning
19:37:35.0687 1972 NdisIP - detected UnsignedFile.Multi.Generic (1)
19:37:35.0734 1972 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:37:35.0750 1972 NdisTapi ( UnsignedFile.Multi.Generic ) - warning
19:37:35.0750 1972 NdisTapi - detected UnsignedFile.Multi.Generic (1)
19:37:35.0765 1972 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:37:35.0781 1972 Ndisuio ( UnsignedFile.Multi.Generic ) - warning
19:37:35.0781 1972 Ndisuio - detected UnsignedFile.Multi.Generic (1)
19:37:35.0812 1972 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:37:35.0828 1972 NdisWan ( UnsignedFile.Multi.Generic ) - warning
19:37:35.0828 1972 NdisWan - detected UnsignedFile.Multi.Generic (1)
19:37:35.0906 1972 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:37:35.0906 1972 NDProxy ( UnsignedFile.Multi.Generic ) - warning
19:37:35.0906 1972 NDProxy - detected UnsignedFile.Multi.Generic (1)
19:37:35.0937 1972 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:37:35.0953 1972 NetBIOS ( UnsignedFile.Multi.Generic ) - warning
19:37:35.0953 1972 NetBIOS - detected UnsignedFile.Multi.Generic (1)
19:37:36.0031 1972 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:37:36.0062 1972 NetBT ( UnsignedFile.Multi.Generic ) - warning
19:37:36.0062 1972 NetBT - detected UnsignedFile.Multi.Generic (1)
19:37:36.0109 1972 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
19:37:36.0125 1972 NetDDE ( UnsignedFile.Multi.Generic ) - warning
19:37:36.0125 1972 NetDDE - detected UnsignedFile.Multi.Generic (1)
19:37:36.0140 1972 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:37:36.0171 1972 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - warning
19:37:36.0171 1972 NetDDEdsdm - detected UnsignedFile.Multi.Generic (1)
19:37:36.0218 1972 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:37:36.0234 1972 Netlogon ( UnsignedFile.Multi.Generic ) - warning
19:37:36.0234 1972 Netlogon - detected UnsignedFile.Multi.Generic (1)
19:37:36.0296 1972 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
19:37:36.0312 1972 Netman ( UnsignedFile.Multi.Generic ) - warning
19:37:36.0312 1972 Netman - detected UnsignedFile.Multi.Generic (1)
19:37:36.0359 1972 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:37:36.0390 1972 NetTcpPortSharing - ok
19:37:36.0437 1972 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
19:37:36.0453 1972 Nla ( UnsignedFile.Multi.Generic ) - warning
19:37:36.0453 1972 Nla - detected UnsignedFile.Multi.Generic (1)
19:37:36.0656 1972 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CD-Burner\CDBurnerXP\NMSAccessU.exe
19:37:36.0671 1972 NMSAccess - ok
19:37:36.0765 1972 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:37:36.0781 1972 Npfs ( UnsignedFile.Multi.Generic ) - warning
19:37:36.0781 1972 Npfs - detected UnsignedFile.Multi.Generic (1)
19:37:36.0843 1972 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:37:36.0937 1972 Ntfs ( UnsignedFile.Multi.Generic ) - warning
19:37:36.0937 1972 Ntfs - detected UnsignedFile.Multi.Generic (1)
19:37:36.0953 1972 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:37:36.0968 1972 NtLmSsp ( UnsignedFile.Multi.Generic ) - warning
19:37:36.0968 1972 NtLmSsp - detected UnsignedFile.Multi.Generic (1)
19:37:37.0031 1972 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:37:37.0093 1972 NtmsSvc ( UnsignedFile.Multi.Generic ) - warning
19:37:37.0093 1972 NtmsSvc - detected UnsignedFile.Multi.Generic (1)
19:37:37.0156 1972 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:37:37.0171 1972 Null ( UnsignedFile.Multi.Generic ) - warning
19:37:37.0171 1972 Null - detected UnsignedFile.Multi.Generic (1)
19:37:37.0234 1972 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:37:37.0250 1972 NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning
19:37:37.0250 1972 NwlnkFlt - detected UnsignedFile.Multi.Generic (1)
19:37:37.0265 1972 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:37:37.0281 1972 NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning
19:37:37.0281 1972 NwlnkFwd - detected UnsignedFile.Multi.Generic (1)
19:37:37.0593 1972 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
19:37:37.0671 1972 odserv - ok
19:37:37.0750 1972 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
19:37:37.0812 1972 ose - ok
19:37:37.0843 1972 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
19:37:37.0875 1972 Parport ( UnsignedFile.Multi.Generic ) - warning
19:37:37.0875 1972 Parport - detected UnsignedFile.Multi.Generic (1)
19:37:37.0937 1972 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:37:37.0953 1972 PartMgr ( UnsignedFile.Multi.Generic ) - warning
19:37:37.0953 1972 PartMgr - detected UnsignedFile.Multi.Generic (1)
19:37:38.0015 1972 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:37:38.0062 1972 ParVdm ( UnsignedFile.Multi.Generic ) - warning
19:37:38.0062 1972 ParVdm - detected UnsignedFile.Multi.Generic (1)
19:37:38.0140 1972 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:37:38.0156 1972 PCI ( UnsignedFile.Multi.Generic ) - warning
19:37:38.0156 1972 PCI - detected UnsignedFile.Multi.Generic (1)
19:37:38.0171 1972 PCIDump - ok
19:37:38.0187 1972 PCIIde - ok
19:37:38.0234 1972 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:37:38.0250 1972 Pcmcia ( UnsignedFile.Multi.Generic ) - warning
19:37:38.0250 1972 Pcmcia - detected UnsignedFile.Multi.Generic (1)
19:37:38.0265 1972 PDCOMP - ok
19:37:38.0281 1972 PDFRAME - ok
19:37:38.0296 1972 PDRELI - ok
19:37:38.0312 1972 PDRFRAME - ok
19:37:38.0328 1972 perc2 - ok
19:37:38.0343 1972 perc2hib - ok
19:37:38.0453 1972 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
19:37:38.0468 1972 PlugPlay ( UnsignedFile.Multi.Generic ) - warning
19:37:38.0468 1972 PlugPlay - detected UnsignedFile.Multi.Generic (1)
19:37:38.0484 1972 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:37:38.0484 1972 PolicyAgent ( UnsignedFile.Multi.Generic ) - warning
19:37:38.0484 1972 PolicyAgent - detected UnsignedFile.Multi.Generic (1)
19:37:38.0515 1972 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:37:38.0515 1972 PptpMiniport ( UnsignedFile.Multi.Generic ) - warning
19:37:38.0515 1972 PptpMiniport - detected UnsignedFile.Multi.Generic (1)
19:37:38.0531 1972 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:37:38.0531 1972 ProtectedStorage ( UnsignedFile.Multi.Generic ) - warning
19:37:38.0531 1972 ProtectedStorage - detected UnsignedFile.Multi.Generic (1)
19:37:38.0546 1972 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:37:38.0593 1972 PSched ( UnsignedFile.Multi.Generic ) - warning
19:37:38.0593 1972 PSched - detected UnsignedFile.Multi.Generic (1)
19:37:38.0609 1972 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:37:38.0609 1972 Ptilink ( UnsignedFile.Multi.Generic ) - warning
19:37:38.0609 1972 Ptilink - detected UnsignedFile.Multi.Generic (1)
19:37:38.0750 1972 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:37:38.0765 1972 PxHelp20 - ok
19:37:38.0781 1972 ql1080 - ok
19:37:38.0796 1972 Ql10wnt - ok
19:37:38.0796 1972 ql12160 - ok
19:37:38.0812 1972 ql1240 - ok
19:37:38.0828 1972 ql1280 - ok
19:37:38.0843 1972 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:37:38.0859 1972 RasAcd ( UnsignedFile.Multi.Generic ) - warning
19:37:38.0859 1972 RasAcd - detected UnsignedFile.Multi.Generic (1)
19:37:38.0921 1972 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:37:38.0937 1972 RasAuto ( UnsignedFile.Multi.Generic ) - warning
19:37:38.0937 1972 RasAuto - detected UnsignedFile.Multi.Generic (1)
19:37:38.0953 1972 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:37:38.0968 1972 Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
19:37:38.0968 1972 Rasl2tp - detected UnsignedFile.Multi.Generic (1)
19:37:39.0000 1972 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:37:39.0031 1972 RasMan ( UnsignedFile.Multi.Generic ) - warning
19:37:39.0031 1972 RasMan - detected UnsignedFile.Multi.Generic (1)
19:37:39.0031 1972 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:37:39.0046 1972 RasPppoe ( UnsignedFile.Multi.Generic ) - warning
19:37:39.0046 1972 RasPppoe - detected UnsignedFile.Multi.Generic (1)
19:37:39.0062 1972 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:37:39.0078 1972 Raspti ( UnsignedFile.Multi.Generic ) - warning
19:37:39.0078 1972 Raspti - detected UnsignedFile.Multi.Generic (1)
19:37:39.0156 1972 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:37:39.0171 1972 Rdbss ( UnsignedFile.Multi.Generic ) - warning
19:37:39.0171 1972 Rdbss - detected UnsignedFile.Multi.Generic (1)
19:37:39.0234 1972 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:37:39.0250 1972 RDPCDD ( UnsignedFile.Multi.Generic ) - warning
19:37:39.0250 1972 RDPCDD - detected UnsignedFile.Multi.Generic (1)
19:37:39.0328 1972 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:37:39.0437 1972 RDPWD - ok
19:37:39.0500 1972 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:37:39.0531 1972 RDSessMgr ( UnsignedFile.Multi.Generic ) - warning
19:37:39.0531 1972 RDSessMgr - detected UnsignedFile.Multi.Generic (1)
19:37:39.0609 1972 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:37:39.0640 1972 redbook ( UnsignedFile.Multi.Generic ) - warning
19:37:39.0640 1972 redbook - detected UnsignedFile.Multi.Generic (1)
19:37:39.0671 1972 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:37:39.0687 1972 RemoteAccess ( UnsignedFile.Multi.Generic ) - warning
19:37:39.0687 1972 RemoteAccess - detected UnsignedFile.Multi.Generic (1)
19:37:39.0718 1972 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
19:37:39.0734 1972 RpcLocator ( UnsignedFile.Multi.Generic ) - warning
19:37:39.0734 1972 RpcLocator - detected UnsignedFile.Multi.Generic (1)
19:37:39.0781 1972 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:37:39.0828 1972 RpcSs ( UnsignedFile.Multi.Generic ) - warning
19:37:39.0828 1972 RpcSs - detected UnsignedFile.Multi.Generic (1)
19:37:39.0890 1972 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:37:39.0906 1972 RSVP ( UnsignedFile.Multi.Generic ) - warning
19:37:39.0906 1972 RSVP - detected UnsignedFile.Multi.Generic (1)
19:37:40.0015 1972 [ 97B59CE2CFBB0884A16DDD8F1781812B ] RT80x86 C:\WINDOWS\system32\DRIVERS\RT2860.sys
19:37:40.0109 1972 RT80x86 ( UnsignedFile.Multi.Generic ) - warning
19:37:40.0109 1972 RT80x86 - detected UnsignedFile.Multi.Generic (1)
19:37:40.0171 1972 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
19:37:40.0187 1972 SamSs ( UnsignedFile.Multi.Generic ) - warning
19:37:40.0187 1972 SamSs - detected UnsignedFile.Multi.Generic (1)
19:37:40.0250 1972 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:37:40.0328 1972 SCardSvr ( UnsignedFile.Multi.Generic ) - warning
19:37:40.0328 1972 SCardSvr - detected UnsignedFile.Multi.Generic (1)
19:37:40.0406 1972 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:37:40.0437 1972 Schedule ( UnsignedFile.Multi.Generic ) - warning
19:37:40.0437 1972 Schedule - detected UnsignedFile.Multi.Generic (1)
19:37:40.0546 1972 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:37:40.0625 1972 SeaPort - ok
19:37:40.0656 1972 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:37:40.0671 1972 Secdrv ( UnsignedFile.Multi.Generic ) - warning
19:37:40.0671 1972 Secdrv - detected UnsignedFile.Multi.Generic (1)
19:37:40.0718 1972 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
19:37:40.0796 1972 seclogon ( UnsignedFile.Multi.Generic ) - warning
19:37:40.0796 1972 seclogon - detected UnsignedFile.Multi.Generic (1)
19:37:40.0859 1972 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
19:37:40.0875 1972 SENS ( UnsignedFile.Multi.Generic ) - warning
19:37:40.0875 1972 SENS - detected UnsignedFile.Multi.Generic (1)
19:37:40.0890 1972 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
19:37:40.0906 1972 Serial ( UnsignedFile.Multi.Generic ) - warning
19:37:40.0906 1972 Serial - detected UnsignedFile.Multi.Generic (1)
19:37:40.0984 1972 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:37:40.0984 1972 Sfloppy ( UnsignedFile.Multi.Generic ) - warning
19:37:40.0984 1972 Sfloppy - detected UnsignedFile.Multi.Generic (1)
19:37:41.0078 1972 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:37:41.0187 1972 SharedAccess ( UnsignedFile.Multi.Generic ) - warning
19:37:41.0187 1972 SharedAccess - detected UnsignedFile.Multi.Generic (1)
19:37:41.0218 1972 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:37:41.0250 1972 ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
19:37:41.0250 1972 ShellHWDetection - detected UnsignedFile.Multi.Generic (1)
19:37:41.0250 1972 Simbad - ok
19:37:41.0359 1972 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:37:41.0421 1972 SLIP ( UnsignedFile.Multi.Generic ) - warning
19:37:41.0421 1972 SLIP - detected UnsignedFile.Multi.Generic (1)
19:37:42.0000 1972 [ 473F35E2A378B854731E67C377A3BEA7 ] SNP2UVC C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
19:37:42.0984 1972 SNP2UVC ( UnsignedFile.Multi.Generic ) - warning
19:37:42.0984 1972 SNP2UVC - detected UnsignedFile.Multi.Generic (1)
19:37:43.0000 1972 Sparrow - ok
19:37:43.0078 1972 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:37:43.0093 1972 splitter ( UnsignedFile.Multi.Generic ) - warning
19:37:43.0093 1972 splitter - detected UnsignedFile.Multi.Generic (1)
19:37:43.0156 1972 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:37:43.0171 1972 Spooler ( UnsignedFile.Multi.Generic ) - warning
19:37:43.0171 1972 Spooler - detected UnsignedFile.Multi.Generic (1)
19:37:43.0296 1972 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:37:43.0312 1972 sr ( UnsignedFile.Multi.Generic ) - warning
19:37:43.0312 1972 sr - detected UnsignedFile.Multi.Generic (1)
19:37:43.0359 1972 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
19:37:43.0375 1972 srservice ( UnsignedFile.Multi.Generic ) - warning
19:37:43.0375 1972 srservice - detected UnsignedFile.Multi.Generic (1)
19:37:43.0515 1972 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:37:43.0687 1972 Srv ( UnsignedFile.Multi.Generic ) - warning
19:37:43.0687 1972 Srv - detected UnsignedFile.Multi.Generic (1)
19:37:43.0781 1972 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:37:43.0796 1972 SSDPSRV ( UnsignedFile.Multi.Generic ) - warning
19:37:43.0796 1972 SSDPSRV - detected UnsignedFile.Multi.Generic (1)
19:37:43.0890 1972 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:37:43.0937 1972 ssmdrv - ok
19:37:44.0000 1972 [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
19:37:44.0046 1972 StarOpen ( UnsignedFile.Multi.Generic ) - warning
19:37:44.0046 1972 StarOpen - detected UnsignedFile.Multi.Generic (1)
19:37:44.0171 1972 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:37:44.0218 1972 stisvc ( UnsignedFile.Multi.Generic ) - warning
19:37:44.0218 1972 stisvc - detected UnsignedFile.Multi.Generic (1)
19:37:44.0296 1972 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:37:44.0312 1972 streamip ( UnsignedFile.Multi.Generic ) - warning
19:37:44.0312 1972 streamip - detected UnsignedFile.Multi.Generic (1)
19:37:44.0406 1972 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:37:44.0421 1972 swenum ( UnsignedFile.Multi.Generic ) - warning
19:37:44.0421 1972 swenum - detected UnsignedFile.Multi.Generic (1)
19:37:44.0500 1972 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:37:44.0515 1972 swmidi ( UnsignedFile.Multi.Generic ) - warning
19:37:44.0515 1972 swmidi - detected UnsignedFile.Multi.Generic (1)
19:37:44.0531 1972 SwPrv - ok
19:37:44.0546 1972 symc810 - ok
19:37:44.0546 1972 symc8xx - ok
19:37:44.0562 1972 sym_hi - ok
19:37:44.0593 1972 sym_u3 - ok
19:37:44.0656 1972 [ 8E25A1DBB8527B2074AF9B682F818768 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:37:44.0718 1972 SynTP - ok
19:37:44.0750 1972 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:37:44.0765 1972 sysaudio ( UnsignedFile.Multi.Generic ) - warning
19:37:44.0765 1972 sysaudio - detected UnsignedFile.Multi.Generic (1)
19:37:44.0828 1972 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:37:44.0843 1972 SysmonLog ( UnsignedFile.Multi.Generic ) - warning
19:37:44.0843 1972 SysmonLog - detected UnsignedFile.Multi.Generic (1)
19:37:44.0921 1972 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:37:44.0953 1972 TapiSrv ( UnsignedFile.Multi.Generic ) - warning
19:37:44.0953 1972 TapiSrv - detected UnsignedFile.Multi.Generic (1)
19:37:45.0046 1972 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:37:45.0078 1972 Tcpip ( UnsignedFile.Multi.Generic ) - warning
19:37:45.0078 1972 Tcpip - detected UnsignedFile.Multi.Generic (1)
19:37:45.0109 1972 [ DCFEB82CA988598CEB8F83148616038E ] tcpipBM C:\WINDOWS\system32\drivers\tcpipBM.sys
19:37:45.0125 1972 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
19:37:45.0125 1972 tcpipBM - detected UnsignedFile.Multi.Generic (1)
19:37:45.0156 1972 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:37:45.0171 1972 TDPIPE ( UnsignedFile.Multi.Generic ) - warning
19:37:45.0171 1972 TDPIPE - detected UnsignedFile.Multi.Generic (1)
19:37:45.0187 1972 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:37:45.0203 1972 TDTCP ( UnsignedFile.Multi.Generic ) - warning
19:37:45.0218 1972 TDTCP - detected UnsignedFile.Multi.Generic (1)
19:37:45.0234 1972 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:37:45.0250 1972 TermDD ( UnsignedFile.Multi.Generic ) - warning
19:37:45.0250 1972 TermDD - detected UnsignedFile.Multi.Generic (1)
19:37:45.0343 1972 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
19:37:45.0375 1972 TermService ( UnsignedFile.Multi.Generic ) - warning
19:37:45.0375 1972 TermService - detected UnsignedFile.Multi.Generic (1)
19:37:45.0421 1972 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:37:45.0453 1972 Themes ( UnsignedFile.Multi.Generic ) - warning
19:37:45.0453 1972 Themes - detected UnsignedFile.Multi.Generic (1)
19:37:45.0468 1972 TosIde - ok
19:37:45.0562 1972 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:37:45.0593 1972 TrkWks ( UnsignedFile.Multi.Generic ) - warning
19:37:45.0593 1972 TrkWks - detected UnsignedFile.Multi.Generic (1)
19:37:45.0671 1972 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:37:45.0687 1972 Udfs ( UnsignedFile.Multi.Generic ) - warning
19:37:45.0687 1972 Udfs - detected UnsignedFile.Multi.Generic (1)
19:37:45.0765 1972 [ E78A84596C42469AD6D6A3D13AD609F7 ] UI Assistant Service C:\Programme\T-Moblie-Internet-Manager03\AssistantServices.exe
19:37:45.0796 1972 UI Assistant Service ( UnsignedFile.Multi.Generic ) - warning
19:37:45.0796 1972 UI Assistant Service - detected UnsignedFile.Multi.Generic (1)
19:37:45.0812 1972 ultra - ok
19:37:45.0906 1972 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:37:45.0953 1972 Update ( UnsignedFile.Multi.Generic ) - warning
19:37:45.0953 1972 Update - detected UnsignedFile.Multi.Generic (1)
19:37:46.0031 1972 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:37:46.0062 1972 upnphost ( UnsignedFile.Multi.Generic ) - warning
19:37:46.0062 1972 upnphost - detected UnsignedFile.Multi.Generic (1)
19:37:46.0109 1972 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
19:37:46.0125 1972 UPS ( UnsignedFile.Multi.Generic ) - warning
19:37:46.0125 1972 UPS - detected UnsignedFile.Multi.Generic (1)
19:37:46.0187 1972 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:37:46.0203 1972 usbaudio ( UnsignedFile.Multi.Generic ) - warning
19:37:46.0203 1972 usbaudio - detected UnsignedFile.Multi.Generic (1)
19:37:46.0281 1972 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:37:46.0296 1972 usbccgp ( UnsignedFile.Multi.Generic ) - warning
19:37:46.0296 1972 usbccgp - detected UnsignedFile.Multi.Generic (1)
19:37:46.0359 1972 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:37:46.0375 1972 usbehci ( UnsignedFile.Multi.Generic ) - warning
19:37:46.0375 1972 usbehci - detected UnsignedFile.Multi.Generic (1)
19:37:46.0437 1972 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:37:46.0453 1972 usbhub ( UnsignedFile.Multi.Generic ) - warning
19:37:46.0453 1972 usbhub - detected UnsignedFile.Multi.Generic (1)
19:37:46.0484 1972 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:37:46.0500 1972 usbstor ( UnsignedFile.Multi.Generic ) - warning
19:37:46.0500 1972 usbstor - detected UnsignedFile.Multi.Generic (1)
19:37:46.0546 1972 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:37:46.0578 1972 usbuhci ( UnsignedFile.Multi.Generic ) - warning
19:37:46.0578 1972 usbuhci - detected UnsignedFile.Multi.Generic (1)
19:37:46.0640 1972 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
19:37:46.0671 1972 usbvideo ( UnsignedFile.Multi.Generic ) - warning
19:37:46.0671 1972 usbvideo - detected UnsignedFile.Multi.Generic (1)
19:37:46.0703 1972 [ C019889035CDC1A06F2FEBC93CBB6897 ] uvclf C:\WINDOWS\system32\DRIVERS\uvclf.sys
19:37:46.0718 1972 uvclf ( UnsignedFile.Multi.Generic ) - warning
19:37:46.0718 1972 uvclf - detected UnsignedFile.Multi.Generic (1)
19:37:46.0765 1972 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:37:46.0781 1972 VgaSave ( UnsignedFile.Multi.Generic ) - warning
19:37:46.0781 1972 VgaSave - detected UnsignedFile.Multi.Generic (1)
19:37:46.0796 1972 ViaIde - ok
19:37:46.0875 1972 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:37:46.0890 1972 VolSnap ( UnsignedFile.Multi.Generic ) - warning
19:37:46.0890 1972 VolSnap - detected UnsignedFile.Multi.Generic (1)
19:37:46.0984 1972 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
19:37:47.0031 1972 VSS ( UnsignedFile.Multi.Generic ) - warning
19:37:47.0031 1972 VSS - detected UnsignedFile.Multi.Generic (1)
19:37:47.0062 1972 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
19:37:47.0093 1972 W32Time ( UnsignedFile.Multi.Generic ) - warning
19:37:47.0093 1972 W32Time - detected UnsignedFile.Multi.Generic (1)
19:37:47.0125 1972 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:37:47.0140 1972 Wanarp ( UnsignedFile.Multi.Generic ) - warning
19:37:47.0140 1972 Wanarp - detected UnsignedFile.Multi.Generic (1)
19:37:47.0218 1972 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
19:37:47.0343 1972 Wdf01000 - ok
19:37:47.0359 1972 WDICA - ok
19:37:47.0421 1972 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:37:47.0437 1972 wdmaud ( UnsignedFile.Multi.Generic ) - warning
19:37:47.0437 1972 wdmaud - detected UnsignedFile.Multi.Generic (1)
19:37:47.0515 1972 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:37:47.0531 1972 WebClient ( UnsignedFile.Multi.Generic ) - warning
19:37:47.0531 1972 WebClient - detected UnsignedFile.Multi.Generic (1)
19:37:47.0671 1972 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:37:47.0703 1972 winmgmt ( UnsignedFile.Multi.Generic ) - warning
19:37:47.0703 1972 winmgmt - detected UnsignedFile.Multi.Generic (1)
19:37:47.0781 1972 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:37:48.0000 1972 WmdmPmSN - ok
19:37:48.0015 1972 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:37:48.0046 1972 WmiApSrv ( UnsignedFile.Multi.Generic ) - warning
19:37:48.0046 1972 WmiApSrv - detected UnsignedFile.Multi.Generic (1)
19:37:48.0250 1972 [ D3DBD6E76F4BE9BEE67EB631488B5F29 ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
19:37:48.0406 1972 WMPNetworkSvc - ok
19:37:48.0453 1972 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:37:48.0531 1972 WpdUsb - ok
19:37:48.0703 1972 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:37:48.0843 1972 WPFFontCache_v0400 - ok
19:37:48.0921 1972 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:37:48.0937 1972 wscsvc ( UnsignedFile.Multi.Generic ) - warning
19:37:48.0937 1972 wscsvc - detected UnsignedFile.Multi.Generic (1)
19:37:48.0984 1972 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:37:49.0015 1972 WSTCODEC ( UnsignedFile.Multi.Generic ) - warning
19:37:49.0015 1972 WSTCODEC - detected UnsignedFile.Multi.Generic (1)
19:37:49.0093 1972 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:37:49.0109 1972 wuauserv ( UnsignedFile.Multi.Generic ) - warning
19:37:49.0109 1972 wuauserv - detected UnsignedFile.Multi.Generic (1)
19:37:49.0187 1972 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:37:49.0203 1972 WudfPf ( UnsignedFile.Multi.Generic ) - warning
19:37:49.0203 1972 WudfPf - detected UnsignedFile.Multi.Generic (1)
19:37:49.0265 1972 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:37:49.0281 1972 WudfRd ( UnsignedFile.Multi.Generic ) - warning
19:37:49.0281 1972 WudfRd - detected UnsignedFile.Multi.Generic (1)
19:37:49.0343 1972 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:37:49.0390 1972 WudfSvc ( UnsignedFile.Multi.Generic ) - warning
19:37:49.0390 1972 WudfSvc - detected UnsignedFile.Multi.Generic (1)
19:37:49.0484 1972 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:37:49.0562 1972 WZCSVC ( UnsignedFile.Multi.Generic ) - warning
19:37:49.0562 1972 WZCSVC - detected UnsignedFile.Multi.Generic (1)
19:37:49.0609 1972 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:37:49.0640 1972 xmlprov ( UnsignedFile.Multi.Generic ) - warning
19:37:49.0640 1972 xmlprov - detected UnsignedFile.Multi.Generic (1)
19:37:49.0687 1972 [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
19:37:49.0718 1972 ZTEusbmdm6k ( UnsignedFile.Multi.Generic ) - warning
19:37:49.0718 1972 ZTEusbmdm6k - detected UnsignedFile.Multi.Generic (1)
19:37:49.0765 1972 [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
19:37:49.0781 1972 ZTEusbnmea ( UnsignedFile.Multi.Generic ) - warning
19:37:49.0781 1972 ZTEusbnmea - detected UnsignedFile.Multi.Generic (1)
19:37:49.0828 1972 [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
19:37:49.0843 1972 ZTEusbser6k ( UnsignedFile.Multi.Generic ) - warning
19:37:49.0843 1972 ZTEusbser6k - detected UnsignedFile.Multi.Generic (1)
19:37:49.0859 1972 ================ Scan global ===============================
19:37:49.0937 1972 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
19:37:50.0015 1972 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
19:37:50.0046 1972 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
19:37:50.0078 1972 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
19:37:50.0093 1972 [Global] - ok
19:37:50.0093 1972 ================ Scan MBR ==================================
19:37:50.0125 1972 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:37:50.0625 1972 \Device\Harddisk0\DR0 - ok
19:37:50.0625 1972 ================ Scan VBR ==================================
19:37:50.0640 1972 [ 1ADC3489D52F3C97647A577C6803EB19 ] \Device\Harddisk0\DR0\Partition1
19:37:50.0640 1972 \Device\Harddisk0\DR0\Partition1 - ok
19:37:50.0671 1972 [ D56A3B990EAA43C9BF7798A85CB5E097 ] \Device\Harddisk0\DR0\Partition2
19:37:50.0687 1972 \Device\Harddisk0\DR0\Partition2 - ok
19:37:50.0687 1972 ============================================================
19:37:50.0687 1972 Scan finished
19:37:50.0687 1972 ============================================================
19:37:50.0828 2412 Detected object count: 215
19:37:50.0828 2412 Actual detected object count: 215
19:40:34.0000 2412 ACEDRV07 ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0000 2412 ACEDRV07 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0000 2412 ACPI ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0000 2412 ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0000 2412 ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0000 2412 ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0000 2412 aec ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0000 2412 aec ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0000 2412 AFD ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0000 2412 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0015 2412 Alerter ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0015 2412 Alerter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0015 2412 ALG ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0015 2412 ALG ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0015 2412 Ambfilt ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0015 2412 Ambfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0015 2412 AR5416 ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0015 2412 AR5416 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0031 2412 AsusACPI ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0031 2412 AsusACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0031 2412 AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0031 2412 AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0046 2412 atapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0046 2412 atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0046 2412 Atmarpc ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0046 2412 Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0046 2412 AudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0046 2412 AudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0046 2412 audstub ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0046 2412 audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0046 2412 Beep ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0046 2412 Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0062 2412 BITS ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0062 2412 BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0062 2412 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0062 2412 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0062 2412 cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0062 2412 cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0062 2412 CCDECODE ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0062 2412 CCDECODE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0062 2412 Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0062 2412 Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0062 2412 Cdfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0062 2412 Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0078 2412 Cdrom ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0078 2412 Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0078 2412 CiSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0078 2412 CiSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0078 2412 ClipSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0078 2412 ClipSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0078 2412 CmBatt ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0078 2412 CmBatt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0093 2412 Compbatt ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0093 2412 Compbatt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0093 2412 CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0093 2412 CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0093 2412 DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0093 2412 DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0093 2412 Dhcp ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0093 2412 Dhcp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0093 2412 Disk ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0093 2412 Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0109 2412 dmboot ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0109 2412 dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0109 2412 dmio ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0109 2412 dmio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0109 2412 dmload ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0109 2412 dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0109 2412 dmserver ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0109 2412 dmserver ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0109 2412 DMusic ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0109 2412 DMusic ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0125 2412 Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0125 2412 Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0125 2412 Dot3svc ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0125 2412 Dot3svc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0125 2412 drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0125 2412 drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0125 2412 EapHost ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0125 2412 EapHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0125 2412 ERSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0125 2412 ERSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0140 2412 Eventlog ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0140 2412 Eventlog ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0140 2412 EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0140 2412 EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0140 2412 Fastfat ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0140 2412 Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0140 2412 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0140 2412 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0140 2412 Fdc ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0140 2412 Fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0156 2412 Fips ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0156 2412 Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0156 2412 Flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0156 2412 Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0156 2412 FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0156 2412 FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0156 2412 Freemake Improver ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0156 2412 Freemake Improver ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0156 2412 Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0156 2412 Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0171 2412 Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0171 2412 Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0171 2412 Gpc ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0171 2412 Gpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0171 2412 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0171 2412 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0187 2412 helpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0187 2412 helpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0187 2412 HidServ ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0187 2412 HidServ ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0187 2412 hidusb ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0187 2412 hidusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0187 2412 hkmsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0187 2412 hkmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0187 2412 HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0187 2412 HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0203 2412 HTTPFilter ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0203 2412 HTTPFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0203 2412 i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0203 2412 i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0203 2412 ialm ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0203 2412 ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0203 2412 Imapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0203 2412 Imapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0203 2412 ImapiService ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0203 2412 ImapiService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0218 2412 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0218 2412 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0218 2412 intelppm ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0218 2412 intelppm ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0218 2412 Ip6Fw ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0218 2412 Ip6Fw ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0218 2412 IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0218 2412 IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0234 2412 IpInIp ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0234 2412 IpInIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0234 2412 IpNat ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0234 2412 IpNat ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0234 2412 IPSec ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0234 2412 IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0234 2412 IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0234 2412 IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0234 2412 isapnp ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0234 2412 isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0250 2412 Kbdclass ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0250 2412 Kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0250 2412 kbdhid ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0250 2412 kbdhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0250 2412 kmixer ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0250 2412 kmixer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0250 2412 KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0250 2412 KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0250 2412 L1c ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0250 2412 L1c ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0250 2412 LanmanServer ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0250 2412 LanmanServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0265 2412 lanmanworkstation ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0265 2412 lanmanworkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0265 2412 LmHosts ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0265 2412 LmHosts ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0265 2412 massfilter ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0265 2412 massfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0265 2412 Messenger ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0265 2412 Messenger ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0281 2412 mnmdd ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0281 2412 mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0281 2412 mnmsrvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0281 2412 mnmsrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0281 2412 Modem ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0281 2412 Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0281 2412 Monfilt ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0281 2412 Monfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0281 2412 Mouclass ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0281 2412 Mouclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0296 2412 mouhid ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0296 2412 mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0296 2412 MountMgr ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0296 2412 MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0296 2412 MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0296 2412 MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0296 2412 MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0296 2412 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0312 2412 MSDTC ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0312 2412 MSDTC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0312 2412 Msfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0312 2412 Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0312 2412 MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0312 2412 MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0312 2412 MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0312 2412 MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0312 2412 MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0312 2412 MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0328 2412 mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0328 2412 mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0328 2412 MSTEE ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0328 2412 MSTEE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0328 2412 Mup ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0328 2412 Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0328 2412 NABTSFEC ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0328 2412 NABTSFEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0328 2412 napagent ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0328 2412 napagent ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0343 2412 NDIS ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0343 2412 NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0343 2412 NdisIP ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0343 2412 NdisIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0343 2412 NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0343 2412 NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0343 2412 Ndisuio ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0343 2412 Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0359 2412 NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0359 2412 NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0359 2412 NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0359 2412 NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0359 2412 NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0359 2412 NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0359 2412 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0359 2412 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0359 2412 NetDDE ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0359 2412 NetDDE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0359 2412 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0359 2412 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0390 2412 Netlogon ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0390 2412 Netlogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0406 2412 Netman ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0406 2412 Netman ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0406 2412 Nla ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0406 2412 Nla ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0406 2412 Npfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0406 2412 Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0406 2412 Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0406 2412 Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0421 2412 NtLmSsp ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0421 2412 NtLmSsp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0421 2412 NtmsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0421 2412 NtmsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0421 2412 Null ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0421 2412 Null ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0421 2412 NwlnkFlt ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0421 2412 NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0421 2412 NwlnkFwd ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0421 2412 NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0437 2412 Parport ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0437 2412 Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0437 2412 PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0437 2412 PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0437 2412 ParVdm ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0437 2412 ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0437 2412 PCI ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0437 2412 PCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0453 2412 Pcmcia ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0453 2412 Pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0453 2412 PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0453 2412 PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0453 2412 PolicyAgent ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0453 2412 PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0453 2412 PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0453 2412 PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0453 2412 ProtectedStorage ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0453 2412 ProtectedStorage ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0468 2412 PSched ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0468 2412 PSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0468 2412 Ptilink ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0468 2412 Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0468 2412 RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0468 2412 RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0468 2412 RasAuto ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0468 2412 RasAuto ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0484 2412 Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0484 2412 Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0484 2412 RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0484 2412 RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0484 2412 RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0484 2412 RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0484 2412 Raspti ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0484 2412 Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0500 2412 Rdbss ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0500 2412 Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0500 2412 RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0500 2412 RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0500 2412 RDSessMgr ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0500 2412 RDSessMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0500 2412 redbook ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0500 2412 redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0500 2412 RemoteAccess ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0500 2412 RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0515 2412 RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0515 2412 RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0515 2412 RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0515 2412 RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0515 2412 RSVP ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0515 2412 RSVP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0515 2412 RT80x86 ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0515 2412 RT80x86 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0515 2412 SamSs ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0515 2412 SamSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0515 2412 SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0515 2412 SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0531 2412 Schedule ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0531 2412 Schedule ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0531 2412 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0531 2412 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0531 2412 seclogon ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0531 2412 seclogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0531 2412 SENS ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0531 2412 SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0531 2412 Serial ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0546 2412 Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0546 2412 Sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0546 2412 Sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0546 2412 SharedAccess ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0546 2412 SharedAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0546 2412 ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0546 2412 ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0546 2412 SLIP ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0546 2412 SLIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0562 2412 SNP2UVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0562 2412 SNP2UVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0562 2412 splitter ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0562 2412 splitter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0562 2412 Spooler ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0562 2412 Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0562 2412 sr ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0562 2412 sr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0562 2412 srservice ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0562 2412 srservice ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0578 2412 Srv ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0578 2412 Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0578 2412 SSDPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0578 2412 SSDPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0578 2412 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0578 2412 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0578 2412 stisvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0578 2412 stisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0578 2412 streamip ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0593 2412 streamip ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0593 2412 swenum ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0593 2412 swenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0593 2412 swmidi ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0593 2412 swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0593 2412 sysaudio ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0593 2412 sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0593 2412 SysmonLog ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0593 2412 SysmonLog ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0609 2412 TapiSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0609 2412 TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0609 2412 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0609 2412 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0609 2412 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0609 2412 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0609 2412 TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0609 2412 TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0609 2412 TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0609 2412 TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0625 2412 TermDD ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0625 2412 TermDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0625 2412 TermService ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0625 2412 TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0625 2412 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0625 2412 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0625 2412 TrkWks ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0625 2412 TrkWks ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0640 2412 Udfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0640 2412 Udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0640 2412 UI Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0640 2412 UI Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0640 2412 Update ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0640 2412 Update ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0640 2412 upnphost ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0640 2412 upnphost ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0640 2412 UPS ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0640 2412 UPS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0656 2412 usbaudio ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0656 2412 usbaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0656 2412 usbccgp ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0656 2412 usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0656 2412 usbehci ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0656 2412 usbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0656 2412 usbhub ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0656 2412 usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0656 2412 usbstor ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0671 2412 usbstor ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0671 2412 usbuhci ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0671 2412 usbuhci ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0671 2412 usbvideo ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0671 2412 usbvideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0671 2412 uvclf ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0671 2412 uvclf ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0671 2412 VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0671 2412 VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0687 2412 VolSnap ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0687 2412 VolSnap ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0687 2412 VSS ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0687 2412 VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0687 2412 W32Time ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0687 2412 W32Time ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0687 2412 Wanarp ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0687 2412 Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0687 2412 wdmaud ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0687 2412 wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0703 2412 WebClient ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0703 2412 WebClient ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0703 2412 winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0703 2412 winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0703 2412 WmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0703 2412 WmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0703 2412 wscsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0718 2412 wscsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0718 2412 WSTCODEC ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0718 2412 WSTCODEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0718 2412 wuauserv ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0718 2412 wuauserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0718 2412 WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0718 2412 WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0718 2412 WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0718 2412 WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0734 2412 WudfSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0734 2412 WudfSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0734 2412 WZCSVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0734 2412 WZCSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0734 2412 xmlprov ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0734 2412 xmlprov ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0734 2412 ZTEusbmdm6k ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0734 2412 ZTEusbmdm6k ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0734 2412 ZTEusbnmea ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0734 2412 ZTEusbnmea ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:34.0750 2412 ZTEusbser6k ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:34.0750 2412 ZTEusbser6k ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
08.07.2013, 19:02
| #10 |
| /// Malware-holic | Malware trotz AdwCleaner und Junkware Removal Tool alle ungefährlich. Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.07.2013, 20:29
| #11 |
| | Malware trotz AdwCleaner und Junkware Removal Tool hi markusg, nachfolgend das logfile zu combofix: Code:
ATTFilter ComboFix 13-07-08.04 - Alexander****** 08.07.2013 20:37:06.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1015.396 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Alexander******\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokume~1\ALEXAN~1\LOKALE~1\Temp\{45892B48-5B2F-4941-B509-DC53FF85B1F8}\setup.exe
c:\dokume~1\ALEXAN~1\LOKALE~1\Temp\{97D49328-C3E4-4931-836B-1489C7EC9566}\setup.exe
c:\dokume~1\ALEXAN~1\LOKALE~1\Temp\{CBC387C2-CDC9-4918-A398-23DEB7CF6FF8}\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}\difxapi.dll
c:\dokumente und einstellungen\Alexander******\Lokale Einstellungen\Temp\{45892B48-5B2F-4941-B509-DC53FF85B1F8}\setup.exe
c:\dokumente und einstellungen\Alexander******\Lokale Einstellungen\Temp\{97D49328-C3E4-4931-836B-1489C7EC9566}\setup.exe
c:\dokumente und einstellungen\Alexander******\Lokale Einstellungen\Temp\{CBC387C2-CDC9-4918-A398-23DEB7CF6FF8}\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}\difxapi.dll
c:\dokumente und einstellungen\Alexander******\WINDOWS
c:\programme\winrar_280413.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\SET4E.tmp
c:\windows\system32\SET52.tmp
c:\windows\system32\SET6E.tmp
c:\windows\system32\SET70.tmp
c:\windows\system32\SET7E.tmp
c:\windows\system32\SET9E.tmp
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-08 bis 2013-07-08 ))))))))))))))))))))))))))))))
.
.
2013-07-08 12:24 . 2013-07-08 17:42 -------- d-----w- C:\080713
2013-07-08 08:46 . 2013-07-08 08:46 -------- d-----w- c:\windows\ERUNT
2013-07-08 08:45 . 2013-07-08 13:55 -------- d-----w- C:\JRT
2013-07-07 15:39 . 2013-07-07 15:39 -------- d-----w- c:\dokumente und einstellungen\Alexander******\Anwendungsdaten\Malwarebytes
2013-07-07 15:38 . 2013-07-07 15:38 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-07-07 15:38 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-07 15:37 . 2013-07-07 15:38 -------- d-----w- c:\programme\MalwareBytes_070713
2013-07-03 19:14 . 2013-07-03 19:14 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-03 19:14 . 2013-07-03 19:14 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-17 13:09 . 2013-06-17 13:10 -------- d-----w- C:\170613
2013-06-17 13:03 . 2013-06-17 13:11 -------- d-----w- c:\programme\Scratch 1.4_170613
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-03 19:14 . 2013-04-26 20:12 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-03 19:14 . 2013-04-26 20:12 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-12 14:33 . 2012-07-15 16:05 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 14:33 . 2011-09-13 16:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:28 . 2009-08-13 18:32 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:28 . 2009-08-13 18:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:28 . 2009-08-13 18:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2009-08-13 18:32 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 05:39 . 2008-04-14 07:30 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-03 05:39 . 2008-04-14 07:29 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-26 15:22 . 2013-04-28 19:28 161984 ----a-w- c:\programme\7ZipSetup.exe
2013-04-12 14:00 . 2009-08-13 18:32 1876480 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\I386\NTFS.SYS
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2008-04-14 12:00 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-04-14 12:00 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2009-02-09 . D3D765E8455A961AE567B408F767D4F9 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
.
[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . F0A7D59AF279326528715B206669B86C . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
.
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2010-08-23 . 1438703F3D9FFE111DA3869E4F3EEE73 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 1438703F3D9FFE111DA3869E4F3EEE73 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 2B6ADE29F8D00EEFA5FA2250CBE094AD . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-04-14 . 3C93CE6C6985C55952B7BE6673E9FD15 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . ADA7241C16F3F42C7F210539FAD5F3AA . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 12:00 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
.
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2008-04-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2008-04-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2008-04-14 . C536AAD8A71608FE33CD956214EDD366 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
.
[-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . F1B67B6B0751AE0E6E964B02821206A3 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . F1B67B6B0751AE0E6E964B02821206A3 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
.
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\I386\REGEDIT.EXE
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2010-04-16 . 45954AFB7AE6E29B23C56B830C820A11 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 45954AFB7AE6E29B23C56B830C820A11 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . EB2AD9C7DADE6C63F5F933881BA2A430 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
.
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
.
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2009-07-27 . 2DB7D303C36DDD055215052F118E8E75 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 2DB7D303C36DDD055215052F118E8E75 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 927666F4228E3FBBC3D1171581DC8BDC . 135680 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
.
[-] 2008-04-14 . DC4E223F5813150073FB5CC63D13293B . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2008-04-14 . DC4E223F5813150073FB5CC63D13293B . 4608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msimg32.dll
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2010-12-09 . 0314B25236E38383DACD4527C40156E8 . 743936 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 . E3BDD71DA7EAB0A503129D4D127AF1CB . 743936 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . E3BDD71DA7EAB0A503129D4D127AF1CB . 743936 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[-] 2009-02-09 . 06DA2C9091606174BFC6F46037AAFFF8 . 740864 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[-] 2009-02-09 . 1392B1FB3CD232D4439418DB91DB57A1 . 740352 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll
[-] 2008-04-14 . 95092EFBE367A108ECDD5D6E439754C3 . 731648 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntdll.dll
[-] 2008-04-14 . 95092EFBE367A108ECDD5D6E439754C3 . 731648 . . [5.1.2600.5512] . . c:\windows\I386\NTDLL.DLL
[-] 2008-04-14 . 95092EFBE367A108ECDD5D6E439754C3 . 731648 . . [5.1.2600.5512] . . c:\windows\I386\SYSTEM32\NTDLL.DLL
.
[-] 2009-02-27 . B97AFE7A2A3D47E3BBBA37F913E50732 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\msctfime.ime
[-] 2009-02-27 . B97AFE7A2A3D47E3BBBA37F913E50732 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime
[-] 2009-02-27 . 29DAAEB07885C57AD6E5860BACDF6EAA . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime
[-] 2008-04-14 . 275CAC40038A2643833B5F48FB474857 . 177152 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB961503$\msctfime.ime
.
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2008-04-14 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2010-09-18 07:18 . 4891FCDAE77486BFB56999AA217651FA . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:52 . 1614669828A32BCD06E1BE6F334BB888 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:52 . 1614669828A32BCD06E1BE6F334BB888 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 12:00 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
.
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2008-04-14 12:00 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 12:00 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-04-14 12:00 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 12:00 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll
.
[-] 2008-04-14 . 02AF8A799D173C2D0C71F399C03AC9E1 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2008-04-14 . 02AF8A799D173C2D0C71F399C03AC9E1 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wshtcpip.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\programme\ASUS\Eee Docking\Eee Docking.exe" [2009-07-27 397312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\programme\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\programme\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\programme\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"LiveUpdate"="c:\programme\Asus\LiveUpdate\LiveUpdate.exe" [2009-06-25 712704]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"WinampAgent"="c:\programme\Winamp_130510\Winamp\winampa.exe" [2010-01-13 37888]
"UIExec"="c:\programme\T-Moblie-Internet-Manager03\UIExec.exe" [2009-03-30 132608]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-17 348664]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
SuperHybridEngine.lnk - c:\programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-14 376832]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [15.07.2012 18:01 36000]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [14.03.2010 11:26 110304]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [15.07.2012 18:01 86224]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28.04.2009 03:59 38912]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [20.08.2009 09:36 1015424]
S2 Freemake Improver;Freemake Improver;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [30.03.2013 21:52 101888]
S2 UI Assistant Service;UI Assistant Service;c:\programme\T-Moblie-Internet-Manager03\AssistantServices.exe [09.07.2010 09:15 241664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [14.08.2009 11:32 1684736]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS --> c:\windows\system32\drivers\AmUStor.SYS [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [09.07.2010 09:15 7680]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [28.04.2009 07:47 39040]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 29661109
*Deregistered* - 29661109
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 13:33 1165776 ----a-w- c:\programme\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 14:33]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-03-17 18:34]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-03-17 18:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Alexander******\Anwendungsdaten\Mozilla\Firefox\Profiles\eqztyw2v.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-07-08 21:03
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\igfxdev.dll
.
Zeit der Fertigstellung: 2013-07-08 21:09:06
ComboFix-quarantined-files.txt 2013-07-08 19:09
.
Vor Suchlauf: 20 Verzeichnis(se), 34.169.462.784 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 37.186.752.512 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 453AFD686C3014A23FBEA0E1320459BA
8F558EB6672622401DA993E1E865C861
|
|
08.07.2013, 20:38
| #12 |
| /// Malware-holic | Malware trotz AdwCleaner und Junkware Removal Tool Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.07.2013, 21:42
| #13 |
| | Malware trotz AdwCleaner und Junkware Removal Tool hi markusg, die liste: Code:
ATTFilter 7-Zip 9.20 15.05.2013 unnötig Adobe Flash Player 10 Plugin Adobe Systems Incorporated 04.07.2013 10.0.45.2 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 04.07.2013 11.7.700.224 notwendig Adobe Reader 8.1.0 - Deutsch Adobe Systems Incorporated 14.08.2009 101,00MB 8.1.0 notwendig Adobe Reader 8.2.0 - Deutsch Adobe Systems Incorporated 13.09.2012 103,00MB 8.2.0 notwendig Asus ACPI Driver AsusTek Computer 14.08.2009 6.1.1.1008 notwendig ASUS USB2.0 UVC VGA WebCam Sonix 14.08.2009 5.8.52108.207_WHQL notwendig ASUSUpdate for Eee PC 14.08.2009 notwendig Atheros Client Installation Program Atheros 14.08.2009 7.0 notwendig Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 14.08.2009 1.0.0.16 notwendig Audacity 1.2.6 12.02.2010 notwendig Avira Free Antivirus Avira 07.07.2013 12.1.9.2400 notwendig CCleaner Piriform 19.06.2013 4.03 notwendig CDBurnerXP CDBurnerXP 01.07.2010 4.3.2.2212 notwendig Compatibility Pack für 2007 Office System Microsoft Corporation 14.08.2009 64,22MB 12.0.4518.1014 notwendig Eee Docking 1.3.6.0 ASUSTEK 14.08.2009 1.3.6.0 notwendig EeeSplendid ASUS 14.08.2009 5.1.1.0021 notwendig EzMessenger ASUS 14.08.2009 16,04MB 1.0.2 unbekannt FileZilla Client 3.7.0.2 FileZilla Project 01.06.2013 3.7.0.2 notwendig FLV Player 2.0, build 24 Martijn de Visser 27.03.2010 2.0, build 24 notwendig Freemake Video Converter Version 4.0.0 Ellora Assets Corporation 30.03.2013 4.0.0 notwendig Google Chrome Google Inc. 17.03.2010 27.0.1453.116 notwendig Google Earth Google 31.03.2013 173,00MB 7.0.3.8542 notwendig Intel(R) Graphics Media Accelerator Driver 01.06.2013 notwendig Java 7 Update 25 Oracle 03.07.2013 129,00MB 7.0.250 notwendig LiveUpdate Asus 14.08.2009 7,02MB 1.13 unnötig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 07.07.2013 1.75.0.1300 notwendig Microsoft .NET Framework 1.1 19.01.2013 unbekannt Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 15.05.2013 183,00MB 2.2.30729 unbekannt Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 19.01.2013 253,00MB 3.2.30729 unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 19.01.2013 unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 15.05.2013 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 30.03.2013 4.0.30319 unbekannt Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 14.08.2009 1 unbekannt Microsoft Office Enterprise 2007 Microsoft Corporation 01.06.2013 12.0.4518.1014 notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 14.08.2009 1,74MB 3.1.0000 unbekannt Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 14.08.2009 2,29MB 1.0.1215.0 unbekannt Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 14.08.2009 1,45MB 1.0.1215.0 unbekannt Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation 14.08.2009 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11.02.2010 10,28MB 9.0.30729 unnötig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 15.07.2012 11,13MB 10.0.40219 unnötig Microsoft Works Microsoft Corporation 14.08.2009 9.7.0621 unnötig Mozilla Firefox 22.0 (x86 de) Mozilla 04.07.2013 22.0 notwendig Mozilla Maintenance Service Mozilla 06.07.2013 22.0 notwendig Ralink Wireless LAN Ralink 20.08.2009 1.0.7.0 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 14.08.2009 5.10.0.5841 notwendig Revo Uninstaller 1.94 VS Revo Group 17.05.2013 1.94 notwendig RuntimeLibsVC90 Microsoft 14.05.2013 9,92MB 1.1.0 unbekannt/unnötig Scratch MIT Media Lab Lifelong Kindergarten Group 17.06.2013 1.4.0.0 notwendig Skype web features Skype Technologies S.A. 14.08.2009 5,04MB 1.0.3810 unnötig Skype™ 4.1 Skype Technologies S.A. 14.08.2009 31,08MB 4.1.141 unnötig Super Hybrid Engine ASUS 14.08.2009 1.18 notwendig T-Mobile Internet Manager 03 ZTE 09.07.2010 1.0.0.1 unnötig The KMPlayer (remove only) KMP Media co., Ltd 02.06.2013 3.5.0.81 notwendig USB2.0 UVC Camera Device UVCPCC 14.08.2009 0.1.0.0 unnötig VideoLAN VLC media player 0.8.6h VideoLAN Team 12.02.2010 0.8.6h notwendig Winamp Nullsoft, Inc 13.05.2010 5.572 notwendig Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation 14.10.2010 notwendig Windows Internet Explorer 8 Microsoft Corporation 14.08.2009 20090308.140743 notwendig Windows Live Anmelde-Assistent Microsoft Corporation 14.08.2009 1,93MB 5.000.818.5 unnötig Windows Live Essentials Microsoft Corporation 14.08.2009 14.0.8064.0206 unnötig Windows Live Sync Microsoft Corporation 14.08.2009 2,80MB 14.0.8064.206 unnötig Windows Live-Uploadtool Microsoft Corporation 14.08.2009 0,22MB 14.0.8014.1029 unnötig Windows Media Format 11 runtime 19.03.2013 notwendig Windows Media Player 11 19.03.2013 notwendig WinGlobe 14.05.2010 unnötig WinRAR 4.20 (32-Bit) win.rar GmbH 15.05.2013 4.20.0 unnötig Zattoo 3.3.4 Beta Zattoo Inc. 21.04.2010 3.3.4 Beta unnötig Zattoo4 4.0.5 Zattoo Inc. 21.04.2010 4.0.5 unnötig |
|
08.07.2013, 21:57
| #14 |
| /// Malware-holic | Malware trotz AdwCleaner und Junkware Removal Tool Hi deinstalire: 7-Zip Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Skype : beide T-Mobile Windows Live : alle für euch unnötigen. WinGlobe Zattoo: beide Öffne CCleaner, analysieren, starten, PC neustarten. Hitman Pro - Download - Filepony Hitmanpro laden, doppelklicken, Scan klicken. Nichts löschen, auf weiter klicken. Log speichern und posten, bzw als XML exportieren, packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.07.2013, 14:43
| #15 |
| | Malware trotz AdwCleaner und Junkware Removal Tool hi markusg, ich denke/hoffe, dass ich jetzt alle Anweisungen befolgt habe. Nachfolgend die Log von Hitman Pro. Vielen Dank!: Code:
ATTFilter
|
|
| Themen zu Malware trotz AdwCleaner und Junkware Removal Tool |
| adware.agent, adware.domaiq, alexa, eingefangen, einstellungen, free, html/scrinject.b.gen, junkware, junkware removal tool, malware, malwarebytes, pum.disabled.securitycenter, pup.bundleinstaller.ib, rechner, recycler, temp, temporary, trotz, variant, win32/adware.addlyrics.f, win32/adware.lollipop.h, win32/speedingupmypc.b, woche, wochen |
WARNUNG an die MITLESER: 
Linear-Darstellung
