| |
| |||||||
Log-Analyse und Auswertung: TDSSKiller: MEM:Backdoor.Win32.Sinowal.dWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.10.2013, 10:17
| #1 |
| |  TDSSKiller: MEM:Backdoor.Win32.Sinowal.d Hallo zusammen, nachdem meine Eltern einen netten Brief von ihrem Internetanbieter bekommen haben mit der Bitte, doch mal ihren PC (uralt, XP SP2) unter die Lupe zu nehmen, habe ich das mal gemacht. Vermutlich haben sie sich über irgendeinen Anhang was eingefangen. Ich habe bereits u.a. folgende Software genutzt, ohne jedoch irgendetwas zu löschen oder einen Versuch unternommen zu haben, etwas auszumerzen: 1. Avast: kein Fund. 2. MBAM: kein Fund. 3. aswMBR: 2 rote Zeilen bei 17:11:46.093 Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-28 17:04:02
-----------------------------
17:04:02.640 OS Version: Windows 5.1.2600 Service Pack 2
17:04:02.640 Number of processors: 1 586 0x204
17:04:02.843 ComputerName: ASGARD UserName: winnie
17:04:09.859 Initialize success
17:04:20.234 AVAST engine defs: 13092800
17:10:07.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:10:07.375 Disk 0 Vendor: Maxtor_4D040H2 DAH017K0 Size: 39083MB BusType: 3
17:10:07.546 Disk 0 MBR read successfully
17:10:07.546 Disk 0 MBR scan
17:10:07.593 Disk 0 Windows XP default MBR code
17:10:07.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20002 MB offset 63
17:10:07.640 Disk 0 Partition - 00 0F Extended LBA 19069 MB offset 40965750
17:10:07.750 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14998 MB offset 40965813
17:10:07.750 Disk 0 Partition - 00 05 Extended 4071 MB offset 71682030
17:10:07.781 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 4071 MB offset 71682093
17:10:07.796 Disk 0 scanning sectors +80019765
17:10:08.140 Disk 0 scanning C:\WINDOWS\system32\drivers
17:10:31.859 Service scanning
17:10:42.953 Service Kbardsentca C:\WINDOWS\C:\WINDOWS\system32\drivers\MSPQM.sys **LOCKED** 123
17:10:56.500 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
17:11:01.859 Service vaxscsi C:\WINDOWS\System32\Drivers\vaxscsi.sys **LOCKED** 32
17:11:05.281 Modules scanning
17:11:46.031 Disk 0 trace - called modules:
17:11:46.093 ntoskrnl.exe >>UNKNOWN [0x8239feb0]<<
17:11:46.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82350ab8]
17:11:46.093 \Driver\Disk[0x82374a08] -> IRP_MJ_CREATE -> 0x8239feb0
17:11:46.796 AVAST engine scan C:\WINDOWS
17:11:54.765 AVAST engine scan C:\WINDOWS\system32
17:15:40.203 AVAST engine scan C:\WINDOWS\system32\drivers
17:16:02.281 AVAST engine scan C:\Dokumente und Einstellungen\winnie
17:51:34.296 AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:52:59.765 Scan finished successfully
17:58:02.968 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner\MBR.dat"
17:58:03.109 The log file has been saved successfully to "C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner\aswMBR.txt"
Code:
ATTFilter 10:43:25.0000 1684 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:43:26.0296 1684 ============================================================
10:43:26.0328 1684 Current date / time: 2013/10/01 10:43:26.0296
10:43:26.0328 1684 SystemInfo:
10:43:26.0328 1684
10:43:26.0328 1684 OS Version: 5.1.2600 ServicePack: 2.0
10:43:26.0328 1684 Product type: Workstation
10:43:26.0328 1684 ComputerName: ASGARD
10:43:26.0406 1684 UserName: winnie
10:43:26.0406 1684 Windows directory: C:\WINDOWS
10:43:26.0406 1684 System windows directory: C:\WINDOWS
10:43:26.0406 1684 Processor architecture: Intel x86
10:43:26.0406 1684 Number of processors: 1
10:43:26.0406 1684 Page size: 0x1000
10:43:26.0406 1684 Boot type: Normal boot
10:43:26.0406 1684 ============================================================
10:43:28.0984 1684 Drive \Device\Harddisk0\DR0 - Size: 0x98ABA0000 (38.17 Gb), SectorSize: 0x200, Cylinders: 0x1376, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:43:29.0031 1684 ============================================================
10:43:29.0031 1684 \Device\Harddisk0\DR0:
10:43:29.0031 1684 MBR partitions:
10:43:29.0046 1684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
10:43:29.0062 1684 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x1D4B139
10:43:29.0156 1684 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x445C82D, BlocksNum 0x7F3908
10:43:29.0156 1684 ============================================================
10:43:29.0218 1684 C: <-> \Device\Harddisk0\DR0\Partition1
10:43:29.0250 1684 D: <-> \Device\Harddisk0\DR0\Partition2
10:43:29.0281 1684 E: <-> \Device\Harddisk0\DR0\Partition3
10:43:29.0281 1684 ============================================================
10:43:29.0281 1684 Initialize success
10:43:29.0281 1684 ============================================================
10:43:42.0140 1936 ============================================================
10:43:42.0140 1936 Scan started
10:43:42.0140 1936 Mode: Manual; SigCheck; TDLFS;
10:43:42.0140 1936 ============================================================
10:43:42.0671 1936 ================ Scan system memory ========================
10:43:50.0765 1936 System memory ( MEM:Backdoor.Win32.Sinowal.d ) - infected
10:43:50.0765 1936 System memory - detected MEM:Backdoor.Win32.Sinowal.d (0)
10:43:50.0765 1936 ================ Scan services =============================
10:43:51.0203 1936 Abiosdsk - ok
10:43:51.0218 1936 abp480n5 - ok
10:43:51.0359 1936 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
10:43:52.0265 1936 ACDaemon - ok
10:43:52.0359 1936 [ 94B4741D2CF9ED38140B831293D1601A ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:44:01.0000 1936 ACPI - ok
10:44:01.0156 1936 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:44:01.0656 1936 ACPIEC - ok
10:44:01.0765 1936 [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
10:44:01.0921 1936 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
10:44:01.0921 1936 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
10:44:01.0953 1936 adpu160m - ok
10:44:02.0046 1936 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:44:02.0671 1936 aec - ok
10:44:02.0703 1936 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
10:44:02.0812 1936 Afc - ok
10:44:02.0890 1936 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:44:03.0609 1936 AFD - ok
10:44:03.0656 1936 [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
10:44:04.0234 1936 agp440 - ok
10:44:04.0250 1936 Aha154x - ok
10:44:04.0281 1936 aic78u2 - ok
10:44:04.0375 1936 aic78xx - ok
10:44:04.0453 1936 [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:44:05.0187 1936 Alerter - ok
10:44:05.0203 1936 [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG C:\WINDOWS\System32\alg.exe
10:44:05.0703 1936 ALG - ok
10:44:05.0781 1936 AliIde - ok
10:44:05.0796 1936 amsint - ok
10:44:05.0843 1936 [ BECD5328E7869807D6557BE4FE60C72F ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:44:06.0390 1936 AppMgmt - ok
10:44:06.0390 1936 asc - ok
10:44:06.0484 1936 asc3350p - ok
10:44:06.0500 1936 asc3550 - ok
10:44:06.0765 1936 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:44:06.0843 1936 aspnet_state - ok
10:44:06.0890 1936 [ B9FE438B3CAD82B2014710349A2022F7 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
10:44:06.0937 1936 aswFsBlk - ok
10:44:07.0046 1936 [ AE5549DD21F6DE06406031EF1D51ACC3 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
10:44:07.0171 1936 aswMonFlt - ok
10:44:07.0218 1936 [ D084D0A7A66619FC29776CBBB9D5FA55 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
10:44:07.0250 1936 AswRdr - ok
10:44:07.0343 1936 [ FA72FA503F580C3C628DD8C7D7622E37 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
10:44:07.0375 1936 aswRvrt - ok
10:44:07.0468 1936 [ 4D53349D848C6BADB3D4ACBE98C27676 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
10:44:07.0625 1936 aswSnx - ok
10:44:07.0687 1936 [ 813024DFD54A41B3AFAE2B1E2796CB80 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
10:44:07.0828 1936 aswSP - ok
10:44:07.0859 1936 [ 5E18413310134130D7772F0668698CB7 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
10:44:07.0890 1936 aswTdi - ok
10:44:07.0953 1936 [ A5F637D61719D37A5B4868C385E363C0 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
10:44:07.0984 1936 aswVmm - ok
10:44:08.0046 1936 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:44:08.0593 1936 AsyncMac - ok
10:44:08.0671 1936 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:44:09.0156 1936 atapi - ok
10:44:09.0171 1936 Atdisk - ok
10:44:09.0328 1936 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:44:10.0000 1936 Atmarpc - ok
10:44:10.0046 1936 [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:44:10.0656 1936 AudioSrv - ok
10:44:10.0718 1936 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:44:11.0203 1936 audstub - ok
10:44:11.0343 1936 [ 9330941C8F6DF417F6DBBE998DB6687E ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
10:44:11.0359 1936 avast! Antivirus - ok
10:44:11.0453 1936 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:44:12.0015 1936 Beep - ok
10:44:12.0109 1936 [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS C:\WINDOWS\system32\qmgr.dll
10:44:12.0953 1936 BITS - ok
10:44:13.0015 1936 [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser C:\WINDOWS\System32\browser.dll
10:44:13.0484 1936 Browser - ok
10:44:13.0562 1936 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:44:14.0218 1936 cbidf2k - ok
10:44:14.0265 1936 [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8 C:\Programme\Canon\CAL\CALMAIN.exe
10:44:14.0453 1936 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
10:44:14.0453 1936 CCALib8 - detected UnsignedFile.Multi.Generic (1)
10:44:14.0562 1936 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:44:15.0109 1936 CCDECODE - ok
10:44:15.0109 1936 cd20xrnt - ok
10:44:15.0171 1936 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:44:15.0609 1936 Cdaudio - ok
10:44:15.0671 1936 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:44:16.0187 1936 Cdfs - ok
10:44:16.0218 1936 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:44:16.0875 1936 Cdrom - ok
10:44:16.0890 1936 Changer - ok
10:44:16.0968 1936 [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:44:17.0562 1936 CiSvc - ok
10:44:17.0593 1936 [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:44:18.0281 1936 ClipSrv - ok
10:44:18.0343 1936 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:44:18.0453 1936 clr_optimization_v2.0.50727_32 - ok
10:44:18.0515 1936 CmdIde - ok
10:44:18.0640 1936 [ 9120C9CAAC11A6149B6B1EB1598733B6 ] cmpci C:\WINDOWS\system32\drivers\cmaudio.sys
10:44:19.0000 1936 cmpci - ok
10:44:19.0015 1936 COMSysApp - ok
10:44:19.0109 1936 Cpqarray - ok
10:44:19.0250 1936 [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:44:19.0812 1936 CryptSvc - ok
10:44:19.0828 1936 dac2w2k - ok
10:44:19.0906 1936 dac960nt - ok
10:44:20.0046 1936 [ 9F28FF58D6D67B123272869D89D14004 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:44:20.0843 1936 DcomLaunch - ok
10:44:20.0906 1936 [ 69F986B2688BA95A0D9362B0E233D5FF ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:44:21.0578 1936 Dhcp - ok
10:44:21.0656 1936 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:44:22.0218 1936 Disk - ok
10:44:22.0296 1936 dmadmin - ok
10:44:22.0390 1936 [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:44:23.0109 1936 dmboot - ok
10:44:23.0156 1936 [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:44:23.0796 1936 dmio - ok
10:44:23.0843 1936 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:44:24.0437 1936 dmload - ok
10:44:24.0468 1936 [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver C:\WINDOWS\System32\dmserver.dll
10:44:25.0093 1936 dmserver - ok
10:44:25.0140 1936 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:44:25.0718 1936 DMusic - ok
10:44:25.0765 1936 [ D1F5B71BBAEEE07B78980DBD878C0BC7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:44:26.0343 1936 Dnscache - ok
10:44:26.0359 1936 dpti2o - ok
10:44:26.0421 1936 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:44:26.0968 1936 drmkaud - ok
10:44:27.0062 1936 [ 877A4512CC9074D6954776AF47021766 ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:44:27.0562 1936 ERSvc - ok
10:44:27.0625 1936 [ EDB6B81761BD60F32F740BBC40AFB676 ] Eventlog C:\WINDOWS\system32\services.exe
10:44:28.0265 1936 Eventlog - ok
10:44:28.0296 1936 [ 4E1A8645EE77CB9454FFE53C59620A25 ] EventSystem C:\WINDOWS\system32\es.dll
10:44:28.0906 1936 EventSystem - ok
10:44:28.0953 1936 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:44:29.0406 1936 Fastfat - ok
10:44:29.0468 1936 [ BAC5F7F0C2B8C1B9832594851E0F9914 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:44:29.0968 1936 FastUserSwitchingCompatibility - ok
10:44:30.0031 1936 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
10:44:30.0531 1936 Fdc - ok
10:44:30.0578 1936 [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:44:31.0156 1936 Fips - ok
10:44:31.0203 1936 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:44:31.0796 1936 Flpydisk - ok
10:44:31.0859 1936 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:44:32.0296 1936 FltMgr - ok
10:44:32.0328 1936 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:44:32.0828 1936 Fs_Rec - ok
10:44:32.0890 1936 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:44:33.0546 1936 Ftdisk - ok
10:44:33.0562 1936 [ 5F92FD09E5610A5995DA7D775EADCD12 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
10:44:34.0187 1936 gameenum - ok
10:44:34.0218 1936 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:44:34.0609 1936 Gpc - ok
10:44:34.0703 1936 [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:44:35.0296 1936 helpsvc - ok
10:44:35.0406 1936 [ 923EE4EEF2582909A056904CA8026015 ] hidgame C:\WINDOWS\system32\DRIVERS\hidgame.sys
10:44:35.0984 1936 hidgame - ok
10:44:36.0000 1936 HidServ - ok
10:44:36.0046 1936 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:44:36.0500 1936 HidUsb - ok
10:44:36.0515 1936 hpn - ok
10:44:36.0593 1936 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:44:37.0125 1936 HTTP - ok
10:44:37.0203 1936 [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:44:37.0828 1936 HTTPFilter - ok
10:44:37.0843 1936 i2omgmt - ok
10:44:37.0859 1936 i2omp - ok
10:44:37.0906 1936 [ 7C575018D0413440D75432A78B88C899 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:44:38.0421 1936 i8042prt - ok
10:44:38.0609 1936 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
10:44:38.0765 1936 IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:44:38.0765 1936 IDriverT - detected UnsignedFile.Multi.Generic (1)
10:44:38.0828 1936 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:44:39.0359 1936 Imapi - ok
10:44:39.0500 1936 [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService C:\WINDOWS\system32\imapi.exe
10:44:40.0031 1936 ImapiService - ok
10:44:40.0046 1936 InCDFs - ok
10:44:40.0109 1936 InCDPass - ok
10:44:40.0140 1936 InCDRm - ok
10:44:40.0281 1936 ini910u - ok
10:44:40.0421 1936 [ D63C33F65F6EBC732116403D88883B2D ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
10:44:40.0906 1936 IntelIde - ok
10:44:40.0968 1936 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:44:41.0609 1936 Ip6Fw - ok
10:44:41.0640 1936 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:44:42.0187 1936 IpFilterDriver - ok
10:44:42.0250 1936 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:44:42.0734 1936 IpInIp - ok
10:44:42.0765 1936 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:44:43.0359 1936 IpNat - ok
10:44:43.0421 1936 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:44:43.0953 1936 IPSec - ok
10:44:44.0031 1936 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:44:44.0359 1936 IRENUM - ok
10:44:44.0437 1936 [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:44:44.0890 1936 isapnp - ok
10:44:44.0953 1936 [ 1988A33FF19242576C3D0EF9CE785DA7 ] Kbardsentca C:\WINDOWS\system32\drivers\MSPQM.sys
10:44:45.0625 1936 Kbardsentca - ok
10:44:45.0671 1936 [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:44:46.0218 1936 Kbdclass - ok
10:44:46.0265 1936 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:44:46.0781 1936 kmixer - ok
10:44:46.0828 1936 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:44:47.0453 1936 KSecDD - ok
10:44:47.0515 1936 [ F8170AA51CD202BC062B8A0983F361B7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:44:48.0203 1936 lanmanserver - ok
10:44:48.0234 1936 [ 36D74668F5448D55887FA3958488DC06 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:44:48.0953 1936 lanmanworkstation - ok
10:44:49.0046 1936 lbrtfdc - ok
10:44:49.0109 1936 [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:44:49.0578 1936 LmHosts - ok
10:44:49.0656 1936 [ A8FE41A339CEB3B517321A7FF0ED67C5 ] LwAdiHid C:\WINDOWS\system32\DRIVERS\LwAdiHid.sys
10:44:50.0250 1936 LwAdiHid - ok
10:44:50.0281 1936 [ B749B05D5A7AD704E47D4565B4894D99 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
10:44:50.0359 1936 mbamchameleon - ok
10:44:50.0390 1936 [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:44:51.0093 1936 Messenger - ok
10:44:51.0140 1936 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:44:51.0656 1936 mnmdd - ok
10:44:51.0718 1936 [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:44:52.0421 1936 mnmsrvc - ok
10:44:52.0453 1936 [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:44:52.0968 1936 Modem - ok
10:44:53.0015 1936 [ 71E15CA47FD947552054AFB28536268F ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:44:53.0468 1936 Mouclass - ok
10:44:53.0484 1936 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:44:54.0171 1936 mouhid - ok
10:44:54.0218 1936 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:44:54.0781 1936 MountMgr - ok
10:44:54.0875 1936 [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
10:44:54.0968 1936 MozillaMaintenance - ok
10:44:54.0968 1936 mraid35x - ok
10:44:55.0062 1936 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:44:55.0640 1936 MRxDAV - ok
10:44:55.0687 1936 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:44:56.0234 1936 MRxSmb - ok
10:44:56.0312 1936 [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:44:56.0906 1936 MSDTC - ok
10:44:56.0968 1936 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:44:57.0609 1936 Msfs - ok
10:44:57.0625 1936 MSIServer - ok
10:44:57.0671 1936 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:44:58.0203 1936 MSKSSRV - ok
10:44:58.0234 1936 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:44:58.0875 1936 MSPCLOCK - ok
10:44:58.0906 1936 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:44:59.0546 1936 MSPQM - ok
10:44:59.0609 1936 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:45:00.0234 1936 mssmbios - ok
10:45:00.0281 1936 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
10:45:00.0750 1936 MSTEE - ok
10:45:00.0781 1936 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
10:45:01.0453 1936 ms_mpu401 - ok
10:45:01.0500 1936 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:45:02.0078 1936 Mup - ok
10:45:02.0140 1936 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:45:02.0687 1936 NABTSFEC - ok
10:45:02.0750 1936 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:45:03.0343 1936 NDIS - ok
10:45:03.0390 1936 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:45:03.0875 1936 NdisIP - ok
10:45:03.0906 1936 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:45:04.0421 1936 NdisTapi - ok
10:45:04.0453 1936 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:45:05.0203 1936 Ndisuio - ok
10:45:05.0234 1936 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:45:05.0687 1936 NdisWan - ok
10:45:05.0718 1936 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:45:06.0359 1936 NDProxy - ok
10:45:06.0359 1936 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:45:06.0968 1936 NetBIOS - ok
10:45:07.0000 1936 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:45:07.0703 1936 NetBT - ok
10:45:07.0750 1936 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE C:\WINDOWS\system32\netdde.exe
10:45:08.0406 1936 NetDDE - ok
10:45:08.0421 1936 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:45:09.0031 1936 NetDDEdsdm - ok
10:45:09.0078 1936 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:45:09.0656 1936 Netlogon - ok
10:45:09.0687 1936 [ CDF4DA6B518105343FE9E8AFBBF8FBF4 ] Netman C:\WINDOWS\System32\netman.dll
10:45:10.0296 1936 Netman - ok
10:45:10.0375 1936 [ B36E08F680BAE4DFC5C24D00A2DFC9E7 ] Nla C:\WINDOWS\System32\mswsock.dll
10:45:10.0921 1936 Nla - ok
10:45:10.0968 1936 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:45:11.0453 1936 Npfs - ok
10:45:11.0625 1936 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:45:12.0359 1936 Ntfs - ok
10:45:12.0390 1936 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:45:12.0921 1936 NtLmSsp - ok
10:45:13.0000 1936 [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:45:13.0718 1936 NtmsSvc - ok
10:45:13.0765 1936 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:45:14.0328 1936 Null - ok
10:45:14.0484 1936 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:45:15.0375 1936 nv - ok
10:45:15.0406 1936 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:45:15.0937 1936 NwlnkFlt - ok
10:45:16.0031 1936 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:45:16.0734 1936 NwlnkFwd - ok
10:45:16.0765 1936 [ B2F17A2EDB5450E61973A037F63A595B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
10:45:17.0250 1936 Parport - ok
10:45:17.0312 1936 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:45:17.0843 1936 PartMgr - ok
10:45:17.0953 1936 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:45:18.0546 1936 ParVdm - ok
10:45:18.0578 1936 [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:45:19.0078 1936 PCI - ok
10:45:19.0078 1936 PCIDump - ok
10:45:19.0156 1936 PCIIde - ok
10:45:19.0281 1936 [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:45:19.0859 1936 Pcmcia - ok
10:45:19.0859 1936 PDCOMP - ok
10:45:19.0875 1936 PDFRAME - ok
10:45:19.0968 1936 PDRELI - ok
10:45:20.0062 1936 PDRFRAME - ok
10:45:20.0140 1936 perc2 - ok
10:45:20.0218 1936 perc2hib - ok
10:45:20.0359 1936 [ EDB6B81761BD60F32F740BBC40AFB676 ] PlugPlay C:\WINDOWS\system32\services.exe
10:45:21.0062 1936 PlugPlay - ok
10:45:21.0140 1936 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:45:21.0796 1936 PolicyAgent - ok
10:45:21.0843 1936 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:45:22.0421 1936 PptpMiniport - ok
10:45:22.0500 1936 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:45:22.0968 1936 ProtectedStorage - ok
10:45:23.0000 1936 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:45:23.0531 1936 PSched - ok
10:45:23.0750 1936 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:45:24.0328 1936 Ptilink - ok
10:45:24.0359 1936 ql1080 - ok
10:45:24.0375 1936 Ql10wnt - ok
10:45:24.0390 1936 ql12160 - ok
10:45:24.0421 1936 ql1240 - ok
10:45:24.0453 1936 ql1280 - ok
10:45:24.0515 1936 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:45:25.0015 1936 RasAcd - ok
10:45:25.0078 1936 [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:45:25.0859 1936 RasAuto - ok
10:45:25.0890 1936 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:45:26.0328 1936 Rasl2tp - ok
10:45:26.0390 1936 [ A5D2D745A2AEFA327DCA6DA317B5FD70 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:45:27.0062 1936 RasMan - ok
10:45:27.0109 1936 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:45:27.0718 1936 RasPppoe - ok
10:45:27.0781 1936 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:45:28.0359 1936 Raspti - ok
10:45:28.0406 1936 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:45:29.0109 1936 Rdbss - ok
10:45:29.0125 1936 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:45:29.0734 1936 RDPCDD - ok
10:45:29.0812 1936 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:45:30.0437 1936 rdpdr - ok
10:45:30.0593 1936 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:45:31.0109 1936 RDPWD - ok
10:45:31.0140 1936 [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:45:31.0875 1936 RDSessMgr - ok
10:45:31.0937 1936 [ AA56702E230860565CB8D43680F57F33 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:45:32.0515 1936 redbook - ok
10:45:32.0546 1936 [ EBA80CDF25E02084857957E820004934 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:45:33.0265 1936 RemoteAccess - ok
10:45:33.0343 1936 [ AE81CF7D7CFA79CD03E8FB99788A7E09 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
10:45:34.0390 1936 RemoteRegistry - ok
10:45:34.0437 1936 [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator C:\WINDOWS\system32\locator.exe
10:45:34.0968 1936 RpcLocator - ok
10:45:35.0046 1936 [ 9F28FF58D6D67B123272869D89D14004 ] RpcSs C:\WINDOWS\system32\rpcss.dll
10:45:35.0875 1936 RpcSs - ok
10:45:35.0921 1936 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:45:36.0546 1936 RSVP - ok
10:45:36.0593 1936 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
10:45:37.0203 1936 rtl8139 - ok
10:45:37.0218 1936 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs C:\WINDOWS\system32\lsass.exe
10:45:37.0859 1936 SamSs - ok
10:45:37.0906 1936 [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:45:38.0562 1936 SCardSvr - ok
10:45:38.0609 1936 [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:45:39.0125 1936 Schedule - ok
10:45:39.0156 1936 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:45:39.0468 1936 Secdrv - ok
10:45:39.0531 1936 [ FED544B43903FB801B106F062110358A ] seclogon C:\WINDOWS\System32\seclogon.dll
10:45:40.0218 1936 seclogon - ok
10:45:40.0250 1936 [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS C:\WINDOWS\system32\sens.dll
10:45:40.0937 1936 SENS - ok
10:45:40.0953 1936 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:45:41.0609 1936 serenum - ok
10:45:41.0640 1936 [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:45:42.0140 1936 Serial - ok
10:45:42.0156 1936 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:45:42.0640 1936 Sfloppy - ok
10:45:42.0703 1936 [ 9245420422E409A25C1410ACB4244060 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:45:43.0390 1936 SharedAccess - ok
10:45:43.0437 1936 [ BAC5F7F0C2B8C1B9832594851E0F9914 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:45:44.0015 1936 ShellHWDetection - ok
10:45:44.0015 1936 Simbad - ok
10:45:44.0078 1936 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:45:44.0562 1936 SLIP - ok
10:45:44.0828 1936 [ F3CC67EBBD33EC8D87BE51169B5ADD6D ] SmcService C:\Programme\Sygate\SPF\smc.exe
10:45:45.0062 1936 SmcService - ok
10:45:45.0687 1936 [ 8C5AF605A85C5214D40542D933DA737C ] SNP2STD C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
10:45:47.0406 1936 SNP2STD - ok
10:45:47.0484 1936 [ 8A12AB5DE877B8F97D5EE70E16A5C9B2 ] Sophos AutoUpdate Service c:\Programme\Sophos\AutoUpdate\ALsvc.exe
10:45:47.0656 1936 Sophos AutoUpdate Service - ok
10:45:47.0671 1936 Sparrow - ok
10:45:47.0750 1936 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:45:48.0484 1936 splitter - ok
10:45:48.0531 1936 [ 54E7113A4BD696E430919BCAF5C65E06 ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:45:49.0203 1936 Spooler - ok
10:45:49.0296 1936 [ 87E7F21843FCDC6AF1967A928929CFF9 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
10:45:49.0296 1936 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 87E7F21843FCDC6AF1967A928929CFF9
10:45:49.0312 1936 sptd ( LockedFile.Multi.Generic ) - warning
10:45:49.0312 1936 sptd - detected LockedFile.Multi.Generic (1)
10:45:49.0375 1936 [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:45:49.0765 1936 sr - ok
10:45:49.0796 1936 [ 015F302C4CF961F20C3F98F3A7CA7917 ] srservice C:\WINDOWS\system32\srsvc.dll
10:45:50.0765 1936 srservice - ok
10:45:50.0796 1936 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:45:51.0453 1936 Srv - ok
10:45:51.0531 1936 [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:45:52.0890 1936 SSDPSRV - ok
10:45:52.0937 1936 [ 71D609C5DFF067906D930BDE031C4CFE ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:45:53.0125 1936 ssmdrv ( UnsignedFile.Multi.Generic ) - warning
10:45:53.0125 1936 ssmdrv - detected UnsignedFile.Multi.Generic (1)
10:45:53.0234 1936 [ AB2B9349ADA4AC5EC74B622B8303FE23 ] StarWindService C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
10:45:53.0640 1936 StarWindService ( UnsignedFile.Multi.Generic ) - warning
10:45:53.0640 1936 StarWindService - detected UnsignedFile.Multi.Generic (1)
10:45:53.0718 1936 [ 7E751068ADA60FC77638622E86A7CD9E ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:45:54.0468 1936 stisvc - ok
10:45:54.0546 1936 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:45:55.0031 1936 streamip - ok
10:45:55.0062 1936 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:45:55.0703 1936 swenum - ok
10:45:55.0750 1936 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:45:56.0312 1936 swmidi - ok
10:45:56.0328 1936 SwPrv - ok
10:45:56.0406 1936 symc810 - ok
10:45:56.0484 1936 symc8xx - ok
10:45:56.0562 1936 sym_hi - ok
10:45:56.0593 1936 sym_u3 - ok
10:45:56.0703 1936 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:45:57.0484 1936 sysaudio - ok
10:45:57.0546 1936 [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:45:58.0234 1936 SysmonLog - ok
10:45:58.0265 1936 [ 4584E2A5FE662AB3E7C32936E1449043 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:45:58.0921 1936 TapiSrv - ok
10:45:59.0000 1936 [ 09EB23A4567BDD56D9580A059E616E23 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:45:59.0171 1936 Tcpip ( UnsignedFile.Multi.Generic ) - warning
10:45:59.0171 1936 Tcpip - detected UnsignedFile.Multi.Generic (1)
10:45:59.0218 1936 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:45:59.0765 1936 TDPIPE - ok
10:45:59.0812 1936 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:46:00.0921 1936 TDTCP - ok
10:46:01.0625 1936 [ 576918B02840A360702051BC4269B13F ] TeamViewer8 C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
10:46:02.0890 1936 TeamViewer8 - ok
10:46:02.0984 1936 [ 64E59FCF5F81F55442E8476CE8E54CA0 ] Teefer C:\WINDOWS\system32\Drivers\Teefer.sys
10:46:03.0078 1936 Teefer ( UnsignedFile.Multi.Generic ) - warning
10:46:03.0078 1936 Teefer - detected UnsignedFile.Multi.Generic (1)
10:46:03.0125 1936 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:46:03.0625 1936 TermDD - ok
10:46:03.0687 1936 [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService C:\WINDOWS\System32\termsrv.dll
10:46:04.0437 1936 TermService - ok
10:46:04.0468 1936 [ BAC5F7F0C2B8C1B9832594851E0F9914 ] Themes C:\WINDOWS\System32\shsvcs.dll
10:46:05.0187 1936 Themes - ok
10:46:05.0234 1936 [ 58708746B8267033E5CF2B29659E7F74 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
10:46:05.0750 1936 TlntSvr - ok
10:46:05.0765 1936 TosIde - ok
10:46:05.0875 1936 [ A34E894201D66E380E1FA96FE11B587E ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:46:06.0531 1936 TrkWks - ok
10:46:06.0593 1936 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:46:07.0234 1936 Udfs - ok
10:46:07.0250 1936 ultra - ok
10:46:07.0281 1936 [ 1977313E362C8732C1AF4D1BCB9C06B7 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
10:46:07.0765 1936 UMWdf - ok
10:46:07.0828 1936 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:46:08.0296 1936 Update - ok
10:46:08.0343 1936 [ 09D4A2D7C5A8ABEC227D118765FAADDF ] upnphost C:\WINDOWS\System32\upnphost.dll
10:46:08.0796 1936 upnphost - ok
10:46:08.0828 1936 [ A99F867E76CFDAA28EE305B93F70E84F ] UPS C:\WINDOWS\System32\ups.exe
10:46:09.0453 1936 UPS - ok
10:46:09.0484 1936 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:46:10.0000 1936 usbhub - ok
10:46:10.0140 1936 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:46:10.0671 1936 usbscan - ok
10:46:10.0718 1936 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:46:11.0218 1936 USBSTOR - ok
10:46:11.0250 1936 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:46:11.0812 1936 usbuhci - ok
10:46:11.0859 1936 [ 92CEBC2BC7BE2C8D49391B365569F306 ] vaxscsi C:\WINDOWS\System32\Drivers\vaxscsi.sys
10:46:11.0875 1936 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92CEBC2BC7BE2C8D49391B365569F306
10:46:11.0890 1936 vaxscsi ( LockedFile.Multi.Generic ) - warning
10:46:11.0890 1936 vaxscsi - detected LockedFile.Multi.Generic (1)
10:46:11.0937 1936 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:46:12.0390 1936 VgaSave - ok
10:46:12.0406 1936 ViaIde - ok
10:46:12.0468 1936 [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:46:13.0000 1936 VolSnap - ok
10:46:13.0046 1936 [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS C:\WINDOWS\System32\vssvc.exe
10:46:13.0625 1936 VSS - ok
10:46:13.0703 1936 [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time C:\WINDOWS\system32\w32time.dll
10:46:14.0375 1936 W32Time - ok
10:46:14.0406 1936 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:46:14.0890 1936 Wanarp - ok
10:46:14.0906 1936 WDICA - ok
10:46:14.0953 1936 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:46:15.0578 1936 wdmaud - ok
10:46:15.0609 1936 [ 1EB51FEEA9D3208EAE60604F4346C02E ] WebClient C:\WINDOWS\System32\webclnt.dll
10:46:16.0296 1936 WebClient - ok
10:46:16.0328 1936 [ 8E95E30E9031C3AC25EC2455DA19831F ] wg3n C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
10:46:16.0500 1936 wg3n ( UnsignedFile.Multi.Generic ) - warning
10:46:16.0500 1936 wg3n - detected UnsignedFile.Multi.Generic (1)
10:46:16.0640 1936 [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:46:17.0171 1936 winmgmt - ok
10:46:17.0296 1936 [ 5FDCCC838CD95F61097D8A637F842AA8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
10:46:17.0921 1936 WmdmPmSN - ok
10:46:17.0984 1936 [ 9CBB06E4438D6A0D52A46E0B44796D37 ] Wmi C:\WINDOWS\System32\advapi32.dll
10:46:18.0687 1936 Wmi - ok
10:46:18.0859 1936 [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:46:19.0375 1936 WmiApSrv - ok
10:46:19.0390 1936 [ F62A090F00C5B4E597E8AA4B1048CE05 ] wpsdrvnt C:\WINDOWS\system32\drivers\wpsdrvnt.sys
10:46:19.0562 1936 wpsdrvnt ( UnsignedFile.Multi.Generic ) - warning
10:46:19.0562 1936 wpsdrvnt - detected UnsignedFile.Multi.Generic (1)
10:46:19.0656 1936 [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:46:20.0375 1936 wscsvc - ok
10:46:20.0421 1936 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:46:20.0921 1936 WSTCODEC - ok
10:46:20.0953 1936 [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:46:21.0687 1936 wuauserv - ok
10:46:21.0781 1936 [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:46:22.0578 1936 WZCSVC - ok
10:46:22.0640 1936 [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:46:23.0296 1936 xmlprov - ok
10:46:23.0312 1936 ================ Scan global ===============================
10:46:23.0390 1936 [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
10:46:23.0468 1936 [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll
10:46:23.0640 1936 [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll
10:46:23.0828 1936 [ EDB6B81761BD60F32F740BBC40AFB676 ] C:\WINDOWS\system32\services.exe
10:46:23.0890 1936 [Global] - ok
10:46:23.0953 1936 ================ Scan MBR ==================================
10:46:23.0968 1936 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
10:46:25.0640 1936 \Device\Harddisk0\DR0 - ok
10:46:25.0656 1936 ================ Scan VBR ==================================
10:46:25.0687 1936 [ D7570C01026DEA662DA683AF40399D1A ] \Device\Harddisk0\DR0\Partition1
10:46:25.0687 1936 \Device\Harddisk0\DR0\Partition1 - ok
10:46:25.0734 1936 [ 3FF55E3A650A7955AB6B83B31FA29385 ] \Device\Harddisk0\DR0\Partition2
10:46:25.0734 1936 \Device\Harddisk0\DR0\Partition2 - ok
10:46:25.0796 1936 [ 87B48A5169851BA98B6AEB60CB5BF175 ] \Device\Harddisk0\DR0\Partition3
10:46:25.0796 1936 \Device\Harddisk0\DR0\Partition3 - ok
10:46:25.0796 1936 ============================================================
10:46:25.0796 1936 Scan finished
10:46:25.0796 1936 ============================================================
10:46:25.0984 1900 Detected object count: 12
10:46:25.0984 1900 Actual detected object count: 12
10:59:12.0218 1900 System memory ( MEM:Backdoor.Win32.Sinowal.d ) - skipped by user
10:59:12.0218 1900 System memory ( MEM:Backdoor.Win32.Sinowal.d ) - User select action: Skip
10:59:12.0218 1900 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0218 1900 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0250 1900 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0250 1900 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0250 1900 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0250 1900 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0281 1900 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:59:12.0281 1900 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
10:59:12.0312 1900 ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0312 1900 ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0312 1900 StarWindService ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0312 1900 StarWindService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0375 1900 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0375 1900 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0375 1900 Teefer ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0375 1900 Teefer ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0390 1900 vaxscsi ( LockedFile.Multi.Generic ) - skipped by user
10:59:12.0390 1900 vaxscsi ( LockedFile.Multi.Generic ) - User select action: Skip
10:59:12.0437 1900 wg3n ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0437 1900 wg3n ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0437 1900 wpsdrvnt ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0437 1900 wpsdrvnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
Besten Dank schon mal! pummel Geändert von pummelfee (01.10.2013 um 10:33 Uhr) |
|
01.10.2013, 10:46
| #2 |
| /// the machine /// TB-Ausbilder    | TDSSKiller: MEM:Backdoor.Win32.Sinowal.d hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
01.10.2013, 11:47
| #3 |
| | TDSSKiller: MEM:Backdoor.Win32.Sinowal.d Hallo Schrauber,
__________________Das ging ja fix  . Hier sind die log-Files. 1. FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by winnie (administrator) on ASGARD on 01-10-2013 12:19:41
Running from C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 6
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Sygate Technologies, Inc.) C:\Programme\Sygate\SPF\smc.exe
(AVAST Software) C:\Programme\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
(Sophos Limited) c:\Programme\Sophos\AutoUpdate\ALsvc.exe
(Rocket Division Software) C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
(Canon Inc.) C:\Programme\Canon\CAL\CALMAIN.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Desktop.exe
(TeamViewer GmbH) c:\programme\teamviewer\version8\TeamViewer.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
(shbox.de) C:\Programme\FreePDF_XP\fpassist.exe
(C-Media Electronic Inc. (www.cmedia.com.tw)) C:\WINDOWS\Mixer.exe
(Sonix) C:\WINDOWS\vsnp2std.exe
(ArcSoft Inc.) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\tv_w32.exe
(Sophos Limited) C:\Programme\Sophos\AutoUpdate\almon.exe
(AVAST Software) C:\Programme\AVAST Software\Avast\avastUI.exe
(Nero AG) C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
(ArcSoft Inc.) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SmcService] - C:\PROGRA~1\Sygate\SPF\smc.exe [2372760 2004-02-24] (Sygate Technologies, Inc.)
HKLM\...\Run: [NWEReboot] - [x]
HKLM\...\Run: [CorelDRAW Graphics Suite 11b] - C:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe [733184 2003-11-28] (Corel Corporation)
HKLM\...\Run: [EPSON Stylus C86 Series] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE [99840 2003-11-25] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FreePDF Assistant] - C:\Programme\FreePDF_XP\fpassist.exe [312320 2007-06-26] (shbox.de)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [C-Media Mixer] - Mixer.exe /startup
HKLM\...\Run: [snp2std] - C:\WINDOWS\vsnp2std.exe [675840 2006-09-15] (Sonix)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [ArcSoft Connection Service] - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Sophos AutoUpdate Monitor] - c:\Programme\Sophos\AutoUpdate\almon.exe [900160 2012-07-06] (Sophos Limited)
HKLM\...\Run: [avast] - C:\Programme\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [94208 2005-09-08] (Nero AG)
HKU\basti\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [ 2005-09-08] (Nero AG)
HKU\basti\...\Run: [mscj.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscj.exe
HKU\basti\...\Run: [mscjm.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscjm.exe
HKU\basti\...\Run: [WdHelpSnap] - rundll32.exe "C:\Dokumente und Einstellungen\basti\Lokale Einstellungen\Anwendungsdaten\isaUser32\WdHelpSnap.dll",Applemapdrv userMouseman
HKU\basti\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe [ 2010-12-30] (Adobe Systems, Inc.)
HKU\katharina\...\Run: [srvh] - "C:\WINDOWS\system32\srvh.exe" -autorun
HKU\margarete\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [ 2005-09-08] (Nero AG)
HKU\margarete\...\Run: [] - "srvh.exe" -autorun
HKU\margarete\...\Run: [srvh] - "C:\WINDOWS\system32\srvh.exe" -autorun
HKU\matthias\...\Run: [AdobeUpdater] - C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe [ 2009-01-12] (Adobe Systems Incorporated)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Dokumente und Einstellungen\margarete\Startmenü\Programme\Autostart\Monitor Apache Servers.lnk
ShortcutTarget: Monitor Apache Servers.lnk -> I:\mtpii\ws09\apache\bin\ApacheMonitor.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Mozilla\Firefox\Profiles\6lgj5dmp.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programme\Microsoft Silverlight\npctrl.1.0.20926.0.dll ( Microsoft Corporation)
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Mozilla\Firefox\Profiles\6lgj5dmp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype extension for Firefox - C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Programme\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Programme\AVAST Software\Avast\WebRep\FF
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2007-04-06] ()
R2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 CCALib8; C:\Programme\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117656 2013-09-03] (Mozilla Foundation)
R2 SmcService; C:\Programme\Sygate\SPF\smc.exe [2372760 2004-02-24] (Sygate Technologies, Inc.)
R2 Sophos AutoUpdate Service; c:\Programme\Sophos\AutoUpdate\ALsvc.exe [232512 2012-07-06] (Sophos Limited)
R2 StarWindService; C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [217600 2005-04-01] (Rocket Division Software)
R2 TeamViewer8; C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [5071712 2013-09-12] (TeamViewer GmbH)
==================== Drivers (Whitelisted) ====================
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R3 cmpci; C:\Windows\System32\drivers\cmaudio.sys [374094 2002-03-26] (C-Media Inc)
S3 hidgame; C:\Windows\System32\DRIVERS\hidgame.sys [8576 2001-08-17] (Microsoft Corporation)
S3 Kbardsentca; C:\WINDOWS\system32\drivers\MSPQM.sys [4992 2004-08-03] (Microsoft Corporation)
S3 LwAdiHid; C:\Windows\System32\DRIVERS\LwAdiHid.sys [20864 2004-08-03] (Logitech Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [48728 2013-09-27] (MalwareBytes)
R3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation)
R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2004-11-11] ()
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12039552 2007-04-09] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [642560 2007-04-06] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [21248 2008-04-14] (AVIRA GmbH)
R0 Teefer; C:\Windows\System32\Drivers\Teefer.sys [55891 2004-02-02] (Sygate Technologies, Inc.)
R3 vaxscsi; C:\Windows\System32\Drivers\vaxscsi.sys [223128 2007-04-06] ()
R2 wg3n; C:\Windows\SYSTEM32\Drivers\wg3n.sys [11914 2004-02-02] (Sygate Technologies, Inc.)
R1 wpsdrvnt; C:\WINDOWS\system32\drivers\wpsdrvnt.sys [18518 2004-02-02] (Sygate Technologies, Inc.)
S4 InCDFs; system32\drivers\InCDFs.sys [x]
S1 InCDPass; system32\drivers\InCDPass.sys [x]
S1 InCDRm; system32\drivers\InCDRm.sys [x]
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-30 16:14 - 2013-09-30 16:14 - 00000000 ____D C:\Programme\ESET
2013-09-28 16:42 - 2013-09-28 16:42 - 00000582 _____ C:\Dokumente und Einstellungen\winnie\Desktop\JRT.txt
2013-09-28 13:45 - 2013-10-01 12:19 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
2013-09-28 13:45 - 2013-09-28 13:45 - 00000000 ___DC C:\FRST
2013-09-27 20:48 - 2013-09-27 20:50 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-09-27 20:48 - 2013-09-27 20:48 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-27 12:16 - 2013-10-01 12:16 - 00000308 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-09-27 12:16 - 2013-09-27 12:16 - 00001653 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
2013-09-27 12:16 - 2013-09-27 12:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
2013-09-27 12:16 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00177864 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00049760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-09-27 12:16 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-09-27 12:12 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-09-27 12:10 - 2013-09-27 12:10 - 00000000 ____D C:\Programme\AVAST Software
2013-09-27 12:08 - 2013-09-27 12:10 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
2013-09-27 09:18 - 2013-09-26 18:08 - 131918888 _____ C:\Dokumente und Einstellungen\winnie\Desktop\avast_free_antivirus_setup.exe
2013-09-27 09:10 - 2013-09-27 09:10 - 00045082 _____ C:\Dokumente und Einstellungen\winnie\Desktop\OTL.Txt
2013-09-27 09:10 - 2013-09-27 09:10 - 00030338 _____ C:\Dokumente und Einstellungen\winnie\Desktop\Extras.Txt
2013-09-26 20:18 - 2013-09-26 20:18 - 00000756 _____ C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Malwarebytes
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
2013-09-26 20:17 - 2013-09-26 20:18 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-09-26 20:17 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-09-26 19:00 - 2013-09-26 19:00 - 00001998 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\AdwCleaner[S0].txt
2013-09-26 18:34 - 2013-09-28 16:49 - 00000000 ___DC C:\AdwCleaner
2013-09-26 18:33 - 2013-09-26 18:33 - 00000660 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\JRT.txt
2013-09-26 18:20 - 2013-09-26 18:20 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-26 18:19 - 2013-09-26 18:15 - 01030038 _____ (Thisisu) C:\Dokumente und Einstellungen\winnie\Desktop\JRT.exe
2013-09-26 18:17 - 2013-09-26 18:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Dokumente und Einstellungen\winnie\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-26 18:17 - 2013-09-26 18:14 - 00602112 _____ (OldTimer Tools) C:\Dokumente und Einstellungen\winnie\Desktop\OTL.exe
2013-09-26 18:15 - 2013-09-26 18:15 - 00002450 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\aswMBR.txt
2013-09-26 18:15 - 2013-09-26 18:15 - 00000512 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\MBR.dat
2013-09-26 13:02 - 2013-09-26 13:02 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-09-26 12:59 - 2013-09-27 20:48 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\mbar
2013-09-26 12:55 - 2013-09-26 12:54 - 02237968 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\winnie\Desktop\tdsskiller.exe
2013-09-26 12:22 - 2013-09-26 12:58 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\sophos
2013-09-26 12:10 - 2013-09-26 12:10 - 00001108 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\connections.reg
2013-09-26 09:57 - 2013-09-26 09:57 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Lokale Einstellungen\Anwendungsdaten\Sophos
2013-09-26 09:43 - 2013-09-27 18:59 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos
2013-09-26 09:43 - 2013-09-27 11:48 - 00000000 ____D C:\Programme\Sophos
2013-09-26 09:34 - 2013-09-26 09:34 - 00000000 ____D C:\Programme\MSXML 4.0
2013-09-25 16:21 - 2013-09-26 09:29 - 00000000 ___DC C:\savw_100_sa
2013-09-25 14:15 - 2013-09-25 14:15 - 00000787 _____ C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 8.lnk
2013-09-25 14:15 - 2013-09-25 14:15 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8
2013-09-25 14:14 - 2013-09-25 14:14 - 00000000 ____D C:\Programme\TeamViewer
2013-09-03 17:39 - 2013-09-12 20:55 - 00000000 ____D C:\Programme\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-10-01 12:19 - 2013-09-28 13:45 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
2013-10-01 12:16 - 2013-09-27 12:16 - 00000308 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-10-01 10:28 - 2007-04-02 09:13 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-01 10:28 - 2007-04-02 09:13 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-01 10:28 - 2007-04-02 08:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-01 10:27 - 2007-04-02 08:31 - 00032618 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-01 10:27 - 2007-04-02 08:24 - 00390151 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-01 08:05 - 2007-04-06 14:17 - 00000190 ___SH C:\Dokumente und Einstellungen\winnie\ntuser.ini
2013-09-30 16:14 - 2013-09-30 16:14 - 00000000 ____D C:\Programme\ESET
2013-09-30 16:14 - 2007-04-02 09:10 - 00000000 ___RD C:\Programme
2013-09-30 10:45 - 2004-11-11 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-09-30 09:17 - 2007-04-06 14:17 - 00000000 ____D C:\Dokumente und Einstellungen\winnie
2013-09-28 16:49 - 2013-09-26 18:34 - 00000000 ___DC C:\AdwCleaner
2013-09-28 16:42 - 2013-09-28 16:42 - 00000582 _____ C:\Dokumente und Einstellungen\winnie\Desktop\JRT.txt
2013-09-28 13:45 - 2013-09-28 13:45 - 00000000 ___DC C:\FRST
2013-09-27 20:50 - 2013-09-27 20:48 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-09-27 20:48 - 2013-09-27 20:48 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-27 20:48 - 2013-09-26 12:59 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\mbar
2013-09-27 18:59 - 2013-09-26 09:43 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos
2013-09-27 12:16 - 2013-09-27 12:16 - 00001653 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
2013-09-27 12:16 - 2013-09-27 12:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
2013-09-27 12:16 - 2007-04-02 09:09 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2013-09-27 12:16 - 2007-04-02 08:26 - 00002951 ____C C:\WINDOWS\system32\CONFIG.NT
2013-09-27 12:10 - 2013-09-27 12:10 - 00000000 ____D C:\Programme\AVAST Software
2013-09-27 12:10 - 2013-09-27 12:08 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
2013-09-27 11:48 - 2013-09-26 09:43 - 00000000 ____D C:\Programme\Sophos
2013-09-27 09:10 - 2013-09-27 09:10 - 00045082 _____ C:\Dokumente und Einstellungen\winnie\Desktop\OTL.Txt
2013-09-27 09:10 - 2013-09-27 09:10 - 00030338 _____ C:\Dokumente und Einstellungen\winnie\Desktop\Extras.Txt
2013-09-27 07:56 - 2007-04-02 10:02 - 00000000 ____D C:\WINDOWS\twain_32
2013-09-26 20:18 - 2013-09-26 20:18 - 00000756 _____ C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Malwarebytes
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
2013-09-26 20:18 - 2013-09-26 20:17 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-09-26 19:00 - 2013-09-26 19:00 - 00001998 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\AdwCleaner[S0].txt
2013-09-26 18:33 - 2013-09-26 18:33 - 00000660 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\JRT.txt
2013-09-26 18:20 - 2013-09-26 18:20 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-26 18:16 - 2007-04-06 11:05 - 00000190 __SHC C:\Dokumente und Einstellungen\matthias\ntuser.ini
2013-09-26 18:15 - 2013-09-26 18:19 - 01030038 _____ (Thisisu) C:\Dokumente und Einstellungen\winnie\Desktop\JRT.exe
2013-09-26 18:15 - 2013-09-26 18:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Dokumente und Einstellungen\winnie\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-26 18:15 - 2013-09-26 18:15 - 00002450 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\aswMBR.txt
2013-09-26 18:15 - 2013-09-26 18:15 - 00000512 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\MBR.dat
2013-09-26 18:14 - 2013-09-26 18:17 - 00602112 _____ (OldTimer Tools) C:\Dokumente und Einstellungen\winnie\Desktop\OTL.exe
2013-09-26 18:08 - 2013-09-27 09:18 - 131918888 _____ C:\Dokumente und Einstellungen\winnie\Desktop\avast_free_antivirus_setup.exe
2013-09-26 15:59 - 2007-04-02 08:23 - 00000000 ____D C:\WINDOWS\srchasst
2013-09-26 13:02 - 2013-09-26 13:02 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-09-26 12:58 - 2013-09-26 12:22 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\sophos
2013-09-26 12:54 - 2013-09-26 12:55 - 02237968 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\winnie\Desktop\tdsskiller.exe
2013-09-26 12:32 - 2013-05-27 11:14 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Siblhzisnrb
2013-09-26 12:10 - 2013-09-26 12:10 - 00001108 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\connections.reg
2013-09-26 09:57 - 2013-09-26 09:57 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Lokale Einstellungen\Anwendungsdaten\Sophos
2013-09-26 09:34 - 2013-09-26 09:34 - 00000000 ____D C:\Programme\MSXML 4.0
2013-09-26 09:29 - 2013-09-25 16:21 - 00000000 ___DC C:\savw_100_sa
2013-09-26 09:27 - 2007-04-02 09:09 - 00796344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-25 15:03 - 2010-12-25 19:09 - 00000000 ____D C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744
2013-09-25 14:15 - 2013-09-25 14:15 - 00000787 _____ C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 8.lnk
2013-09-25 14:15 - 2013-09-25 14:15 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8
2013-09-25 14:14 - 2013-09-25 14:14 - 00000000 ____D C:\Programme\TeamViewer
2013-09-25 13:08 - 2007-04-06 14:21 - 00002495 _____ C:\Dokumente und Einstellungen\winnie\Desktop\Microsoft Word.lnk
2013-09-24 21:47 - 2007-08-22 15:04 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\e5
2013-09-22 11:55 - 2007-07-21 17:22 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\Ku5
2013-09-22 11:49 - 2007-04-15 20:26 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\d6
2013-09-22 11:47 - 2007-11-06 22:02 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\d5
2013-09-19 10:23 - 2007-04-10 12:30 - 00000190 ___SH C:\Dokumente und Einstellungen\margarete\ntuser.ini
2013-09-18 15:40 - 2007-07-21 17:39 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\formulare
2013-09-13 19:07 - 2012-07-09 17:53 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-09-12 20:55 - 2013-09-03 17:39 - 00000000 ____D C:\Programme\Mozilla Firefox
Files to move or delete:
====================
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\dm.ini
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 1035264 ____A (Microsoft Corporation) 22fe1be02eadde1632e478e4125639e0
C:\Windows\System32\winlogon.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0507392 ____A (Microsoft Corporation) 2b6a0baf33a9918f09442d873848ff72
C:\Windows\System32\svchost.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0014336 ____A (Microsoft Corporation) 65a819b121eb6fdab4400ea42bdffe64
C:\Windows\System32\services.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0108544 ____A (Microsoft Corporation) edb6b81761bd60f32f740bbc40afb676
C:\Windows\System32\User32.dll
[2004-11-11 14:00] - [2004-11-11 14:00] - 0578560 ____A (Microsoft Corporation) 56785fd5236d7b22cf471a6da9db46d8
C:\Windows\System32\userinit.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0025088 ____A (Microsoft Corporation) d1e53dc57143f2584b1dd53b036c0633
C:\Windows\System32\Drivers\volsnap.sys
[2004-11-11 14:00] - [2004-11-11 14:00] - 0053760 ____A (Microsoft Corporation) d6888520ff56d72a50437e371ca25fc9
==================== End Of Log ============================
--- --- --- 2. Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-09-2013 01
Ran by winnie at 2013-10-01 12:35:03
Running from C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
Adobe Flash Player 10 Plugin (Version: 10.1.102.64)
Adobe Photoshop CS (Version: CS)
Adobe Reader 8.1.2 - Deutsch (Version: 8.1.2)
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Apache HTTP Server 2.2.10 (Version: 2.2.10)
avast! Free Antivirus (Version: 8.0.1497.0)
Bomberclone
Bridge Builder
Canon Camera Access Library (Version: 8.1.1.17)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.2.0.8)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.1.0.7)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.2.0.5)
Canon Internet Library for ZoomBrowser EX (Version: 1.4.2.6)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.4.0.7)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.5.0.5)
Canon Utilities Digital Photo Professional 2.2 (Version: 2.2.0.1)
Canon Utilities EOS Utility (Version: 1.1.0.8)
Canon Utilities PhotoStitch (Version: 3.1.18.42)
Canon Utilities ZoomBrowser EX (Version: 5.7.0.74)
CorelDRAW Graphics Suite 12 (Version: 12.0.0.458)
ElsterFormular für Privatanwender (Version: 12.3.2.6814p)
EPSON PhotoQuicker3.5
EPSON Web-To-Page
EPSON-Drucker-Software
ESC86 Referenzhandbuch
ESC86 Softwarehandbuch
ESET Online Scanner v3
FreePDF XP (Remove only)
GTK+ Runtime 2.14.7 rev a (remove only)
IrfanView (remove only)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MediaImpression 2.0 for PENTAX (Version: 2.0.63.630)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft Office XP Professional mit FrontPage (Version: 10.0.2701.01)
Microsoft Silverlight (Version: 1.0.20926.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero 7 Ultra Edition (Version: 7.00.0177)
PCI Audio Driver
RedMon - Redirection Port Monitor
ScanToWeb
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.158)
Skype™ 5.0 (Version: 5.0.152)
SkyTest® FQ-Trainingssoftware 2.0
Sophos AutoUpdate (Version: 2.7.4.317)
Sygate Personal Firewall (Version: 5.5.2307)
TeamViewer 8 (Version: 8.0.20935)
USB Scanner
USB2.0 PC Camera (SN9C201&202) (Version: 5.7.22.000)
VirtuaGirl HD
WebFldrs XP (Version: 9.50.7523)
Windows Installer 3.1 (KB893803) (Version: 3.1)
WinRAR Archivierer
WINZD 2013-04
ZTestHL 12.0.0 (Version: 12.0.0)
==================== Restore Points =========================
25-07-2013 13:33:23 Systemprüfpunkt
03-09-2013 16:42:09 Systemprüfpunkt
25-09-2013 12:35:24 Systemprüfpunkt
26-09-2013 07:09:19 Avira AntiVir Personal - 26.09.2013 09:08
26-09-2013 07:33:45 Installed MSXML 4.0 SP3 Parser
26-09-2013 07:35:06 Sophos Anti-Virus wird installiert
26-09-2013 07:55:17 Sophos AutoUpdate wird installiert
26-09-2013 13:53:47 Malwarebytes Anti-Rootkit Restore Point
27-09-2013 07:36:43 Sophos Anti-Virus wird entfernt
27-09-2013 10:10:15 avast! Free Antivirus Setup
28-09-2013 18:13:24 Systemprüfpunkt
30-09-2013 02:29:29 Systemprüfpunkt
01-10-2013 02:33:00 Systemprüfpunkt
==================== Hosts content: ==========================
2004-11-11 14:00 - 2004-11-11 14:00 - 00000820 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Programme\AVAST Software\Avast\AvastEmUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-09-30 23:16 - 2013-09-30 21:21 - 02102784 _____ () C:\Programme\AVAST Software\Avast\defs\13093001\algo.dll
2008-02-12 20:52 - 2005-01-06 19:33 - 00116224 _____ () C:\WINDOWS\system32\redmonnt.dll
2007-04-06 10:29 - 2005-10-19 11:56 - 00125952 ____N () C:\Programme\WinRAR\rarext.dll
2004-11-11 14:00 - 2004-11-11 14:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/27/2013 00:27:17 PM) (Source: crypt32) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (09/27/2013 00:27:05 PM) (Source: crypt32) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (09/27/2013 00:27:02 PM) (Source: crypt32) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (09/19/2013 10:04:19 AM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.
Error: (09/19/2013 10:04:19 AM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.
Error: (09/12/2013 05:57:30 PM) (Source: Microsoft Office 10) (User: )
Description: Faulting application winword.exe, version 10.0.2627.0, faulting module winword.exe, version 10.0.2627.0, fault address 0x00046c3b.
Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.
Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.
Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.
Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.
System errors:
=============
Error: (10/01/2013 09:42:54 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Canon Camera Access Library 8" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/01/2013 09:42:54 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TeamViewer 8" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error: (10/01/2013 09:42:53 AM) (Source: Service Control Manager) (User: )
Description: Dienst "StarWind iSCSI Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/01/2013 09:42:53 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Sophos AutoUpdate Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/01/2013 09:42:52 AM) (Source: Service Control Manager) (User: )
Description: Dienst "ArcSoft Connect Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/01/2013 09:42:52 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Sygate Personal Firewall" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/01/2013 08:08:24 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: 2147500037 (0x80004005).
Error: (10/01/2013 08:08:15 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: Der Server "{4991D34B-80A1-4291-83B6-3328366B9097}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (09/30/2013 10:46:49 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: Der Server "{4991D34B-80A1-4291-83B6-3328366B9097}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (09/30/2013 10:46:19 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: 2147500037 (0x80004005).
Microsoft Office Sessions:
=========================
Error: (09/27/2013 00:27:17 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (09/27/2013 00:27:05 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (09/27/2013 00:27:02 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (09/19/2013 10:04:19 AM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a
Error: (09/19/2013 10:04:19 AM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a
Error: (09/12/2013 05:57:30 PM) (Source: Microsoft Office 10)(User: )
Description: winword.exe10.0.2627.0winword.exe10.0.2627.000046c3b
Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a
Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a
Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a
Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a
==================== Memory info ===========================
Percentage of memory in use: 64%
Total physical RAM: 511.49 MB
Available physical RAM: 181.24 MB
Total Pagefile: 1249.44 MB
Available Pagefile: 936.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.33 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:19.53 GB) (Free:4.16 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:14.65 GB) (Free:3.29 GB) NTFS
Drive e: () (Fixed) (Total:3.98 GB) (Free:3.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 38 GB) (Disk ID: 0AE20AE1)
Partition 1: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=19 GB) - (Type=OF Extended)
==================== End Of Log ============================
pummel |
|
01.10.2013, 19:03
| #4 |
| /// the machine /// TB-Ausbilder | TDSSKiller: MEM:Backdoor.Win32.Sinowal.dCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.10.2013, 16:16
| #5 |
| | TDSSKiller: MEM:Backdoor.Win32.Sinowal.d Also, ich hab das jetzt mal installiert und gestartet, nachdem ich Firewall und Avast deaktiviert habe. Die Wiederherstellungskonsole wurde ordnungsgemäß installiert. Ist es normal, dass Combofix nach starten des Scans drei Stunden quasi bei 0% (letzter Eintrag in der Konsole: "Scanzeit kann sich bei stark infizierten usw.") steht oder ist da noch etwas anderes nicht so, wie es sein soll? Ich werde es nun auf jeden Fall mal über Nacht laufen lassen, mal sehen, ob sich da noch was tut. Beste Grüße, pummel |
|
03.10.2013, 07:30
| #6 |
| /// the machine /// TB-Ausbilder | TDSSKiller: MEM:Backdoor.Win32.Sinowal.d Wenn es immer noch läuft abbrechen, Combofix löschen und neu laden.
__________________ --> TDSSKiller: MEM:Backdoor.Win32.Sinowal.d |
|
07.10.2013, 08:14
| #7 |
| | TDSSKiller: MEM:Backdoor.Win32.Sinowal.d Hallo schrauber, es hat nun endlich mit combofix geklappt, nach langem Hin und Her. Hier das logfile: Code:
ATTFilter ComboFix 13-10-04.02 - winnie 05.10.2013 19:33:41.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.511.269 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\winnie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\AdobeDLM.log
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\Verknüpfung mit xp-AntiSpy.exe.lnk
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
.
c:\windows\system32\drivers\usbehci.sys . . . fehlt!!
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-09-05 bis 2013-10-05 ))))))))))))))))))))))))))))))
.
.
2013-10-04 07:41 . 2013-10-04 07:41 -------- d-----w- c:\windows\system32\CatRoot2
2013-10-04 07:22 . 2013-10-04 07:22 -------- d-s---w- c:\dokumente und einstellungen\winnie\UserData
2013-09-30 14:14 . 2013-09-30 14:14 -------- d-----w- c:\programme\ESET
2013-09-28 11:45 . 2013-09-28 11:45 -------- dc----w- C:\FRST
2013-09-27 18:48 . 2013-09-27 18:50 -------- dc----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-09-27 18:48 . 2013-09-27 18:48 48728 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-09-27 10:16 . 2013-08-30 07:48 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-09-27 10:16 . 2013-08-30 07:48 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-09-27 10:16 . 2013-08-30 07:48 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-09-27 10:16 . 2013-08-30 07:48 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-09-27 10:16 . 2013-08-30 07:48 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-27 10:16 . 2013-08-30 07:48 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-27 10:16 . 2013-08-30 07:48 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-27 10:16 . 2013-08-30 07:48 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-27 10:16 . 2013-08-30 07:47 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-09-27 10:12 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr
2013-09-27 10:10 . 2013-09-27 10:10 -------- d-----w- c:\programme\AVAST Software
2013-09-27 10:08 . 2013-09-27 10:10 -------- dc----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVAST Software
2013-09-26 18:18 . 2013-09-26 18:18 -------- d-----w- c:\dokumente und einstellungen\winnie\Anwendungsdaten\Malwarebytes
2013-09-26 18:17 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-26 18:17 . 2013-09-26 18:18 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2013-09-26 16:34 . 2013-09-28 14:49 -------- dc----w- C:\AdwCleaner
2013-09-26 16:20 . 2013-09-26 16:20 -------- d-----w- c:\windows\ERUNT
2013-09-26 11:02 . 2013-09-26 11:02 -------- dc----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-09-26 07:57 . 2013-09-26 07:57 -------- d-----w- c:\dokumente und einstellungen\winnie\Lokale Einstellungen\Anwendungsdaten\Sophos
2013-09-26 07:43 . 2013-09-27 16:59 -------- dc----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Sophos
2013-09-26 07:34 . 2013-09-26 07:34 -------- d-----w- c:\programme\MSXML 4.0
2013-09-25 14:21 . 2013-09-26 07:29 -------- dc----w- C:\savw_100_sa
2013-09-25 12:14 . 2013-09-25 12:14 -------- d-----w- c:\programme\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2004-11-11 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2004-11-11 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-11-11 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2004-11-11 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-11-11 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2004-11-11 . B128FC0A5CD83F669D5DE4B58F77C7D6 . 25216 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2004-11-11 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2004-11-11 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2004-11-11 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2004-11-11 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2004-11-11 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-11-11 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2004-11-11 . 09EB23A4567BDD56D9580A059E616E23 . 359040 . . [5.1.2600.2505] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2004-11-11 . D8653DCD80CF2EBB333FC4FCC43A7DEF . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
[-] 2004-11-11 . D8653DCD80CF2EBB333FC4FCC43A7DEF . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll
.
[-] 2004-11-11 . 183805EB05BCA5A1E4AAAED4D2BE3690 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2004-11-11 . 183805EB05BCA5A1E4AAAED4D2BE3690 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2004-11-11 . CDF4DA6B518105343FE9E8AFBBF8FBF4 . 198144 . . [5.1.2600.2180] . . c:\windows\system32\netman.dll
[-] 2004-11-11 . CDF4DA6B518105343FE9E8AFBBF8FBF4 . 198144 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2004-11-11 12:00 . 4B9D9E2708019763C5A72DA776DB1158 . 846848 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
[-] 2004-11-11 12:00 . 4B9D9E2708019763C5A72DA776DB1158 . 846848 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2004-11-11 . 3A5E54A9AB96EF2D273B58136FB58EFE . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[-] 2004-11-11 . 3A5E54A9AB96EF2D273B58136FB58EFE . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2004-11-11 . 9F28FF58D6D67B123272869D89D14004 . 395776 . . [5.1.2600.2180] . . c:\windows\system32\rpcss.dll
[-] 2004-11-11 . 9F28FF58D6D67B123272869D89D14004 . 395776 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\rpcss.dll
.
[-] 2004-11-11 . EDB6B81761BD60F32F740BBC40AFB676 . 108544 . . [5.1.2600.2180] . . c:\windows\system32\services.exe
[-] 2004-11-11 . EDB6B81761BD60F32F740BBC40AFB676 . 108544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\services.exe
.
[-] 2004-11-11 . 54E7113A4BD696E430919BCAF5C65E06 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe
[-] 2004-11-11 . 54E7113A4BD696E430919BCAF5C65E06 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\spoolsv.exe
.
[-] 2004-11-11 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-11-11 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2004-11-11 . 032CA12162E89E545356525554EA12A7 . 111616 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2004-11-11 . 032CA12162E89E545356525554EA12A7 . 111616 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe
.
[-] 2004-11-11 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2004-11-11 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2004-11-11 . 2CF914215226B3F7FA1AE4A47E4D261C . 611328 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-11-11 . 2CF914215226B3F7FA1AE4A47E4D261C . 611328 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2004-11-11 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-11-11 . 9D0F57B9C65BF8A07DB655A9ED6EB2EE . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2004-11-11 . 1A5F9DB98DF7955B4C7CBDBF2C638238 . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
[-] 2004-11-11 . 1A5F9DB98DF7955B4C7CBDBF2C638238 . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2004-11-11 12:00 . 4E1A8645EE77CB9454FFE53C59620A25 . 243200 . . [2001.12.4414.258] . . c:\windows\system32\es.dll
[-] 2004-11-11 12:00 . 4E1A8645EE77CB9454FFE53C59620A25 . 243200 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\es.dll
.
[-] 2004-11-11 . 94101D13A1818A9D08337EEC12ED277A . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2004-11-11 . 94101D13A1818A9D08337EEC12ED277A . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2004-11-11 . E6CD85D0D37416CF138F01F4BB0FC872 . 1057280 . . [5.1.2600.2180] . . c:\windows\system32\kernel32.dll
[-] 2004-11-11 . E6CD85D0D37416CF138F01F4BB0FC872 . 1057280 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\kernel32.dll
.
[-] 2004-11-11 . 3898FFF548E2968CB3AC5A71D7F4E425 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\linkinfo.dll
[-] 2004-11-11 . 3898FFF548E2968CB3AC5A71D7F4E425 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2004-11-11 . B4AD65C79F85C61D32C015B11E03CAAD . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2004-11-11 . B4AD65C79F85C61D32C015B11E03CAAD . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2004-11-11 . CAC51AD576713E5F0CE2251ED3A7FE82 . 3003392 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-11-11 . CAC51AD576713E5F0CE2251ED3A7FE82 . 3003392 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll
.
[-] 2004-11-11 . B30BAA48E5063E71C76280E34E7E4802 . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2004-11-11 . B30BAA48E5063E71C76280E34E7E4802 . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2004-11-11 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-11-11 . 365B3C43810E1CF41B3BE1E7180F583B . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2004-11-11 . B36E08F680BAE4DFC5C24D00A2DFC9E7 . 247296 . . [5.1.2600.2180] . . c:\windows\system32\mswsock.dll
[-] 2004-11-11 . B36E08F680BAE4DFC5C24D00A2DFC9E7 . 247296 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\mswsock.dll
.
[-] 2004-11-11 . D27395EDCD3416AFD125A9370DCB585C . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2004-11-11 . D27395EDCD3416AFD125A9370DCB585C . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2004-11-11 . 5604574D490B798BD9A946B021A766AD . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2004-11-11 . 5604574D490B798BD9A946B021A766AD . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2004-11-11 . 64DC26B3CF7BCCAD431CE360A4C625D5 . 186880 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2004-11-11 . 64DC26B3CF7BCCAD431CE360A4C625D5 . 186880 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2004-11-11 . F62934BC94299083EBFC8810242D8640 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2004-11-11 . F62934BC94299083EBFC8810242D8640 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2004-11-11 . 65A819B121EB6FDAB4400EA42BDFFE64 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2004-11-11 . 65A819B121EB6FDAB4400EA42BDFFE64 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2004-11-11 . 4584E2A5FE662AB3E7C32936E1449043 . 246272 . . [5.1.2600.2180] . . c:\windows\system32\tapisrv.dll
[-] 2004-11-11 . 4584E2A5FE662AB3E7C32936E1449043 . 246272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2004-11-11 . 56785FD5236D7B22CF471A6DA9DB46D8 . 578560 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
[-] 2004-11-11 . 56785FD5236D7B22CF471A6DA9DB46D8 . 578560 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2004-11-11 . D1E53DC57143F2584B1DD53B036C0633 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2004-11-11 . D1E53DC57143F2584B1DD53B036C0633 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2004-11-11 . B1A1DA99C4A6EBFD59F86A453BF02F39 . 662016 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-11-11 . B1A1DA99C4A6EBFD59F86A453BF02F39 . 662016 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll
.
[-] 2004-11-11 . D569240A22421D5F670BB6FB6DD522B5 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2004-11-11 . D569240A22421D5F670BB6FB6DD522B5 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2004-11-11 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
[-] 2004-11-11 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2004-11-11 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-11-11 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2004-11-11 . 8193CE5FB09E83F2699FD65BBCBE2FD2 . 153600 . . [5.1.2600.2180] . . c:\windows\regedit.exe
[-] 2004-11-11 . 8193CE5FB09E83F2699FD65BBCBE2FD2 . 153600 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2004-11-11 . D700449AD3045E81680C25A79620A171 . 1281536 . . [5.1.2600.2180] . . c:\windows\system32\ole32.dll
[-] 2004-11-11 . D700449AD3045E81680C25A79620A171 . 1281536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ole32.dll
.
[-] 2004-11-11 . E4E40EAFF464EBE7752BAD3D82AF1715 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\usp10.dll
[-] 2004-11-11 . E4E40EAFF464EBE7752BAD3D82AF1715 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\dllcache\usp10.dll
.
[-] 2004-08-03 . 4721744CE11F385073F6F9F7831752C7 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll
[-] 2004-08-03 . 4721744CE11F385073F6F9F7831752C7 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\ksuser.dll
.
[-] 2004-11-11 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-11-11 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2004-11-11 . BAC5F7F0C2B8C1B9832594851E0F9914 . 135168 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll
[-] 2004-11-11 . BAC5F7F0C2B8C1B9832594851E0F9914 . 135168 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\shsvcs.dll
.
[-] 2004-11-11 . 3B8A9C87027BF8D6D156BE5FA6E8EBC6 . 4608 . . [5.1.2600.2180] . . c:\windows\system32\msimg32.dll
[-] 2004-11-11 . 3B8A9C87027BF8D6D156BE5FA6E8EBC6 . 4608 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msimg32.dll
.
[-] 2004-11-11 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-11-11 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2004-11-11 . 7D3E0BEB62799112F5C9FF717D72BF29 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-11-11 . 7D3E0BEB62799112F5C9FF717D72BF29 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2004-11-11 . 8302DE1C64618D72346DD0034DBC5D9B . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
[-] 2004-11-11 . 8302DE1C64618D72346DD0034DBC5D9B . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2004-11-11 . 00E9FF65CC5C4F965ABB0C7BBDAE8309 . 733696 . . [5.1.2600.2180] . . c:\windows\system32\ntdll.dll
[-] 2004-11-11 . 00E9FF65CC5C4F965ABB0C7BBDAE8309 . 733696 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntdll.dll
.
[-] 2004-11-11 . C7329927E2C73450323565DCFE17D78E . 177152 . . [5.1.2600.2180] . . c:\windows\system32\MSCTFIME.IME
[-] 2004-11-11 . C7329927E2C73450323565DCFE17D78E . 177152 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msctfime.ime
.
[-] 2004-11-11 . B932C077D5A65B71B4512544AC404CB4 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2004-11-11 . B932C077D5A65B71B4512544AC404CB4 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2004-11-11 . 80F7B7198B869C07C98627AF812D68B6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2004-11-11 . 80F7B7198B869C07C98627AF812D68B6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2004-11-11 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2004-11-11 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2004-11-11 . AE81CF7D7CFA79CD03E8FB99788A7E09 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2004-11-11 . AE81CF7D7CFA79CD03E8FB99788A7E09 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2004-11-11 . D5E73842F38E24457C63FEF8CEFFBE19 . 192000 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2004-11-11 . D5E73842F38E24457C63FEF8CEFFBE19 . 192000 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2004-11-11 . 6FA03B462B2FFFE2627171B7FE73EE29 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-11-11 . 6FA03B462B2FFFE2627171B7FE73EE29 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2004-11-11 . 1850BC10DE5DCCCEDE063FC2D0F2CEDA . 297472 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
[-] 2004-11-11 . 1850BC10DE5DCCCEDE063FC2D0F2CEDA . 297472 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2004-11-11 . AE93E415220A4C0112768A0DEE36D28D . 348672 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
[-] 2004-11-11 . AE93E415220A4C0112768A0DEE36D28D . 348672 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2004-11-11 . BECD5328E7869807D6557BE4FE60C72F . 175616 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[-] 2004-11-11 . BECD5328E7869807D6557BE4FE60C72F . 175616 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll
.
[-] 2004-11-11 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2004-11-11 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys
.
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\AGP440.SYS
.
[-] 2004-11-11 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-11-11 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2004-11-11 12:00 . 31DD27AB47F62D383505F35CA972748B . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
[-] 2004-11-11 12:00 . 31DD27AB47F62D383505F35CA972748B . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll
.
[-] 2004-11-11 . E5215AB942C5AC5F7EB0E54871D7A27C . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2004-11-11 . E5215AB942C5AC5F7EB0E54871D7A27C . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2004-11-11 12:00 . 5FDCCC838CD95F61097D8A637F842AA8 . 25600 . . [10.0.3790.3646] . . c:\windows\system32\mspmsnsv.dll
[-] 2004-11-11 12:00 . 5FDCCC838CD95F61097D8A637F842AA8 . 25600 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[-] 2004-11-11 . CE41FC4C06499A389D39B301879535FB . 2059136 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2004-11-11 12:00 . 428AA946A8D9F32DBB4260C8E6E13377 . 438272 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2004-11-11 12:00 . 428AA946A8D9F32DBB4260C8E6E13377 . 438272 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2004-11-11 . 09D4A2D7C5A8ABEC227D118765FAADDF . 185856 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll
[-] 2004-11-11 . 09D4A2D7C5A8ABEC227D118765FAADDF . 185856 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2004-11-11 . 7DB3393F98E4211F5CE8F003DE0615CF . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
[-] 2004-11-11 . 7DB3393F98E4211F5CE8F003DE0615CF . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2004-11-11 . 20AE7889467887B869F30308EEED9A2A . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll
[-] 2004-11-11 . 20AE7889467887B869F30308EEED9A2A . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2004-11-11 . CAC545A56482DE01640E6B791DE19944 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll
[-] 2004-11-11 . CAC545A56482DE01640E6B791DE19944 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2004-11-11 12:00 . 1404D3DD4ED4F5E2A938B43794049A81 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
[-] 2004-11-11 12:00 . 1404D3DD4ED4F5E2A938B43794049A81 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2004-11-11 . 007BFD01772B5202C5CE4F208A2F3F46 . 41984 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll
[-] 2004-11-11 . 007BFD01772B5202C5CE4F208A2F3F46 . 41984 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2004-11-11 . 4EF2FDC0A085C8339ED4D9C59CE8FC60 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
[-] 2004-11-11 . 4EF2FDC0A085C8339ED4D9C59CE8FC60 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\version.dll
.
[-] 2004-11-11 . B39A6AF04A431E317C85BF061719E705 . 93184 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe
.
[-] 2004-11-11 . DC888C9C4CA0EEA7A3CB7E6B610F75C7 . 2183296 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe
.
[-] 2004-11-11 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-11-11 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2004-11-11 . C6D874CD2A5B83CD11CDEBD28A638584 . 176640 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll
[-] 2004-11-11 . C6D874CD2A5B83CD11CDEBD28A638584 . 176640 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2004-11-11 . 7E751068ADA60FC77638622E86A7CD9E . 333824 . . [5.1.2600.2180] . . c:\windows\system32\wiaservc.dll
[-] 2004-11-11 . 7E751068ADA60FC77638622E86A7CD9E . 333824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2004-11-11 . 32641AE4D340C1AC2D9B3A3BD71F5C47 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\midimap.dll
[-] 2004-11-11 . 32641AE4D340C1AC2D9B3A3BD71F5C47 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2004-11-11 . 84028E2EBE7A25494766673A5FF4B304 . 8192 . . [5.1.2600.2180] . . c:\windows\system32\rasadhlp.dll
[-] 2004-11-11 . 84028E2EBE7A25494766673A5FF4B304 . 8192 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\rasadhlp.dll
.
[-] 2004-11-11 . 3FEADE4D0B41D22E8B8460739A9B4FEE . 19968 . . [5.1.2600.2180] . . c:\windows\system32\wshtcpip.dll
[-] 2004-11-11 . 3FEADE4D0B41D22E8B8460739A9B4FEE . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wshtcpip.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\programme\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CorelDRAW Graphics Suite 11b"="c:\programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe" [2003-11-27 733184]
"EPSON Stylus C86 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE" [2003-11-25 99840]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2007-06-26 312320]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"C-Media Mixer"="Mixer.exe" [2002-03-25 1228800]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"ArcSoft Connection Service"="c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avast"="c:\programme\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-6 113664]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 -c----w- c:\windows\system32\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [27.09.2013 12:16 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [27.09.2013 12:16 177864]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06.04.2007 10:31 642560]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27.09.2013 12:16 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27.09.2013 12:16 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.09.2013 12:16 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [27.09.2013 12:16 66336]
R2 TeamViewer8;TeamViewer 8;c:\programme\TeamViewer\Version8\TeamViewer_Service.exe [25.09.2013 14:15 5071712]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [06.04.2007 10:40 223128]
S3 Kbardsentca;Kbardsentca;c:\windows\system32\drivers\MSPQM.sys [02.04.2007 09:13 4992]
S3 LwAdiHid;Logitech WingMan-Digitalgeräte (autom. Erkennung);c:\windows\system32\drivers\LwAdiHid.sys [12.01.2009 21:51 20864]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [27.09.2013 20:48 48728]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 78033611
*Deregistered* - 78033611
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\programme\AVAST Software\Avast\AvastEmUpdate.exe [2013-09-27 07:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Connection Wizard,ShellNext = "c:\programme\Outlook Express\msimn.exe" //mailurl:mailto:nies@bruehl.de
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\winnie\Anwendungsdaten\Mozilla\Firefox\Profiles\6lgj5dmp.default\
FF - ExtSQL: 2013-09-27 12:13; wrc@avast.com; c:\programme\AVAST Software\Avast\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-NWEReboot - (no file)
c:\dokumente und einstellungen\margarete\Startmenü\Programme\Autostart\Monitor Apache Servers.lnk - i:\mtpii\ws09\apache\bin\ApacheMonitor.exe
MSConfigStartUp-ICQ Lite - c:\programme\ICQLite\ICQLite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-10-05 19:46
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\sfc_os.dll
.
Zeit der Fertigstellung: 2013-10-05 19:51:08
ComboFix-quarantined-files.txt 2013-10-05 17:51
.
Vor Suchlauf: 5.658.624.000 Bytes frei
Nach Suchlauf: 5.088.423.936 Bytes frei
.
- - End Of File - - AF5B334C9B1EEE4850940DEBA22F4CE3
72B8CE41AF0DE751C946802B3ED844B4
pummel |
|
07.10.2013, 11:59
| #8 |
| /// the machine /// TB-Ausbilder | TDSSKiller: MEM:Backdoor.Win32.Sinowal.d Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.10.2013, 15:25
| #9 |
| | TDSSKiller: MEM:Backdoor.Win32.Sinowal.d So, dann wollen wir mal: 1. MBAM Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.07.06 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 winnie :: ASGARD [Administrator] 07.10.2013 13:18:47 mbam-log-2013-10-07 (13-18-47).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 333227 Laufzeit: 11 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.006 - Bericht erstellt am 07/10/2013 um 13:52:59
# Updated 01/10/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 2 (32 bits)
# Benutzername : winnie - ASGARD
# Gestartet von : C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v6.0.2900.2180
-\\ Mozilla Firefox v23.0.1 (de)
[ Datei : C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Mozilla\Firefox\Profiles\reb0wa3w.default\prefs.js ]
[ Datei : C:\Dokumente und Einstellungen\matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\nzyh41fj.default\prefs.js ]
[ Datei : C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Mozilla\Firefox\Profiles\6lgj5dmp.default\prefs.js ]
[ Datei : C:\Dokumente und Einstellungen\basti\Anwendungsdaten\Mozilla\Firefox\Profiles\ut85a9op.default\prefs.js ]
[ Datei : C:\Dokumente und Einstellungen\margarete\Anwendungsdaten\Mozilla\Firefox\Profiles\0xlfyphi.default\prefs.js ]
[ Datei : C:\Dokumente und Einstellungen\katharina\Anwendungsdaten\Mozilla\Firefox\Profiles\4jeiq4jn.default\prefs.js ]
[ Datei : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rw0d39ah.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1937 octets] - [26/09/2013 18:35:27]
AdwCleaner[R1].txt - [1730 octets] - [28/09/2013 16:45:51]
AdwCleaner[R2].txt - [1850 octets] - [07/10/2013 13:42:26]
AdwCleaner[S0].txt - [1998 octets] - [26/09/2013 18:40:07]
AdwCleaner[S1].txt - [1791 octets] - [28/09/2013 16:49:04]
AdwCleaner[S2].txt - [1771 octets] - [07/10/2013 13:52:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1831 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Microsoft Windows XP x86
Ran by winnie on 07.10.2013 at 14:03:34,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.10.2013 at 15:22:34,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by winnie (administrator) on ASGARD on 07-10-2013 15:36:45
Running from C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 6
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AVAST Software) C:\Programme\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
(Rocket Division Software) C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
(Canon Inc.) C:\Programme\Canon\CAL\CALMAIN.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Desktop.exe
(TeamViewer GmbH) c:\programme\teamviewer\version8\TeamViewer.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
(shbox.de) C:\Programme\FreePDF_XP\fpassist.exe
(C-Media Electronic Inc. (www.cmedia.com.tw)) C:\WINDOWS\Mixer.exe
(Sonix) C:\WINDOWS\vsnp2std.exe
(ArcSoft Inc.) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
(AVAST Software) C:\Programme\AVAST Software\Avast\avastUI.exe
(Nero AG) C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\tv_w32.exe
(ArcSoft Inc.) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [CorelDRAW Graphics Suite 11b] - C:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe [733184 2003-11-28] (Corel Corporation)
HKLM\...\Run: [EPSON Stylus C86 Series] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE [99840 2003-11-25] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FreePDF Assistant] - C:\Programme\FreePDF_XP\fpassist.exe [312320 2007-06-26] (shbox.de)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [C-Media Mixer] - Mixer.exe /startup
HKLM\...\Run: [snp2std] - C:\WINDOWS\vsnp2std.exe [675840 2006-09-15] (Sonix)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [avast] - C:\Programme\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [94208 2005-09-08] (Nero AG)
HKU\basti\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [ 2005-09-08] (Nero AG)
HKU\basti\...\Run: [mscj.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscj.exe
HKU\basti\...\Run: [mscjm.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscjm.exe
HKU\basti\...\Run: [WdHelpSnap] - rundll32.exe "C:\Dokumente und Einstellungen\basti\Lokale Einstellungen\Anwendungsdaten\isaUser32\WdHelpSnap.dll",Applemapdrv userMouseman
HKU\basti\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe [ 2010-12-30] (Adobe Systems, Inc.)
HKU\katharina\...\Run: [srvh] - "C:\WINDOWS\system32\srvh.exe" -autorun
HKU\margarete\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [ 2005-09-08] (Nero AG)
HKU\margarete\...\Run: [] - "srvh.exe" -autorun
HKU\margarete\...\Run: [srvh] - "C:\WINDOWS\system32\srvh.exe" -autorun
HKU\matthias\...\Run: [AdobeUpdater] - C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe [ 2009-01-12] (Adobe Systems Incorporated)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Mozilla\Firefox\Profiles\6lgj5dmp.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programme\Microsoft Silverlight\npctrl.1.0.20926.0.dll ( Microsoft Corporation)
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Mozilla\Firefox\Profiles\6lgj5dmp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype extension for Firefox - C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Programme\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Programme\AVAST Software\Avast\WebRep\FF
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2007-04-06] ()
R2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 CCALib8; C:\Programme\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117656 2013-09-03] (Mozilla Foundation)
R2 StarWindService; C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [217600 2005-04-01] (Rocket Division Software)
R2 TeamViewer8; C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [5071712 2013-09-12] (TeamViewer GmbH)
==================== Drivers (Whitelisted) ====================
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R3 cmpci; C:\Windows\System32\drivers\cmaudio.sys [374094 2002-03-26] (C-Media Inc)
S3 hidgame; C:\Windows\System32\DRIVERS\hidgame.sys [8576 2001-08-17] (Microsoft Corporation)
S3 Kbardsentca; C:\WINDOWS\system32\drivers\MSPQM.sys [4992 2004-08-03] (Microsoft Corporation)
S3 LwAdiHid; C:\Windows\System32\DRIVERS\LwAdiHid.sys [20864 2004-08-03] (Logitech Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [48728 2013-09-27] (MalwareBytes)
R3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation)
R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2004-11-11] ()
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12039552 2007-04-09] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [642560 2007-04-06] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [21248 2008-04-14] (AVIRA GmbH)
R3 vaxscsi; C:\Windows\System32\Drivers\vaxscsi.sys [223128 2007-04-06] ()
S3 catchme; \??\C:\DOKUME~1\winnie\LOKALE~1\Temp\catchme.sys [x]
S4 InCDFs; system32\drivers\InCDFs.sys [x]
S1 InCDPass; system32\drivers\InCDPass.sys [x]
S1 InCDRm; system32\drivers\InCDRm.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-07 15:22 - 2013-10-07 15:22 - 00000582 _____ C:\Dokumente und Einstellungen\winnie\Desktop\JRT.txt
2013-10-05 19:51 - 2013-10-05 19:51 - 00030168 ____C C:\ComboFix.txt
2013-10-04 09:38 - 2013-10-05 19:51 - 00000000 ___DC C:\Qoobox
2013-10-04 09:38 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-04 09:38 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-04 09:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-04 09:36 - 2013-10-04 08:58 - 05130782 ____R (Swearware) C:\Dokumente und Einstellungen\winnie\Desktop\ComboFix.exe
2013-10-04 09:22 - 2013-10-04 09:22 - 00000000 ___SD C:\Dokumente und Einstellungen\winnie\UserData
2013-10-02 10:58 - 2013-10-02 10:58 - 00000000 RSHDC C:\cmdcons
2013-10-02 10:58 - 2007-04-06 14:15 - 00000211 ____C C:\Boot.bak
2013-10-02 10:58 - 2004-08-03 23:00 - 00262448 _RSHC C:\cmldr
2013-10-02 10:54 - 2013-10-05 19:48 - 00000000 ____D C:\WINDOWS\erdnt
2013-09-30 16:14 - 2013-09-30 16:14 - 00000000 ____D C:\Programme\ESET
2013-09-28 13:45 - 2013-10-07 15:36 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
2013-09-28 13:45 - 2013-09-28 13:45 - 00000000 ___DC C:\FRST
2013-09-27 20:48 - 2013-09-27 20:50 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-09-27 20:48 - 2013-09-27 20:48 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-27 12:16 - 2013-10-07 14:00 - 00000356 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-09-27 12:16 - 2013-09-27 12:16 - 00001653 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
2013-09-27 12:16 - 2013-09-27 12:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
2013-09-27 12:16 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00177864 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00049760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-09-27 12:16 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-09-27 12:12 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-09-27 12:10 - 2013-09-27 12:10 - 00000000 ____D C:\Programme\AVAST Software
2013-09-27 12:08 - 2013-09-27 12:10 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
2013-09-27 09:18 - 2013-09-26 18:08 - 131918888 _____ C:\Dokumente und Einstellungen\winnie\Desktop\avast_free_antivirus_setup.exe
2013-09-27 09:10 - 2013-09-27 09:10 - 00045082 _____ C:\Dokumente und Einstellungen\winnie\Desktop\OTL.Txt
2013-09-27 09:10 - 2013-09-27 09:10 - 00030338 _____ C:\Dokumente und Einstellungen\winnie\Desktop\Extras.Txt
2013-09-26 20:18 - 2013-09-26 20:18 - 00000756 _____ C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Malwarebytes
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
2013-09-26 20:17 - 2013-09-26 20:18 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-09-26 20:17 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-09-26 19:00 - 2013-09-26 19:00 - 00001998 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\AdwCleaner[S0].txt
2013-09-26 18:34 - 2013-10-07 13:53 - 00000000 ___DC C:\AdwCleaner
2013-09-26 18:33 - 2013-09-26 18:33 - 00000660 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\JRT.txt
2013-09-26 18:20 - 2013-09-26 18:20 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-26 18:19 - 2013-09-26 18:15 - 01030038 _____ (Thisisu) C:\Dokumente und Einstellungen\winnie\Desktop\JRT.exe
2013-09-26 18:17 - 2013-09-26 18:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Dokumente und Einstellungen\winnie\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-26 18:17 - 2013-09-26 18:14 - 00602112 _____ (OldTimer Tools) C:\Dokumente und Einstellungen\winnie\Desktop\OTL.exe
2013-09-26 18:15 - 2013-09-26 18:15 - 00002450 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\aswMBR.txt
2013-09-26 18:15 - 2013-09-26 18:15 - 00000512 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\MBR.dat
2013-09-26 13:02 - 2013-09-26 13:02 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-09-26 12:59 - 2013-09-27 20:48 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\mbar
2013-09-26 12:55 - 2013-09-26 12:54 - 02237968 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\winnie\Desktop\tdsskiller.exe
2013-09-26 12:22 - 2013-09-26 12:58 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\sophos
2013-09-26 12:10 - 2013-09-26 12:10 - 00001108 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\connections.reg
2013-09-26 09:57 - 2013-09-26 09:57 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Lokale Einstellungen\Anwendungsdaten\Sophos
2013-09-26 09:43 - 2013-09-27 18:59 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos
2013-09-26 09:34 - 2013-09-26 09:34 - 00000000 ____D C:\Programme\MSXML 4.0
2013-09-25 16:21 - 2013-09-26 09:29 - 00000000 ___DC C:\savw_100_sa
2013-09-25 14:15 - 2013-09-25 14:15 - 00000787 _____ C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 8.lnk
2013-09-25 14:15 - 2013-09-25 14:15 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8
2013-09-25 14:14 - 2013-09-25 14:14 - 00000000 ____D C:\Programme\TeamViewer
==================== One Month Modified Files and Folders =======
2013-10-07 15:36 - 2013-09-28 13:45 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
2013-10-07 15:22 - 2013-10-07 15:22 - 00000582 _____ C:\Dokumente und Einstellungen\winnie\Desktop\JRT.txt
2013-10-07 14:42 - 2007-04-02 08:24 - 00353950 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-07 14:00 - 2013-09-27 12:16 - 00000356 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-10-07 13:55 - 2007-04-02 09:13 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-07 13:55 - 2007-04-02 09:13 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-07 13:55 - 2007-04-02 08:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-07 13:55 - 2004-11-11 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-07 13:54 - 2007-04-06 14:17 - 00000190 ___SH C:\Dokumente und Einstellungen\winnie\ntuser.ini
2013-10-07 13:54 - 2007-04-06 14:17 - 00000000 ____D C:\Dokumente und Einstellungen\winnie
2013-10-07 13:54 - 2007-04-02 08:31 - 00032508 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-07 13:53 - 2013-09-26 18:34 - 00000000 ___DC C:\AdwCleaner
2013-10-06 11:13 - 2007-06-27 18:43 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\Kunst
2013-10-06 00:16 - 2007-04-02 08:30 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService
2013-10-05 19:51 - 2013-10-05 19:51 - 00030168 ____C C:\ComboFix.txt
2013-10-05 19:51 - 2013-10-04 09:38 - 00000000 ___DC C:\Qoobox
2013-10-05 19:49 - 2007-04-10 12:30 - 00000000 ___RD C:\Dokumente und Einstellungen\margarete\Startmenü\Programme\Autostart
2013-10-05 19:48 - 2013-10-02 10:54 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-05 19:46 - 2004-11-11 14:00 - 00000227 ____C C:\WINDOWS\system.ini
2013-10-05 19:45 - 2007-04-02 09:10 - 00000000 ___RD C:\Programme
2013-10-04 09:30 - 2007-06-04 17:08 - 00233760 ____C C:\Dokumente und Einstellungen\winnie\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2013-10-04 09:22 - 2013-10-04 09:22 - 00000000 ___SD C:\Dokumente und Einstellungen\winnie\UserData
2013-10-04 08:58 - 2013-10-04 09:36 - 05130782 ____R (Swearware) C:\Dokumente und Einstellungen\winnie\Desktop\ComboFix.exe
2013-10-04 08:49 - 2007-04-02 09:09 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2013-10-03 17:05 - 2007-04-02 08:22 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-10-02 10:58 - 2013-10-02 10:58 - 00000000 RSHDC C:\cmdcons
2013-10-02 10:58 - 2007-04-02 10:08 - 00000327 _RSHC C:\boot.ini
2013-10-01 13:50 - 2009-01-08 16:09 - 00000000 ____D C:\Programme\SkyTestFQ
2013-10-01 13:21 - 2013-09-03 17:39 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-10-01 13:13 - 2010-04-05 17:58 - 00000000 ___RD C:\Programme\Skype
2013-10-01 13:13 - 2010-01-08 16:52 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2013-09-30 16:14 - 2013-09-30 16:14 - 00000000 ____D C:\Programme\ESET
2013-09-28 13:45 - 2013-09-28 13:45 - 00000000 ___DC C:\FRST
2013-09-27 20:50 - 2013-09-27 20:48 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-09-27 20:48 - 2013-09-27 20:48 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-27 20:48 - 2013-09-26 12:59 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\mbar
2013-09-27 18:59 - 2013-09-26 09:43 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos
2013-09-27 12:16 - 2013-09-27 12:16 - 00001653 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
2013-09-27 12:16 - 2013-09-27 12:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
2013-09-27 12:16 - 2007-04-02 08:26 - 00002951 ____C C:\WINDOWS\system32\CONFIG.NT
2013-09-27 12:10 - 2013-09-27 12:10 - 00000000 ____D C:\Programme\AVAST Software
2013-09-27 12:10 - 2013-09-27 12:08 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
2013-09-27 09:10 - 2013-09-27 09:10 - 00045082 _____ C:\Dokumente und Einstellungen\winnie\Desktop\OTL.Txt
2013-09-27 09:10 - 2013-09-27 09:10 - 00030338 _____ C:\Dokumente und Einstellungen\winnie\Desktop\Extras.Txt
2013-09-27 07:56 - 2007-04-02 10:02 - 00000000 ____D C:\WINDOWS\twain_32
2013-09-26 20:18 - 2013-09-26 20:18 - 00000756 _____ C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Malwarebytes
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
2013-09-26 20:18 - 2013-09-26 20:17 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-09-26 19:00 - 2013-09-26 19:00 - 00001998 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\AdwCleaner[S0].txt
2013-09-26 18:33 - 2013-09-26 18:33 - 00000660 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\JRT.txt
2013-09-26 18:20 - 2013-09-26 18:20 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-26 18:16 - 2007-04-06 11:05 - 00000190 __SHC C:\Dokumente und Einstellungen\matthias\ntuser.ini
2013-09-26 18:15 - 2013-09-26 18:19 - 01030038 _____ (Thisisu) C:\Dokumente und Einstellungen\winnie\Desktop\JRT.exe
2013-09-26 18:15 - 2013-09-26 18:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Dokumente und Einstellungen\winnie\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-26 18:15 - 2013-09-26 18:15 - 00002450 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\aswMBR.txt
2013-09-26 18:15 - 2013-09-26 18:15 - 00000512 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\MBR.dat
2013-09-26 18:14 - 2013-09-26 18:17 - 00602112 _____ (OldTimer Tools) C:\Dokumente und Einstellungen\winnie\Desktop\OTL.exe
2013-09-26 18:08 - 2013-09-27 09:18 - 131918888 _____ C:\Dokumente und Einstellungen\winnie\Desktop\avast_free_antivirus_setup.exe
2013-09-26 15:59 - 2007-04-02 08:23 - 00000000 ____D C:\WINDOWS\srchasst
2013-09-26 13:02 - 2013-09-26 13:02 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-09-26 12:58 - 2013-09-26 12:22 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\sophos
2013-09-26 12:54 - 2013-09-26 12:55 - 02237968 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\winnie\Desktop\tdsskiller.exe
2013-09-26 12:32 - 2013-05-27 11:14 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Siblhzisnrb
2013-09-26 12:10 - 2013-09-26 12:10 - 00001108 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\connections.reg
2013-09-26 09:57 - 2013-09-26 09:57 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Lokale Einstellungen\Anwendungsdaten\Sophos
2013-09-26 09:34 - 2013-09-26 09:34 - 00000000 ____D C:\Programme\MSXML 4.0
2013-09-26 09:29 - 2013-09-25 16:21 - 00000000 ___DC C:\savw_100_sa
2013-09-26 09:27 - 2007-04-02 09:09 - 00796344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-25 15:03 - 2010-12-25 19:09 - 00000000 ____D C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744
2013-09-25 14:15 - 2013-09-25 14:15 - 00000787 _____ C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 8.lnk
2013-09-25 14:15 - 2013-09-25 14:15 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8
2013-09-25 14:14 - 2013-09-25 14:14 - 00000000 ____D C:\Programme\TeamViewer
2013-09-25 13:08 - 2007-04-06 14:21 - 00002495 _____ C:\Dokumente und Einstellungen\winnie\Desktop\Microsoft Word.lnk
2013-09-24 21:47 - 2007-08-22 15:04 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\e5
2013-09-22 11:55 - 2007-07-21 17:22 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\Ku5
2013-09-22 11:49 - 2007-04-15 20:26 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\d6
2013-09-22 11:47 - 2007-11-06 22:02 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\d5
2013-09-19 10:23 - 2007-04-10 12:30 - 00000190 ___SH C:\Dokumente und Einstellungen\margarete\ntuser.ini
2013-09-18 15:40 - 2007-07-21 17:39 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\formulare
2013-09-13 19:07 - 2012-07-09 17:53 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
Files to move or delete:
====================
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\dm.ini
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\winnie\Lokale Einstellungen\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 1035264 ____A (Microsoft Corporation) 22fe1be02eadde1632e478e4125639e0
C:\Windows\System32\winlogon.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0507392 ____A (Microsoft Corporation) 2b6a0baf33a9918f09442d873848ff72
C:\Windows\System32\svchost.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0014336 ____A (Microsoft Corporation) 65a819b121eb6fdab4400ea42bdffe64
C:\Windows\System32\services.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0108544 ____A (Microsoft Corporation) edb6b81761bd60f32f740bbc40afb676
C:\Windows\System32\User32.dll
[2004-11-11 14:00] - [2004-11-11 14:00] - 0578560 ____A (Microsoft Corporation) 56785fd5236d7b22cf471a6da9db46d8
C:\Windows\System32\userinit.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0025088 ____A (Microsoft Corporation) d1e53dc57143f2584b1dd53b036c0633
C:\Windows\System32\Drivers\volsnap.sys
[2004-11-11 14:00] - [2004-11-11 14:00] - 0053760 ____A (Microsoft Corporation) d6888520ff56d72a50437e371ca25fc9
==================== End Of Log ============================
--- --- --- --- --- --- 5. FRST Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by winnie at 2013-10-07 15:56:18
Running from C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
Adobe Flash Player 10 Plugin (Version: 10.1.102.64)
Adobe Photoshop CS (Version: CS)
Adobe Reader 8.1.2 - Deutsch (Version: 8.1.2)
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Apache HTTP Server 2.2.10 (Version: 2.2.10)
avast! Free Antivirus (Version: 8.0.1497.0)
Bomberclone
Bridge Builder
Canon Camera Access Library (Version: 8.1.1.17)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.2.0.8)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.1.0.7)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.2.0.5)
Canon Internet Library for ZoomBrowser EX (Version: 1.4.2.6)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.4.0.7)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.5.0.5)
Canon Utilities Digital Photo Professional 2.2 (Version: 2.2.0.1)
Canon Utilities EOS Utility (Version: 1.1.0.8)
Canon Utilities PhotoStitch (Version: 3.1.18.42)
Canon Utilities ZoomBrowser EX (Version: 5.7.0.74)
CorelDRAW Graphics Suite 12 (Version: 12.0.0.458)
ElsterFormular für Privatanwender (Version: 12.3.2.6814p)
EPSON PhotoQuicker3.5
EPSON Web-To-Page
EPSON-Drucker-Software
ESC86 Referenzhandbuch
ESC86 Softwarehandbuch
ESET Online Scanner v3
FreePDF XP (Remove only)
GTK+ Runtime 2.14.7 rev a (remove only)
IrfanView (remove only)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MediaImpression 2.0 for PENTAX (Version: 2.0.63.630)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft Office XP Professional mit FrontPage (Version: 10.0.2701.01)
Microsoft Silverlight (Version: 1.0.20926.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero 7 Ultra Edition (Version: 7.00.0177)
PCI Audio Driver
RedMon - Redirection Port Monitor
ScanToWeb
Skype Toolbars (Version: 1.0.4051)
Skype™ 5.0 (Version: 5.0.152)
TeamViewer 8 (Version: 8.0.20935)
USB Scanner
USB2.0 PC Camera (SN9C201&202) (Version: 5.7.22.000)
WebFldrs XP (Version: 9.50.7523)
Windows Installer 3.1 (KB893803) (Version: 3.1)
WinRAR Archivierer
WINZD 2013-04
ZTestHL 12.0.0 (Version: 12.0.0)
==================== Restore Points =========================
03-10-2013 15:05:28 Systemprüfpunkt
04-10-2013 06:48:55 Sygate Personal Firewall wird entfernt
==================== Hosts content: ==========================
2004-11-11 14:00 - 2013-10-05 19:46 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Programme\AVAST Software\Avast\AvastEmUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-10-07 09:51 - 2013-10-07 08:38 - 02104832 _____ () C:\Programme\AVAST Software\Avast\defs\13100700\algo.dll
2008-02-12 20:52 - 2005-01-06 19:33 - 00116224 _____ () C:\WINDOWS\system32\redmonnt.dll
2004-11-11 14:00 - 2004-11-11 14:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/27/2013 00:27:17 PM) (Source: crypt32) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (09/27/2013 00:27:05 PM) (Source: crypt32) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (09/27/2013 00:27:02 PM) (Source: crypt32) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (09/19/2013 10:04:19 AM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.
Error: (09/19/2013 10:04:19 AM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.
Error: (09/12/2013 05:57:30 PM) (Source: Microsoft Office 10) (User: )
Description: Faulting application winword.exe, version 10.0.2627.0, faulting module winword.exe, version 10.0.2627.0, fault address 0x00046c3b.
Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.
Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.
Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.
Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.
System errors:
=============
Error: (10/06/2013 09:22:11 AM) (Source: Windows Update Agent) (User: )
Description: Verbindung kann nicht hergestellt werden: Die Verbindung mit dem Dienst für automatische Updates konnte nicht hergestellt werden, so dass keine Updates zum angegebenen Zeitplan übertragen und installiert werden können. Es wird weiterhin versucht, eine Verbindung herzustellen.
Error: (10/02/2013 01:38:04 PM) (Source: System Error) (User: )
Description: Fehlercode 0000004d, 1. Parameter 0001d218, 2. Parameter 0001d218, 3. Parameter 0000769e, 4. Parameter 00000000.
Error: (10/02/2013 01:37:56 PM) (Source: System Error) (User: )
Description: Fehlercode 100000ea, 1. Parameter 819b3700, 2. Parameter 82157008, 3. Parameter f8964cb4, 4. Parameter 00000001.
Error: (10/02/2013 01:37:48 PM) (Source: System Error) (User: )
Description: Fehlercode 000000ea, 1. Parameter 82146be0, 2. Parameter 820296e0, 3. Parameter 82023230, 4. Parameter 00000001.
Error: (10/02/2013 01:37:43 PM) (Source: System Error) (User: )
Description: Fehlercode 100000ea, 1. Parameter 82141020, 2. Parameter 820dabf8, 3. Parameter f8968cb4, 4. Parameter 00000001.
Error: (10/02/2013 01:37:28 PM) (Source: System Error) (User: )
Description: Fehlercode 100000ea, 1. Parameter 82060da8, 2. Parameter 8212a140, 3. Parameter f8960cb4, 4. Parameter 00000001.
Error: (10/02/2013 01:37:24 PM) (Source: System Error) (User: )
Description: Fehlercode 000000ea, 1. Parameter 81ff7da8, 2. Parameter 820154b8, 3. Parameter 82098038, 4. Parameter 00000001.
Error: (10/02/2013 01:37:19 PM) (Source: System Error) (User: )
Description: Fehlercode 100000ea, 1. Parameter 81a5db68, 2. Parameter 82186200, 3. Parameter f8964cb4, 4. Parameter 00000001.
Error: (10/02/2013 01:36:29 PM) (Source: System Error) (User: )
Description: Fehlercode 000000ea, 1. Parameter 81d19d00, 2. Parameter 82011e20, 3. Parameter 820a9688, 4. Parameter 00000001.
Error: (10/02/2013 01:32:10 PM) (Source: Service Control Manager) (User: )
Description: Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst TeamViewer8.
Microsoft Office Sessions:
=========================
Error: (09/27/2013 00:27:17 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (09/27/2013 00:27:05 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (09/27/2013 00:27:02 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (09/19/2013 10:04:19 AM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a
Error: (09/19/2013 10:04:19 AM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a
Error: (09/12/2013 05:57:30 PM) (Source: Microsoft Office 10)(User: )
Description: winword.exe10.0.2627.0winword.exe10.0.2627.000046c3b
Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a
Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a
Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a
Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a
==================== Memory info ===========================
Percentage of memory in use: 64%
Total physical RAM: 511.49 MB
Available physical RAM: 181.49 MB
Total Pagefile: 1249.54 MB
Available Pagefile: 941.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.34 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:19.53 GB) (Free:5.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:14.65 GB) (Free:3.29 GB) NTFS
Drive e: () (Fixed) (Total:3.98 GB) (Free:3.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 38 GB) (Disk ID: 0AE20AE1)
Partition 1: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=19 GB) - (Type=OF Extended)
==================== End Of Log ============================
Beste Grüße, pummel |
|
08.10.2013, 08:07
| #10 |
| /// the machine /// TB-Ausbilder | TDSSKiller: MEM:Backdoor.Win32.Sinowal.d Bitte nochmal mit TDSSKiller scannen und das Log posten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.10.2013, 08:29
| #11 |
| | TDSSKiller: MEM:Backdoor.Win32.Sinowal.d Bitteschön Code:
ATTFilter 09:26:22.0828 2812 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:26:23.0171 2812 ============================================================
09:26:23.0171 2812 Current date / time: 2013/10/08 09:26:23.0171
09:26:23.0171 2812 SystemInfo:
09:26:23.0171 2812
09:26:23.0171 2812 OS Version: 5.1.2600 ServicePack: 2.0
09:26:23.0171 2812 Product type: Workstation
09:26:23.0171 2812 ComputerName: ASGARD
09:26:23.0171 2812 UserName: winnie
09:26:23.0171 2812 Windows directory: C:\WINDOWS
09:26:23.0171 2812 System windows directory: C:\WINDOWS
09:26:23.0171 2812 Processor architecture: Intel x86
09:26:23.0171 2812 Number of processors: 1
09:26:23.0171 2812 Page size: 0x1000
09:26:23.0171 2812 Boot type: Normal boot
09:26:23.0171 2812 ============================================================
09:26:25.0484 2812 Drive \Device\Harddisk0\DR0 - Size: 0x98ABA0000 (38.17 Gb), SectorSize: 0x200, Cylinders: 0x1376, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:26:25.0484 2812 ============================================================
09:26:25.0484 2812 \Device\Harddisk0\DR0:
09:26:25.0484 2812 MBR partitions:
09:26:25.0484 2812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
09:26:25.0515 2812 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x1D4B139
09:26:25.0546 2812 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x445C82D, BlocksNum 0x7F3908
09:26:25.0546 2812 ============================================================
09:26:25.0609 2812 C: <-> \Device\Harddisk0\DR0\Partition1
09:26:25.0640 2812 D: <-> \Device\Harddisk0\DR0\Partition2
09:26:25.0671 2812 E: <-> \Device\Harddisk0\DR0\Partition3
09:26:25.0671 2812 ============================================================
09:26:25.0687 2812 Initialize success
09:26:25.0687 2812 ============================================================
09:26:32.0234 3552 ============================================================
09:26:32.0234 3552 Scan started
09:26:32.0234 3552 Mode: Manual; SigCheck; TDLFS;
09:26:32.0234 3552 ============================================================
09:26:32.0859 3552 ================ Scan system memory ========================
09:26:32.0906 3552 System memory - ok
09:26:32.0906 3552 ================ Scan services =============================
09:26:33.0062 3552 Abiosdsk - ok
09:26:33.0078 3552 abp480n5 - ok
09:26:33.0203 3552 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
09:26:33.0656 3552 ACDaemon - ok
09:26:33.0718 3552 [ 94B4741D2CF9ED38140B831293D1601A ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:26:34.0812 3552 ACPI ( UnsignedFile.Multi.Generic ) - warning
09:26:34.0812 3552 ACPI - detected UnsignedFile.Multi.Generic (1)
09:26:34.0859 3552 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
09:26:34.0875 3552 ACPIEC ( UnsignedFile.Multi.Generic ) - warning
09:26:34.0875 3552 ACPIEC - detected UnsignedFile.Multi.Generic (1)
09:26:34.0921 3552 [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
09:26:34.0953 3552 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
09:26:34.0953 3552 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
09:26:34.0984 3552 adpu160m - ok
09:26:35.0046 3552 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:26:35.0062 3552 aec ( UnsignedFile.Multi.Generic ) - warning
09:26:35.0062 3552 aec - detected UnsignedFile.Multi.Generic (1)
09:26:35.0109 3552 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
09:26:35.0125 3552 Afc - ok
09:26:35.0187 3552 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:26:35.0203 3552 AFD ( UnsignedFile.Multi.Generic ) - warning
09:26:35.0203 3552 AFD - detected UnsignedFile.Multi.Generic (1)
09:26:35.0265 3552 [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
09:26:35.0296 3552 agp440 ( UnsignedFile.Multi.Generic ) - warning
09:26:35.0296 3552 agp440 - detected UnsignedFile.Multi.Generic (1)
09:26:35.0312 3552 Aha154x - ok
09:26:35.0328 3552 aic78u2 - ok
09:26:35.0359 3552 aic78xx - ok
09:26:35.0421 3552 [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:26:35.0437 3552 Alerter ( UnsignedFile.Multi.Generic ) - warning
09:26:35.0437 3552 Alerter - detected UnsignedFile.Multi.Generic (1)
09:26:35.0468 3552 [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG C:\WINDOWS\System32\alg.exe
09:26:35.0500 3552 ALG ( UnsignedFile.Multi.Generic ) - warning
09:26:35.0500 3552 ALG - detected UnsignedFile.Multi.Generic (1)
09:26:35.0515 3552 AliIde - ok
09:26:35.0531 3552 amsint - ok
09:26:35.0593 3552 [ BECD5328E7869807D6557BE4FE60C72F ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
09:26:35.0625 3552 AppMgmt ( UnsignedFile.Multi.Generic ) - warning
09:26:35.0625 3552 AppMgmt - detected UnsignedFile.Multi.Generic (1)
09:26:35.0640 3552 asc - ok
09:26:35.0656 3552 asc3350p - ok
09:26:35.0671 3552 asc3550 - ok
09:26:35.0796 3552 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:26:35.0828 3552 aspnet_state - ok
09:26:35.0906 3552 [ B9FE438B3CAD82B2014710349A2022F7 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
09:26:35.0953 3552 aswFsBlk - ok
09:26:36.0000 3552 [ AE5549DD21F6DE06406031EF1D51ACC3 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
09:26:36.0046 3552 aswMonFlt - ok
09:26:36.0156 3552 [ D084D0A7A66619FC29776CBBB9D5FA55 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
09:26:36.0203 3552 AswRdr - ok
09:26:36.0234 3552 [ FA72FA503F580C3C628DD8C7D7622E37 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
09:26:36.0250 3552 aswRvrt - ok
09:26:36.0406 3552 [ 4D53349D848C6BADB3D4ACBE98C27676 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
09:26:36.0546 3552 aswSnx - ok
09:26:36.0625 3552 [ 813024DFD54A41B3AFAE2B1E2796CB80 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
09:26:36.0671 3552 aswSP - ok
09:26:36.0703 3552 [ 5E18413310134130D7772F0668698CB7 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
09:26:36.0750 3552 aswTdi - ok
09:26:36.0796 3552 [ A5F637D61719D37A5B4868C385E363C0 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
09:26:36.0828 3552 aswVmm - ok
09:26:36.0890 3552 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:26:36.0906 3552 AsyncMac ( UnsignedFile.Multi.Generic ) - warning
09:26:36.0906 3552 AsyncMac - detected UnsignedFile.Multi.Generic (1)
09:26:36.0984 3552 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:26:37.0000 3552 atapi ( UnsignedFile.Multi.Generic ) - warning
09:26:37.0000 3552 atapi - detected UnsignedFile.Multi.Generic (1)
09:26:37.0015 3552 Atdisk - ok
09:26:37.0078 3552 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:26:37.0093 3552 Atmarpc ( UnsignedFile.Multi.Generic ) - warning
09:26:37.0093 3552 Atmarpc - detected UnsignedFile.Multi.Generic (1)
09:26:37.0187 3552 [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:26:37.0218 3552 AudioSrv ( UnsignedFile.Multi.Generic ) - warning
09:26:37.0218 3552 AudioSrv - detected UnsignedFile.Multi.Generic (1)
09:26:37.0281 3552 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:26:37.0312 3552 audstub ( UnsignedFile.Multi.Generic ) - warning
09:26:37.0312 3552 audstub - detected UnsignedFile.Multi.Generic (1)
09:26:37.0390 3552 [ 9330941C8F6DF417F6DBBE998DB6687E ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
09:26:37.0406 3552 avast! Antivirus - ok
09:26:37.0468 3552 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:26:37.0484 3552 Beep ( UnsignedFile.Multi.Generic ) - warning
09:26:37.0484 3552 Beep - detected UnsignedFile.Multi.Generic (1)
09:26:37.0578 3552 [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS C:\WINDOWS\system32\qmgr.dll
09:26:37.0671 3552 BITS ( UnsignedFile.Multi.Generic ) - warning
09:26:37.0671 3552 BITS - detected UnsignedFile.Multi.Generic (1)
09:26:37.0734 3552 [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser C:\WINDOWS\System32\browser.dll
09:26:37.0750 3552 Browser ( UnsignedFile.Multi.Generic ) - warning
09:26:37.0750 3552 Browser - detected UnsignedFile.Multi.Generic (1)
09:26:37.0921 3552 catchme - ok
09:26:37.0968 3552 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:26:37.0984 3552 cbidf2k ( UnsignedFile.Multi.Generic ) - warning
09:26:37.0984 3552 cbidf2k - detected UnsignedFile.Multi.Generic (1)
09:26:38.0046 3552 [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8 C:\Programme\Canon\CAL\CALMAIN.exe
09:26:38.0062 3552 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
09:26:38.0062 3552 CCALib8 - detected UnsignedFile.Multi.Generic (1)
09:26:38.0125 3552 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:26:38.0125 3552 CCDECODE ( UnsignedFile.Multi.Generic ) - warning
09:26:38.0125 3552 CCDECODE - detected UnsignedFile.Multi.Generic (1)
09:26:38.0156 3552 cd20xrnt - ok
09:26:38.0203 3552 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:26:38.0218 3552 Cdaudio ( UnsignedFile.Multi.Generic ) - warning
09:26:38.0218 3552 Cdaudio - detected UnsignedFile.Multi.Generic (1)
09:26:38.0281 3552 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:26:38.0312 3552 Cdfs ( UnsignedFile.Multi.Generic ) - warning
09:26:38.0312 3552 Cdfs - detected UnsignedFile.Multi.Generic (1)
09:26:38.0375 3552 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:26:38.0453 3552 Cdrom ( UnsignedFile.Multi.Generic ) - warning
09:26:38.0453 3552 Cdrom - detected UnsignedFile.Multi.Generic (1)
09:26:38.0468 3552 Changer - ok
09:26:38.0515 3552 [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:26:38.0531 3552 CiSvc ( UnsignedFile.Multi.Generic ) - warning
09:26:38.0531 3552 CiSvc - detected UnsignedFile.Multi.Generic (1)
09:26:38.0546 3552 [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:26:38.0578 3552 ClipSrv ( UnsignedFile.Multi.Generic ) - warning
09:26:38.0578 3552 ClipSrv - detected UnsignedFile.Multi.Generic (1)
09:26:38.0656 3552 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:26:38.0703 3552 clr_optimization_v2.0.50727_32 - ok
09:26:38.0718 3552 CmdIde - ok
09:26:38.0796 3552 [ 9120C9CAAC11A6149B6B1EB1598733B6 ] cmpci C:\WINDOWS\system32\drivers\cmaudio.sys
09:26:38.0843 3552 cmpci ( UnsignedFile.Multi.Generic ) - warning
09:26:38.0843 3552 cmpci - detected UnsignedFile.Multi.Generic (1)
09:26:38.0859 3552 COMSysApp - ok
09:26:38.0906 3552 Cpqarray - ok
09:26:38.0953 3552 [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:26:38.0984 3552 CryptSvc ( UnsignedFile.Multi.Generic ) - warning
09:26:38.0984 3552 CryptSvc - detected UnsignedFile.Multi.Generic (1)
09:26:38.0984 3552 dac2w2k - ok
09:26:39.0015 3552 dac960nt - ok
09:26:39.0062 3552 [ 9F28FF58D6D67B123272869D89D14004 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:26:39.0140 3552 DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0140 3552 DcomLaunch - detected UnsignedFile.Multi.Generic (1)
09:26:39.0203 3552 [ 69F986B2688BA95A0D9362B0E233D5FF ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:26:39.0218 3552 Dhcp ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0218 3552 Dhcp - detected UnsignedFile.Multi.Generic (1)
09:26:39.0250 3552 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:26:39.0296 3552 Disk ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0296 3552 Disk - detected UnsignedFile.Multi.Generic (1)
09:26:39.0312 3552 dmadmin - ok
09:26:39.0390 3552 [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:26:39.0453 3552 dmboot ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0453 3552 dmboot - detected UnsignedFile.Multi.Generic (1)
09:26:39.0500 3552 [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:26:39.0546 3552 dmio ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0546 3552 dmio - detected UnsignedFile.Multi.Generic (1)
09:26:39.0578 3552 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:26:39.0593 3552 dmload ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0593 3552 dmload - detected UnsignedFile.Multi.Generic (1)
09:26:39.0625 3552 [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver C:\WINDOWS\System32\dmserver.dll
09:26:39.0703 3552 dmserver ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0703 3552 dmserver - detected UnsignedFile.Multi.Generic (1)
09:26:39.0765 3552 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:26:39.0796 3552 DMusic ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0796 3552 DMusic - detected UnsignedFile.Multi.Generic (1)
09:26:39.0859 3552 [ D1F5B71BBAEEE07B78980DBD878C0BC7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:26:39.0875 3552 Dnscache ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0875 3552 Dnscache - detected UnsignedFile.Multi.Generic (1)
09:26:39.0890 3552 dpti2o - ok
09:26:39.0921 3552 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:26:39.0937 3552 drmkaud ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0937 3552 drmkaud - detected UnsignedFile.Multi.Generic (1)
09:26:40.0015 3552 [ 877A4512CC9074D6954776AF47021766 ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:26:40.0031 3552 ERSvc ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0031 3552 ERSvc - detected UnsignedFile.Multi.Generic (1)
09:26:40.0093 3552 [ EDB6B81761BD60F32F740BBC40AFB676 ] Eventlog C:\WINDOWS\system32\services.exe
09:26:40.0125 3552 Eventlog ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0125 3552 Eventlog - detected UnsignedFile.Multi.Generic (1)
09:26:40.0156 3552 [ 4E1A8645EE77CB9454FFE53C59620A25 ] EventSystem C:\WINDOWS\system32\es.dll
09:26:40.0187 3552 EventSystem ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0187 3552 EventSystem - detected UnsignedFile.Multi.Generic (1)
09:26:40.0265 3552 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:26:40.0296 3552 Fastfat ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0296 3552 Fastfat - detected UnsignedFile.Multi.Generic (1)
09:26:40.0343 3552 [ BAC5F7F0C2B8C1B9832594851E0F9914 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:26:40.0375 3552 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0375 3552 FastUserSwitchingCompatibility - detected UnsignedFile.Multi.Generic (1)
09:26:40.0468 3552 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
09:26:40.0484 3552 Fdc ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0484 3552 Fdc - detected UnsignedFile.Multi.Generic (1)
09:26:40.0546 3552 [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:26:40.0562 3552 Fips ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0578 3552 Fips - detected UnsignedFile.Multi.Generic (1)
09:26:40.0671 3552 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
09:26:40.0671 3552 Flpydisk ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0671 3552 Flpydisk - detected UnsignedFile.Multi.Generic (1)
09:26:40.0750 3552 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:26:40.0765 3552 FltMgr ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0765 3552 FltMgr - detected UnsignedFile.Multi.Generic (1)
09:26:40.0812 3552 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:26:40.0843 3552 Fs_Rec ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0843 3552 Fs_Rec - detected UnsignedFile.Multi.Generic (1)
09:26:40.0875 3552 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:26:40.0953 3552 Ftdisk ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0953 3552 Ftdisk - detected UnsignedFile.Multi.Generic (1)
09:26:40.0953 3552 [ 5F92FD09E5610A5995DA7D775EADCD12 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
09:26:41.0000 3552 gameenum ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0000 3552 gameenum - detected UnsignedFile.Multi.Generic (1)
09:26:41.0031 3552 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:26:41.0078 3552 Gpc ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0078 3552 Gpc - detected UnsignedFile.Multi.Generic (1)
09:26:41.0171 3552 [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:26:41.0187 3552 helpsvc ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0187 3552 helpsvc - detected UnsignedFile.Multi.Generic (1)
09:26:41.0234 3552 [ 923EE4EEF2582909A056904CA8026015 ] hidgame C:\WINDOWS\system32\DRIVERS\hidgame.sys
09:26:41.0250 3552 hidgame ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0250 3552 hidgame - detected UnsignedFile.Multi.Generic (1)
09:26:41.0265 3552 HidServ - ok
09:26:41.0328 3552 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:26:41.0343 3552 HidUsb ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0343 3552 HidUsb - detected UnsignedFile.Multi.Generic (1)
09:26:41.0343 3552 hpn - ok
09:26:41.0406 3552 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:26:41.0437 3552 HTTP ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0437 3552 HTTP - detected UnsignedFile.Multi.Generic (1)
09:26:41.0484 3552 [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:26:41.0515 3552 HTTPFilter ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0515 3552 HTTPFilter - detected UnsignedFile.Multi.Generic (1)
09:26:41.0531 3552 i2omgmt - ok
09:26:41.0546 3552 i2omp - ok
09:26:41.0609 3552 [ 7C575018D0413440D75432A78B88C899 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:26:41.0640 3552 i8042prt ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0640 3552 i8042prt - detected UnsignedFile.Multi.Generic (1)
09:26:41.0828 3552 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
09:26:41.0843 3552 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0843 3552 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:26:41.0906 3552 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:26:41.0921 3552 Imapi ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0921 3552 Imapi - detected UnsignedFile.Multi.Generic (1)
09:26:41.0984 3552 [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService C:\WINDOWS\system32\imapi.exe
09:26:42.0015 3552 ImapiService ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0015 3552 ImapiService - detected UnsignedFile.Multi.Generic (1)
09:26:42.0031 3552 InCDFs - ok
09:26:42.0046 3552 InCDPass - ok
09:26:42.0046 3552 InCDRm - ok
09:26:42.0140 3552 ini910u - ok
09:26:42.0234 3552 [ D63C33F65F6EBC732116403D88883B2D ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
09:26:42.0250 3552 IntelIde ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0250 3552 IntelIde - detected UnsignedFile.Multi.Generic (1)
09:26:42.0312 3552 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:26:42.0312 3552 Ip6Fw ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0312 3552 Ip6Fw - detected UnsignedFile.Multi.Generic (1)
09:26:42.0359 3552 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:26:42.0390 3552 IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0390 3552 IpFilterDriver - detected UnsignedFile.Multi.Generic (1)
09:26:42.0421 3552 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:26:42.0437 3552 IpInIp ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0437 3552 IpInIp - detected UnsignedFile.Multi.Generic (1)
09:26:42.0500 3552 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:26:42.0531 3552 IpNat ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0531 3552 IpNat - detected UnsignedFile.Multi.Generic (1)
09:26:42.0593 3552 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:26:42.0609 3552 IPSec ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0609 3552 IPSec - detected UnsignedFile.Multi.Generic (1)
09:26:42.0656 3552 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:26:42.0671 3552 IRENUM ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0671 3552 IRENUM - detected UnsignedFile.Multi.Generic (1)
09:26:42.0718 3552 [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:26:42.0750 3552 isapnp ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0750 3552 isapnp - detected UnsignedFile.Multi.Generic (1)
09:26:42.0781 3552 [ 1988A33FF19242576C3D0EF9CE785DA7 ] Kbardsentca C:\WINDOWS\system32\drivers\MSPQM.sys
09:26:42.0796 3552 Kbardsentca ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0796 3552 Kbardsentca - detected UnsignedFile.Multi.Generic (1)
09:26:42.0859 3552 [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:26:42.0875 3552 Kbdclass ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0875 3552 Kbdclass - detected UnsignedFile.Multi.Generic (1)
09:26:42.0906 3552 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:26:42.0937 3552 kmixer ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0937 3552 kmixer - detected UnsignedFile.Multi.Generic (1)
09:26:42.0968 3552 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:26:42.0984 3552 KSecDD ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0984 3552 KSecDD - detected UnsignedFile.Multi.Generic (1)
09:26:43.0046 3552 [ F8170AA51CD202BC062B8A0983F361B7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:26:43.0093 3552 lanmanserver ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0093 3552 lanmanserver - detected UnsignedFile.Multi.Generic (1)
09:26:43.0171 3552 [ 36D74668F5448D55887FA3958488DC06 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:26:43.0203 3552 lanmanworkstation ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0203 3552 lanmanworkstation - detected UnsignedFile.Multi.Generic (1)
09:26:43.0203 3552 lbrtfdc - ok
09:26:43.0328 3552 [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:26:43.0406 3552 LmHosts ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0406 3552 LmHosts - detected UnsignedFile.Multi.Generic (1)
09:26:43.0453 3552 [ A8FE41A339CEB3B517321A7FF0ED67C5 ] LwAdiHid C:\WINDOWS\system32\DRIVERS\LwAdiHid.sys
09:26:43.0468 3552 LwAdiHid ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0468 3552 LwAdiHid - detected UnsignedFile.Multi.Generic (1)
09:26:43.0531 3552 [ B749B05D5A7AD704E47D4565B4894D99 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
09:26:43.0578 3552 mbamchameleon - ok
09:26:43.0625 3552 [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:26:43.0656 3552 Messenger ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0656 3552 Messenger - detected UnsignedFile.Multi.Generic (1)
09:26:43.0703 3552 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:26:43.0718 3552 mnmdd ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0718 3552 mnmdd - detected UnsignedFile.Multi.Generic (1)
09:26:43.0765 3552 [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
09:26:43.0828 3552 mnmsrvc ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0828 3552 mnmsrvc - detected UnsignedFile.Multi.Generic (1)
09:26:43.0843 3552 [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:26:43.0890 3552 Modem ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0890 3552 Modem - detected UnsignedFile.Multi.Generic (1)
09:26:43.0937 3552 [ 71E15CA47FD947552054AFB28536268F ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:26:43.0937 3552 Mouclass ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0937 3552 Mouclass - detected UnsignedFile.Multi.Generic (1)
09:26:43.0968 3552 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:26:43.0984 3552 mouhid ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0984 3552 mouhid - detected UnsignedFile.Multi.Generic (1)
09:26:44.0000 3552 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:26:44.0031 3552 MountMgr ( UnsignedFile.Multi.Generic ) - warning
09:26:44.0031 3552 MountMgr - detected UnsignedFile.Multi.Generic (1)
09:26:44.0093 3552 [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
09:26:44.0140 3552 MozillaMaintenance - ok
09:26:44.0140 3552 mraid35x - ok
09:26:44.0218 3552 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:26:44.0250 3552 MRxDAV ( UnsignedFile.Multi.Generic ) - warning
09:26:44.0250 3552 MRxDAV - detected UnsignedFile.Multi.Generic (1)
09:26:44.0296 3552 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:26:44.0406 3552 MRxSmb ( UnsignedFile.Multi.Generic ) - warning
09:26:44.0406 3552 MRxSmb - detected UnsignedFile.Multi.Generic (1)
09:26:44.0437 3552 [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:26:44.0468 3552 MSDTC ( UnsignedFile.Multi.Generic ) - warning
09:26:44.0468 3552 MSDTC - detected UnsignedFile.Multi.Generic (1)
09:26:44.0546 3552 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:26:44.0593 3552 Msfs ( UnsignedFile.Multi.Generic ) - warning
09:26:44.0593 3552 Msfs - detected UnsignedFile.Multi.Generic (1)
09:26:44.0609 3552 MSIServer - ok
09:26:44.0687 3552 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:26:44.0734 3552 MSKSSRV ( UnsignedFile.Multi.Generic ) - warning
09:26:44.0734 3552 MSKSSRV - detected UnsignedFile.Multi.Generic (1)
09:26:44.0781 3552 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:26:44.0796 3552 MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning
09:26:44.0796 3552 MSPCLOCK - detected UnsignedFile.Multi.Generic (1)
09:26:44.0828 3552 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:26:44.0875 3552 MSPQM ( UnsignedFile.Multi.Generic ) - warning
09:26:44.0875 3552 MSPQM - detected UnsignedFile.Multi.Generic (1)
09:26:44.0937 3552 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:26:44.0953 3552 mssmbios ( UnsignedFile.Multi.Generic ) - warning
09:26:44.0953 3552 mssmbios - detected UnsignedFile.Multi.Generic (1)
09:26:45.0000 3552 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
09:26:45.0015 3552 MSTEE ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0015 3552 MSTEE - detected UnsignedFile.Multi.Generic (1)
09:26:45.0062 3552 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
09:26:45.0062 3552 ms_mpu401 ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0062 3552 ms_mpu401 - detected UnsignedFile.Multi.Generic (1)
09:26:45.0109 3552 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:26:45.0156 3552 Mup ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0156 3552 Mup - detected UnsignedFile.Multi.Generic (1)
09:26:45.0218 3552 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:26:45.0234 3552 NABTSFEC ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0234 3552 NABTSFEC - detected UnsignedFile.Multi.Generic (1)
09:26:45.0296 3552 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:26:45.0359 3552 NDIS ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0359 3552 NDIS - detected UnsignedFile.Multi.Generic (1)
09:26:45.0421 3552 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:26:45.0437 3552 NdisIP ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0437 3552 NdisIP - detected UnsignedFile.Multi.Generic (1)
09:26:45.0484 3552 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:26:45.0484 3552 NdisTapi ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0484 3552 NdisTapi - detected UnsignedFile.Multi.Generic (1)
09:26:45.0546 3552 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:26:45.0562 3552 Ndisuio ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0562 3552 Ndisuio - detected UnsignedFile.Multi.Generic (1)
09:26:45.0625 3552 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:26:45.0656 3552 NdisWan ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0656 3552 NdisWan - detected UnsignedFile.Multi.Generic (1)
09:26:45.0671 3552 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:26:45.0703 3552 NDProxy ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0703 3552 NDProxy - detected UnsignedFile.Multi.Generic (1)
09:26:45.0734 3552 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:26:45.0750 3552 NetBIOS ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0750 3552 NetBIOS - detected UnsignedFile.Multi.Generic (1)
09:26:45.0781 3552 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:26:45.0812 3552 NetBT ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0812 3552 NetBT - detected UnsignedFile.Multi.Generic (1)
09:26:45.0875 3552 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE C:\WINDOWS\system32\netdde.exe
09:26:45.0953 3552 NetDDE ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0968 3552 NetDDE - detected UnsignedFile.Multi.Generic (1)
09:26:45.0984 3552 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:26:46.0015 3552 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - warning
09:26:46.0015 3552 NetDDEdsdm - detected UnsignedFile.Multi.Generic (1)
09:26:46.0093 3552 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon C:\WINDOWS\system32\lsass.exe
09:26:46.0109 3552 Netlogon ( UnsignedFile.Multi.Generic ) - warning
09:26:46.0109 3552 Netlogon - detected UnsignedFile.Multi.Generic (1)
09:26:46.0156 3552 [ CDF4DA6B518105343FE9E8AFBBF8FBF4 ] Netman C:\WINDOWS\System32\netman.dll
09:26:46.0203 3552 Netman ( UnsignedFile.Multi.Generic ) - warning
09:26:46.0203 3552 Netman - detected UnsignedFile.Multi.Generic (1)
09:26:46.0234 3552 [ B36E08F680BAE4DFC5C24D00A2DFC9E7 ] Nla C:\WINDOWS\System32\mswsock.dll
09:26:46.0281 3552 Nla ( UnsignedFile.Multi.Generic ) - warning
09:26:46.0281 3552 Nla - detected UnsignedFile.Multi.Generic (1)
09:26:46.0328 3552 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:26:46.0375 3552 Npfs ( UnsignedFile.Multi.Generic ) - warning
09:26:46.0375 3552 Npfs - detected UnsignedFile.Multi.Generic (1)
09:26:46.0468 3552 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:26:46.0515 3552 Ntfs ( UnsignedFile.Multi.Generic ) - warning
09:26:46.0515 3552 Ntfs - detected UnsignedFile.Multi.Generic (1)
09:26:46.0578 3552 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
09:26:46.0609 3552 NtLmSsp ( UnsignedFile.Multi.Generic ) - warning
09:26:46.0609 3552 NtLmSsp - detected UnsignedFile.Multi.Generic (1)
09:26:46.0671 3552 [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:26:46.0734 3552 NtmsSvc ( UnsignedFile.Multi.Generic ) - warning
09:26:46.0734 3552 NtmsSvc - detected UnsignedFile.Multi.Generic (1)
09:26:46.0781 3552 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:26:46.0796 3552 Null ( UnsignedFile.Multi.Generic ) - warning
09:26:46.0796 3552 Null - detected UnsignedFile.Multi.Generic (1)
09:26:46.0937 3552 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:26:47.0109 3552 nv ( UnsignedFile.Multi.Generic ) - warning
09:26:47.0109 3552 nv - detected UnsignedFile.Multi.Generic (1)
09:26:47.0187 3552 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:26:47.0218 3552 NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning
09:26:47.0218 3552 NwlnkFlt - detected UnsignedFile.Multi.Generic (1)
09:26:47.0250 3552 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:26:47.0281 3552 NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning
09:26:47.0281 3552 NwlnkFwd - detected UnsignedFile.Multi.Generic (1)
09:26:47.0328 3552 [ B2F17A2EDB5450E61973A037F63A595B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
09:26:47.0359 3552 Parport ( UnsignedFile.Multi.Generic ) - warning
09:26:47.0359 3552 Parport - detected UnsignedFile.Multi.Generic (1)
09:26:47.0421 3552 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:26:47.0421 3552 PartMgr ( UnsignedFile.Multi.Generic ) - warning
09:26:47.0421 3552 PartMgr - detected UnsignedFile.Multi.Generic (1)
09:26:47.0484 3552 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:26:47.0484 3552 ParVdm ( UnsignedFile.Multi.Generic ) - warning
09:26:47.0500 3552 ParVdm - detected UnsignedFile.Multi.Generic (1)
09:26:47.0531 3552 [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:26:47.0546 3552 PCI ( UnsignedFile.Multi.Generic ) - warning
09:26:47.0546 3552 PCI - detected UnsignedFile.Multi.Generic (1)
09:26:47.0562 3552 PCIDump - ok
09:26:47.0593 3552 PCIIde - ok
09:26:47.0671 3552 [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
09:26:47.0703 3552 Pcmcia ( UnsignedFile.Multi.Generic ) - warning
09:26:47.0703 3552 Pcmcia - detected UnsignedFile.Multi.Generic (1)
09:26:47.0734 3552 PDCOMP - ok
09:26:47.0750 3552 PDFRAME - ok
09:26:47.0765 3552 PDRELI - ok
09:26:47.0796 3552 PDRFRAME - ok
09:26:47.0812 3552 perc2 - ok
09:26:47.0828 3552 perc2hib - ok
09:26:48.0031 3552 [ EDB6B81761BD60F32F740BBC40AFB676 ] PlugPlay C:\WINDOWS\system32\services.exe
09:26:48.0125 3552 PlugPlay ( UnsignedFile.Multi.Generic ) - warning
09:26:48.0125 3552 PlugPlay - detected UnsignedFile.Multi.Generic (1)
09:26:48.0156 3552 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:26:48.0187 3552 PolicyAgent ( UnsignedFile.Multi.Generic ) - warning
09:26:48.0187 3552 PolicyAgent - detected UnsignedFile.Multi.Generic (1)
09:26:48.0218 3552 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:26:48.0218 3552 PptpMiniport ( UnsignedFile.Multi.Generic ) - warning
09:26:48.0218 3552 PptpMiniport - detected UnsignedFile.Multi.Generic (1)
09:26:48.0234 3552 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:26:48.0296 3552 ProtectedStorage ( UnsignedFile.Multi.Generic ) - warning
09:26:48.0296 3552 ProtectedStorage - detected UnsignedFile.Multi.Generic (1)
09:26:48.0328 3552 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:26:48.0406 3552 PSched ( UnsignedFile.Multi.Generic ) - warning
09:26:48.0406 3552 PSched - detected UnsignedFile.Multi.Generic (1)
09:26:48.0453 3552 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:26:48.0515 3552 Ptilink ( UnsignedFile.Multi.Generic ) - warning
09:26:48.0515 3552 Ptilink - detected UnsignedFile.Multi.Generic (1)
09:26:48.0531 3552 ql1080 - ok
09:26:48.0546 3552 Ql10wnt - ok
09:26:48.0593 3552 ql12160 - ok
09:26:48.0625 3552 ql1240 - ok
09:26:48.0656 3552 ql1280 - ok
09:26:48.0687 3552 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:26:48.0734 3552 RasAcd ( UnsignedFile.Multi.Generic ) - warning
09:26:48.0734 3552 RasAcd - detected UnsignedFile.Multi.Generic (1)
09:26:48.0859 3552 [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:26:48.0937 3552 RasAuto ( UnsignedFile.Multi.Generic ) - warning
09:26:48.0937 3552 RasAuto - detected UnsignedFile.Multi.Generic (1)
09:26:48.0968 3552 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:26:49.0187 3552 Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
09:26:49.0187 3552 Rasl2tp - detected UnsignedFile.Multi.Generic (1)
09:26:49.0281 3552 [ A5D2D745A2AEFA327DCA6DA317B5FD70 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:26:49.0656 3552 RasMan ( UnsignedFile.Multi.Generic ) - warning
09:26:49.0671 3552 RasMan - detected UnsignedFile.Multi.Generic (1)
09:26:49.0734 3552 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:26:50.0015 3552 RasPppoe ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0015 3552 RasPppoe - detected UnsignedFile.Multi.Generic (1)
09:26:50.0046 3552 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:26:50.0093 3552 Raspti ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0093 3552 Raspti - detected UnsignedFile.Multi.Generic (1)
09:26:50.0140 3552 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:26:50.0187 3552 Rdbss ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0187 3552 Rdbss - detected UnsignedFile.Multi.Generic (1)
09:26:50.0218 3552 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:26:50.0234 3552 RDPCDD ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0234 3552 RDPCDD - detected UnsignedFile.Multi.Generic (1)
09:26:50.0328 3552 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:26:50.0343 3552 rdpdr ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0343 3552 rdpdr - detected UnsignedFile.Multi.Generic (1)
09:26:50.0406 3552 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:26:50.0453 3552 RDPWD ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0453 3552 RDPWD - detected UnsignedFile.Multi.Generic (1)
09:26:50.0500 3552 [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:26:50.0531 3552 RDSessMgr ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0531 3552 RDSessMgr - detected UnsignedFile.Multi.Generic (1)
09:26:50.0578 3552 [ AA56702E230860565CB8D43680F57F33 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:26:50.0593 3552 redbook ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0593 3552 redbook - detected UnsignedFile.Multi.Generic (1)
09:26:50.0640 3552 [ EBA80CDF25E02084857957E820004934 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:26:50.0703 3552 RemoteAccess ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0703 3552 RemoteAccess - detected UnsignedFile.Multi.Generic (1)
09:26:50.0765 3552 [ AE81CF7D7CFA79CD03E8FB99788A7E09 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
09:26:50.0796 3552 RemoteRegistry ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0796 3552 RemoteRegistry - detected UnsignedFile.Multi.Generic (1)
09:26:50.0843 3552 [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator C:\WINDOWS\system32\locator.exe
09:26:50.0906 3552 RpcLocator ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0906 3552 RpcLocator - detected UnsignedFile.Multi.Generic (1)
09:26:50.0953 3552 [ 9F28FF58D6D67B123272869D89D14004 ] RpcSs C:\WINDOWS\System32\rpcss.dll
09:26:51.0015 3552 RpcSs ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0015 3552 RpcSs - detected UnsignedFile.Multi.Generic (1)
09:26:51.0078 3552 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
09:26:51.0125 3552 RSVP ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0125 3552 RSVP - detected UnsignedFile.Multi.Generic (1)
09:26:51.0171 3552 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
09:26:51.0203 3552 rtl8139 ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0203 3552 rtl8139 - detected UnsignedFile.Multi.Generic (1)
09:26:51.0234 3552 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs C:\WINDOWS\system32\lsass.exe
09:26:51.0265 3552 SamSs ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0265 3552 SamSs - detected UnsignedFile.Multi.Generic (1)
09:26:51.0328 3552 [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:26:51.0359 3552 SCardSvr ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0359 3552 SCardSvr - detected UnsignedFile.Multi.Generic (1)
09:26:51.0421 3552 [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:26:51.0468 3552 Schedule ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0468 3552 Schedule - detected UnsignedFile.Multi.Generic (1)
09:26:51.0531 3552 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:26:51.0546 3552 Secdrv ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0546 3552 Secdrv - detected UnsignedFile.Multi.Generic (1)
09:26:51.0578 3552 [ FED544B43903FB801B106F062110358A ] seclogon C:\WINDOWS\System32\seclogon.dll
09:26:51.0625 3552 seclogon ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0625 3552 seclogon - detected UnsignedFile.Multi.Generic (1)
09:26:51.0656 3552 [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS C:\WINDOWS\system32\sens.dll
09:26:51.0703 3552 SENS ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0703 3552 SENS - detected UnsignedFile.Multi.Generic (1)
09:26:51.0734 3552 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
09:26:51.0765 3552 serenum ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0765 3552 serenum - detected UnsignedFile.Multi.Generic (1)
09:26:51.0781 3552 [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
09:26:51.0812 3552 Serial ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0812 3552 Serial - detected UnsignedFile.Multi.Generic (1)
09:26:51.0828 3552 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
09:26:51.0859 3552 Sfloppy ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0859 3552 Sfloppy - detected UnsignedFile.Multi.Generic (1)
09:26:51.0890 3552 [ 9245420422E409A25C1410ACB4244060 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:26:51.0984 3552 SharedAccess ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0984 3552 SharedAccess - detected UnsignedFile.Multi.Generic (1)
09:26:52.0031 3552 [ BAC5F7F0C2B8C1B9832594851E0F9914 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:26:52.0062 3552 ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
09:26:52.0062 3552 ShellHWDetection - detected UnsignedFile.Multi.Generic (1)
09:26:52.0062 3552 Simbad - ok
09:26:52.0125 3552 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:26:52.0156 3552 SLIP ( UnsignedFile.Multi.Generic ) - warning
09:26:52.0156 3552 SLIP - detected UnsignedFile.Multi.Generic (1)
09:26:52.0562 3552 [ 8C5AF605A85C5214D40542D933DA737C ] SNP2STD C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
09:26:53.0406 3552 SNP2STD ( UnsignedFile.Multi.Generic ) - warning
09:26:53.0406 3552 SNP2STD - detected UnsignedFile.Multi.Generic (1)
09:26:53.0421 3552 Sparrow - ok
09:26:53.0468 3552 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:26:53.0500 3552 splitter ( UnsignedFile.Multi.Generic ) - warning
09:26:53.0500 3552 splitter - detected UnsignedFile.Multi.Generic (1)
09:26:53.0562 3552 [ 54E7113A4BD696E430919BCAF5C65E06 ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:26:53.0609 3552 Spooler ( UnsignedFile.Multi.Generic ) - warning
09:26:53.0609 3552 Spooler - detected UnsignedFile.Multi.Generic (1)
09:26:53.0703 3552 [ 87E7F21843FCDC6AF1967A928929CFF9 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
09:26:53.0718 3552 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 87E7F21843FCDC6AF1967A928929CFF9
09:26:53.0718 3552 sptd ( LockedFile.Multi.Generic ) - warning
09:26:53.0718 3552 sptd - detected LockedFile.Multi.Generic (1)
09:26:53.0796 3552 [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:26:53.0812 3552 sr ( UnsignedFile.Multi.Generic ) - warning
09:26:53.0812 3552 sr - detected UnsignedFile.Multi.Generic (1)
09:26:53.0828 3552 [ 015F302C4CF961F20C3F98F3A7CA7917 ] srservice C:\WINDOWS\system32\srsvc.dll
09:26:53.0890 3552 srservice ( UnsignedFile.Multi.Generic ) - warning
09:26:53.0890 3552 srservice - detected UnsignedFile.Multi.Generic (1)
09:26:53.0937 3552 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:26:53.0984 3552 Srv ( UnsignedFile.Multi.Generic ) - warning
09:26:53.0984 3552 Srv - detected UnsignedFile.Multi.Generic (1)
09:26:54.0046 3552 [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:26:54.0078 3552 SSDPSRV ( UnsignedFile.Multi.Generic ) - warning
09:26:54.0078 3552 SSDPSRV - detected UnsignedFile.Multi.Generic (1)
09:26:54.0140 3552 [ 71D609C5DFF067906D930BDE031C4CFE ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
09:26:54.0156 3552 ssmdrv ( UnsignedFile.Multi.Generic ) - warning
09:26:54.0156 3552 ssmdrv - detected UnsignedFile.Multi.Generic (1)
09:26:54.0296 3552 [ AB2B9349ADA4AC5EC74B622B8303FE23 ] StarWindService C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
09:26:54.0312 3552 StarWindService ( UnsignedFile.Multi.Generic ) - warning
09:26:54.0312 3552 StarWindService - detected UnsignedFile.Multi.Generic (1)
09:26:54.0390 3552 [ 7E751068ADA60FC77638622E86A7CD9E ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:26:54.0468 3552 stisvc ( UnsignedFile.Multi.Generic ) - warning
09:26:54.0468 3552 stisvc - detected UnsignedFile.Multi.Generic (1)
09:26:54.0515 3552 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:26:54.0546 3552 streamip ( UnsignedFile.Multi.Generic ) - warning
09:26:54.0546 3552 streamip - detected UnsignedFile.Multi.Generic (1)
09:26:54.0578 3552 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:26:54.0578 3552 swenum ( UnsignedFile.Multi.Generic ) - warning
09:26:54.0578 3552 swenum - detected UnsignedFile.Multi.Generic (1)
09:26:54.0609 3552 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:26:54.0640 3552 swmidi ( UnsignedFile.Multi.Generic ) - warning
09:26:54.0640 3552 swmidi - detected UnsignedFile.Multi.Generic (1)
09:26:54.0671 3552 SwPrv - ok
09:26:54.0718 3552 symc810 - ok
09:26:54.0750 3552 symc8xx - ok
09:26:54.0812 3552 sym_hi - ok
09:26:54.0859 3552 sym_u3 - ok
09:26:54.0906 3552 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:26:54.0937 3552 sysaudio ( UnsignedFile.Multi.Generic ) - warning
09:26:54.0937 3552 sysaudio - detected UnsignedFile.Multi.Generic (1)
09:26:55.0000 3552 [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:26:55.0046 3552 SysmonLog ( UnsignedFile.Multi.Generic ) - warning
09:26:55.0046 3552 SysmonLog - detected UnsignedFile.Multi.Generic (1)
09:26:55.0109 3552 [ 4584E2A5FE662AB3E7C32936E1449043 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:26:55.0156 3552 TapiSrv ( UnsignedFile.Multi.Generic ) - warning
09:26:55.0156 3552 TapiSrv - detected UnsignedFile.Multi.Generic (1)
09:26:55.0203 3552 [ 09EB23A4567BDD56D9580A059E616E23 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:26:55.0265 3552 Tcpip ( UnsignedFile.Multi.Generic ) - warning
09:26:55.0265 3552 Tcpip - detected UnsignedFile.Multi.Generic (1)
09:26:55.0343 3552 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:26:55.0343 3552 TDPIPE ( UnsignedFile.Multi.Generic ) - warning
09:26:55.0343 3552 TDPIPE - detected UnsignedFile.Multi.Generic (1)
09:26:55.0390 3552 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:26:55.0406 3552 TDTCP ( UnsignedFile.Multi.Generic ) - warning
09:26:55.0406 3552 TDTCP - detected UnsignedFile.Multi.Generic (1)
09:26:55.0718 3552 [ 576918B02840A360702051BC4269B13F ] TeamViewer8 C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
09:26:56.0234 3552 TeamViewer8 - ok
09:26:56.0281 3552 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:26:56.0328 3552 TermDD ( UnsignedFile.Multi.Generic ) - warning
09:26:56.0328 3552 TermDD - detected UnsignedFile.Multi.Generic (1)
09:26:56.0390 3552 [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService C:\WINDOWS\System32\termsrv.dll
09:26:56.0437 3552 TermService ( UnsignedFile.Multi.Generic ) - warning
09:26:56.0437 3552 TermService - detected UnsignedFile.Multi.Generic (1)
09:26:56.0468 3552 [ BAC5F7F0C2B8C1B9832594851E0F9914 ] Themes C:\WINDOWS\System32\shsvcs.dll
09:26:56.0531 3552 Themes ( UnsignedFile.Multi.Generic ) - warning
09:26:56.0531 3552 Themes - detected UnsignedFile.Multi.Generic (1)
09:26:56.0562 3552 [ 58708746B8267033E5CF2B29659E7F74 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
09:26:56.0593 3552 TlntSvr ( UnsignedFile.Multi.Generic ) - warning
09:26:56.0593 3552 TlntSvr - detected UnsignedFile.Multi.Generic (1)
09:26:56.0625 3552 TosIde - ok
09:26:56.0671 3552 [ A34E894201D66E380E1FA96FE11B587E ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:26:56.0718 3552 TrkWks ( UnsignedFile.Multi.Generic ) - warning
09:26:56.0718 3552 TrkWks - detected UnsignedFile.Multi.Generic (1)
09:26:56.0781 3552 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:26:56.0812 3552 Udfs ( UnsignedFile.Multi.Generic ) - warning
09:26:56.0812 3552 Udfs - detected UnsignedFile.Multi.Generic (1)
09:26:56.0828 3552 ultra - ok
09:26:56.0875 3552 [ 1977313E362C8732C1AF4D1BCB9C06B7 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
09:26:56.0921 3552 UMWdf ( UnsignedFile.Multi.Generic ) - warning
09:26:56.0921 3552 UMWdf - detected UnsignedFile.Multi.Generic (1)
09:26:56.0968 3552 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:26:57.0000 3552 Update ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0000 3552 Update - detected UnsignedFile.Multi.Generic (1)
09:26:57.0046 3552 [ 09D4A2D7C5A8ABEC227D118765FAADDF ] upnphost C:\WINDOWS\System32\upnphost.dll
09:26:57.0171 3552 upnphost ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0171 3552 upnphost - detected UnsignedFile.Multi.Generic (1)
09:26:57.0203 3552 [ A99F867E76CFDAA28EE305B93F70E84F ] UPS C:\WINDOWS\System32\ups.exe
09:26:57.0265 3552 UPS ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0265 3552 UPS - detected UnsignedFile.Multi.Generic (1)
09:26:57.0328 3552 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:26:57.0359 3552 usbhub ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0359 3552 usbhub - detected UnsignedFile.Multi.Generic (1)
09:26:57.0390 3552 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:26:57.0406 3552 usbscan ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0406 3552 usbscan - detected UnsignedFile.Multi.Generic (1)
09:26:57.0453 3552 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:26:57.0468 3552 USBSTOR ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0468 3552 USBSTOR - detected UnsignedFile.Multi.Generic (1)
09:26:57.0515 3552 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:26:57.0531 3552 usbuhci ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0531 3552 usbuhci - detected UnsignedFile.Multi.Generic (1)
09:26:57.0609 3552 [ 92CEBC2BC7BE2C8D49391B365569F306 ] vaxscsi C:\WINDOWS\System32\Drivers\vaxscsi.sys
09:26:57.0625 3552 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92CEBC2BC7BE2C8D49391B365569F306
09:26:57.0625 3552 vaxscsi ( LockedFile.Multi.Generic ) - warning
09:26:57.0625 3552 vaxscsi - detected LockedFile.Multi.Generic (1)
09:26:57.0656 3552 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:26:57.0671 3552 VgaSave ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0671 3552 VgaSave - detected UnsignedFile.Multi.Generic (1)
09:26:57.0703 3552 ViaIde - ok
09:26:57.0750 3552 [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:26:57.0765 3552 VolSnap ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0765 3552 VolSnap - detected UnsignedFile.Multi.Generic (1)
09:26:57.0828 3552 [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS C:\WINDOWS\System32\vssvc.exe
09:26:57.0875 3552 VSS ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0875 3552 VSS - detected UnsignedFile.Multi.Generic (1)
09:26:57.0937 3552 [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time C:\WINDOWS\system32\w32time.dll
09:26:57.0968 3552 W32Time ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0968 3552 W32Time - detected UnsignedFile.Multi.Generic (1)
09:26:58.0015 3552 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:26:58.0046 3552 Wanarp ( UnsignedFile.Multi.Generic ) - warning
09:26:58.0046 3552 Wanarp - detected UnsignedFile.Multi.Generic (1)
09:26:58.0062 3552 WDICA - ok
09:26:58.0093 3552 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:26:58.0109 3552 wdmaud ( UnsignedFile.Multi.Generic ) - warning
09:26:58.0109 3552 wdmaud - detected UnsignedFile.Multi.Generic (1)
09:26:58.0140 3552 [ 1EB51FEEA9D3208EAE60604F4346C02E ] WebClient C:\WINDOWS\System32\webclnt.dll
09:26:58.0187 3552 WebClient ( UnsignedFile.Multi.Generic ) - warning
09:26:58.0187 3552 WebClient - detected UnsignedFile.Multi.Generic (1)
09:26:58.0312 3552 [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:26:58.0406 3552 winmgmt ( UnsignedFile.Multi.Generic ) - warning
09:26:58.0406 3552 winmgmt - detected UnsignedFile.Multi.Generic (1)
09:26:58.0484 3552 [ 5FDCCC838CD95F61097D8A637F842AA8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
09:26:58.0546 3552 WmdmPmSN ( UnsignedFile.Multi.Generic ) - warning
09:26:58.0546 3552 WmdmPmSN - detected UnsignedFile.Multi.Generic (1)
09:26:58.0625 3552 [ 9CBB06E4438D6A0D52A46E0B44796D37 ] Wmi C:\WINDOWS\System32\advapi32.dll
09:26:58.0718 3552 Wmi ( UnsignedFile.Multi.Generic ) - warning
09:26:58.0718 3552 Wmi - detected UnsignedFile.Multi.Generic (1)
09:26:58.0781 3552 [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:26:58.0796 3552 WmiApSrv ( UnsignedFile.Multi.Generic ) - warning
09:26:58.0796 3552 WmiApSrv - detected UnsignedFile.Multi.Generic (1)
09:26:58.0843 3552 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:26:58.0875 3552 WS2IFSL ( UnsignedFile.Multi.Generic ) - warning
09:26:58.0875 3552 WS2IFSL - detected UnsignedFile.Multi.Generic (1)
09:26:58.0953 3552 [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:26:58.0984 3552 wscsvc ( UnsignedFile.Multi.Generic ) - warning
09:26:58.0984 3552 wscsvc - detected UnsignedFile.Multi.Generic (1)
09:26:59.0062 3552 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:26:59.0078 3552 WSTCODEC ( UnsignedFile.Multi.Generic ) - warning
09:26:59.0078 3552 WSTCODEC - detected UnsignedFile.Multi.Generic (1)
09:26:59.0125 3552 [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:26:59.0171 3552 wuauserv ( UnsignedFile.Multi.Generic ) - warning
09:26:59.0171 3552 wuauserv - detected UnsignedFile.Multi.Generic (1)
09:26:59.0203 3552 [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:26:59.0296 3552 WZCSVC ( UnsignedFile.Multi.Generic ) - warning
09:26:59.0296 3552 WZCSVC - detected UnsignedFile.Multi.Generic (1)
09:26:59.0343 3552 [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:26:59.0390 3552 xmlprov ( UnsignedFile.Multi.Generic ) - warning
09:26:59.0390 3552 xmlprov - detected UnsignedFile.Multi.Generic (1)
09:26:59.0421 3552 ================ Scan global ===============================
09:26:59.0500 3552 [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
09:26:59.0562 3552 [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll
09:26:59.0656 3552 [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll
09:26:59.0734 3552 [ EDB6B81761BD60F32F740BBC40AFB676 ] C:\WINDOWS\system32\services.exe
09:26:59.0781 3552 [Global] - ok
09:26:59.0781 3552 ================ Scan MBR ==================================
09:26:59.0812 3552 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
09:27:00.0265 3552 \Device\Harddisk0\DR0 - ok
09:27:00.0265 3552 ================ Scan VBR ==================================
09:27:00.0281 3552 [ D7570C01026DEA662DA683AF40399D1A ] \Device\Harddisk0\DR0\Partition1
09:27:00.0296 3552 \Device\Harddisk0\DR0\Partition1 - ok
09:27:00.0359 3552 [ 3FF55E3A650A7955AB6B83B31FA29385 ] \Device\Harddisk0\DR0\Partition2
09:27:00.0359 3552 \Device\Harddisk0\DR0\Partition2 - ok
09:27:00.0421 3552 [ 87B48A5169851BA98B6AEB60CB5BF175 ] \Device\Harddisk0\DR0\Partition3
09:27:00.0421 3552 \Device\Harddisk0\DR0\Partition3 - ok
09:27:00.0421 3552 ============================================================
09:27:00.0421 3552 Scan finished
09:27:00.0437 3552 ============================================================
09:27:00.0625 3588 Detected object count: 208
09:27:00.0625 3588 Actual detected object count: 208
09:27:45.0656 3588 ACPI ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0656 3588 ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0656 3588 ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0656 3588 ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0671 3588 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0671 3588 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0718 3588 aec ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0718 3588 aec ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0718 3588 AFD ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0718 3588 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0734 3588 agp440 ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0734 3588 agp440 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0734 3588 Alerter ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0734 3588 Alerter ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0750 3588 ALG ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0750 3588 ALG ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0765 3588 AppMgmt ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0765 3588 AppMgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0765 3588 AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0765 3588 AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0796 3588 atapi ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0796 3588 atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0796 3588 Atmarpc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0796 3588 Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0796 3588 AudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0796 3588 AudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0812 3588 audstub ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0812 3588 audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0828 3588 Beep ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0828 3588 Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0843 3588 BITS ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0843 3588 BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0843 3588 Browser ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0843 3588 Browser ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0859 3588 cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0859 3588 cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0875 3588 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0875 3588 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0890 3588 CCDECODE ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0890 3588 CCDECODE ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0890 3588 Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0890 3588 Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0921 3588 Cdfs ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0921 3588 Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0921 3588 Cdrom ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0921 3588 Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0921 3588 CiSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0921 3588 CiSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0937 3588 ClipSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0937 3588 ClipSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0937 3588 cmpci ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0937 3588 cmpci ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0953 3588 CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0953 3588 CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0984 3588 DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0984 3588 DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0015 3588 Dhcp ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0015 3588 Dhcp ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0015 3588 Disk ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0015 3588 Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0031 3588 dmboot ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0031 3588 dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0078 3588 dmio ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0078 3588 dmio ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0078 3588 dmload ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0078 3588 dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0093 3588 dmserver ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0093 3588 dmserver ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0093 3588 DMusic ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0093 3588 DMusic ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0093 3588 Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0093 3588 Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0093 3588 drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0093 3588 drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0109 3588 ERSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0109 3588 ERSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0140 3588 Eventlog ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0140 3588 Eventlog ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0156 3588 EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0156 3588 EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0156 3588 Fastfat ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0156 3588 Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0171 3588 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0171 3588 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0171 3588 Fdc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0171 3588 Fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0171 3588 Fips ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0171 3588 Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0187 3588 Flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0187 3588 Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0187 3588 FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0187 3588 FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0203 3588 Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0203 3588 Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0203 3588 Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0203 3588 Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0234 3588 gameenum ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0234 3588 gameenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0234 3588 Gpc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0234 3588 Gpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0234 3588 helpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0234 3588 helpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0250 3588 hidgame ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0250 3588 hidgame ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0265 3588 HidUsb ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0265 3588 HidUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0281 3588 HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0281 3588 HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0296 3588 HTTPFilter ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0296 3588 HTTPFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0312 3588 i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0312 3588 i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0312 3588 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0312 3588 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0312 3588 Imapi ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0312 3588 Imapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0312 3588 ImapiService ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0312 3588 ImapiService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0343 3588 IntelIde ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0343 3588 IntelIde ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0359 3588 Ip6Fw ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0359 3588 Ip6Fw ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0375 3588 IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0375 3588 IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0375 3588 IpInIp ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0375 3588 IpInIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0390 3588 IpNat ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0390 3588 IpNat ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0390 3588 IPSec ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0390 3588 IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0421 3588 IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0421 3588 IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0421 3588 isapnp ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0421 3588 isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0421 3588 Kbardsentca ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0421 3588 Kbardsentca ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0421 3588 Kbdclass ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0421 3588 Kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0437 3588 kmixer ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0437 3588 kmixer ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0453 3588 KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0453 3588 KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0453 3588 lanmanserver ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0453 3588 lanmanserver ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0453 3588 lanmanworkstation ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0453 3588 lanmanworkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0484 3588 LmHosts ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0484 3588 LmHosts ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0515 3588 LwAdiHid ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0515 3588 LwAdiHid ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0531 3588 Messenger ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0531 3588 Messenger ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0531 3588 mnmdd ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0531 3588 mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0531 3588 mnmsrvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0531 3588 mnmsrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0546 3588 Modem ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0546 3588 Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0546 3588 Mouclass ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0546 3588 Mouclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0562 3588 mouhid ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0562 3588 mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0578 3588 MountMgr ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0578 3588 MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0593 3588 MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0593 3588 MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0609 3588 MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0609 3588 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0609 3588 MSDTC ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0609 3588 MSDTC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0625 3588 Msfs ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0625 3588 Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0640 3588 MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0640 3588 MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0640 3588 MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0640 3588 MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0656 3588 MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0656 3588 MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0671 3588 mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0671 3588 mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0671 3588 MSTEE ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0671 3588 MSTEE ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0687 3588 ms_mpu401 ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0687 3588 ms_mpu401 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0687 3588 Mup ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0687 3588 Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0687 3588 NABTSFEC ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0687 3588 NABTSFEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0718 3588 NDIS ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0718 3588 NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0734 3588 NdisIP ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0734 3588 NdisIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0734 3588 NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0734 3588 NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0734 3588 Ndisuio ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0734 3588 Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0750 3588 NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0750 3588 NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0765 3588 NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0765 3588 NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0781 3588 NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0781 3588 NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0781 3588 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0781 3588 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0796 3588 NetDDE ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0796 3588 NetDDE ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0812 3588 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0812 3588 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0828 3588 Netlogon ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0828 3588 Netlogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0828 3588 Netman ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0828 3588 Netman ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0828 3588 Nla ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0828 3588 Nla ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0859 3588 Npfs ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0859 3588 Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0859 3588 Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0859 3588 Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0875 3588 NtLmSsp ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0875 3588 NtLmSsp ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0875 3588 NtmsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0875 3588 NtmsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0906 3588 Null ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0906 3588 Null ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0921 3588 nv ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0921 3588 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0921 3588 NwlnkFlt ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0921 3588 NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0921 3588 NwlnkFwd ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0921 3588 NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0953 3588 Parport ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0953 3588 Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0953 3588 PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0953 3588 PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0984 3588 ParVdm ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0984 3588 ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0984 3588 PCI ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0984 3588 PCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0000 3588 Pcmcia ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0000 3588 Pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0000 3588 PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0000 3588 PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0015 3588 PolicyAgent ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0015 3588 PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0031 3588 PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0031 3588 PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0046 3588 ProtectedStorage ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0046 3588 ProtectedStorage ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0046 3588 PSched ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0046 3588 PSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0046 3588 Ptilink ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0046 3588 Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0062 3588 RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0062 3588 RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0078 3588 RasAuto ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0078 3588 RasAuto ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0093 3588 Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0093 3588 Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0109 3588 RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0109 3588 RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0109 3588 RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0109 3588 RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0109 3588 Raspti ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0109 3588 Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0125 3588 Rdbss ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0125 3588 Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0140 3588 RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0140 3588 RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0156 3588 rdpdr ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0156 3588 rdpdr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0171 3588 RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0171 3588 RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0171 3588 RDSessMgr ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0171 3588 RDSessMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0171 3588 redbook ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0171 3588 redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0203 3588 RemoteAccess ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0203 3588 RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0203 3588 RemoteRegistry ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0203 3588 RemoteRegistry ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0218 3588 RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0218 3588 RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0218 3588 RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0218 3588 RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0234 3588 RSVP ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0234 3588 RSVP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0265 3588 rtl8139 ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0265 3588 rtl8139 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0312 3588 SamSs ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0328 3588 SamSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0328 3588 SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0328 3588 SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0343 3588 Schedule ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0343 3588 Schedule ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0343 3588 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0343 3588 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0375 3588 seclogon ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0375 3588 seclogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0390 3588 SENS ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0390 3588 SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0390 3588 serenum ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0390 3588 serenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0406 3588 Serial ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0406 3588 Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0421 3588 Sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0421 3588 Sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0421 3588 SharedAccess ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0421 3588 SharedAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0437 3588 ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0437 3588 ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0437 3588 SLIP ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0437 3588 SLIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0453 3588 SNP2STD ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0453 3588 SNP2STD ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0468 3588 splitter ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0468 3588 splitter ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0484 3588 Spooler ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0484 3588 Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0500 3588 sptd ( LockedFile.Multi.Generic ) - skipped by user
09:27:47.0500 3588 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
09:27:47.0515 3588 sr ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0515 3588 sr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0515 3588 srservice ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0515 3588 srservice ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0546 3588 Srv ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0546 3588 Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0546 3588 SSDPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0546 3588 SSDPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0562 3588 ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0562 3588 ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0562 3588 StarWindService ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0562 3588 StarWindService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0593 3588 stisvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0593 3588 stisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0593 3588 streamip ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0609 3588 streamip ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0609 3588 swenum ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0609 3588 swenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0609 3588 swmidi ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0609 3588 swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0640 3588 sysaudio ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0640 3588 sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0640 3588 SysmonLog ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0640 3588 SysmonLog ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0656 3588 TapiSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0656 3588 TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0656 3588 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0656 3588 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0671 3588 TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0671 3588 TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0671 3588 TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0671 3588 TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0687 3588 TermDD ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0687 3588 TermDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0718 3588 TermService ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0718 3588 TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0734 3588 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0734 3588 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0734 3588 TlntSvr ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0734 3588 TlntSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0734 3588 TrkWks ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0734 3588 TrkWks ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0750 3588 Udfs ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0750 3588 Udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0750 3588 UMWdf ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0750 3588 UMWdf ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0765 3588 Update ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0765 3588 Update ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0781 3588 upnphost ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0781 3588 upnphost ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0796 3588 UPS ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0796 3588 UPS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0812 3588 usbhub ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0812 3588 usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0812 3588 usbscan ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0812 3588 usbscan ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0828 3588 USBSTOR ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0828 3588 USBSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0843 3588 usbuhci ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0843 3588 usbuhci ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0859 3588 vaxscsi ( LockedFile.Multi.Generic ) - skipped by user
09:27:47.0859 3588 vaxscsi ( LockedFile.Multi.Generic ) - User select action: Skip
09:27:47.0859 3588 VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0859 3588 VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0875 3588 VolSnap ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0875 3588 VolSnap ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0906 3588 VSS ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0906 3588 VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0906 3588 W32Time ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0906 3588 W32Time ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0921 3588 Wanarp ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0921 3588 Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0921 3588 wdmaud ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0921 3588 wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0921 3588 WebClient ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0921 3588 WebClient ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0953 3588 winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0953 3588 winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0984 3588 WmdmPmSN ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0984 3588 WmdmPmSN ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0984 3588 Wmi ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0984 3588 Wmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0984 3588 WmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0984 3588 WmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:48.0000 3588 WS2IFSL ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:48.0000 3588 WS2IFSL ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:48.0015 3588 wscsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:48.0015 3588 wscsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:48.0031 3588 WSTCODEC ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:48.0031 3588 WSTCODEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:48.0046 3588 wuauserv ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:48.0046 3588 wuauserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:48.0046 3588 WZCSVC ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:48.0046 3588 WZCSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:48.0062 3588 xmlprov ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:48.0062 3588 xmlprov ( UnsignedFile.Multi.Generic ) - User select action: Skip
pummel |
|
08.10.2013, 09:13
| #12 |
| /// the machine /// TB-Ausbilder | TDSSKiller: MEM:Backdoor.Win32.Sinowal.dESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.10.2013, 16:27
| #13 |
| | TDSSKiller: MEM:Backdoor.Win32.Sinowal.d Hallo schrauber, Probleme gibt es keine mehr, danke. Hier erstmal die logs: ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d43a89219a68894c95a54e261ef1fea0
# engine=15308
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-30 03:53:46
# local_time=2013-09-30 05:53:47 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=774 16777213 85 91 279509 157266299 0 0
# scanned=91332
# found=1
# cleaned=0
# scan_time=5690
sh=D10C60C37B48B04118508529316553C12E9C82E2 ft=0 fh=0000000000000000 vn="Win32/TrojanClicker.VB.NMH trojan" ac=I fn="C:\Dokumente und Einstellungen\basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EXPMZEHS\244[1].gif"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d43a89219a68894c95a54e261ef1fea0
# engine=15314
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-30 08:13:10
# local_time=2013-09-30 10:13:10 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=774 16777213 85 91 295073 157281863 0 0
# scanned=91394
# found=1
# cleaned=1
# scan_time=5838
sh=D10C60C37B48B04118508529316553C12E9C82E2 ft=0 fh=0000000000000000 vn="Win32/TrojanClicker.VB.NMH trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Dokumente und Einstellungen\basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EXPMZEHS\244[1].gif"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d43a89219a68894c95a54e261ef1fea0
# engine=15398
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-08 02:11:33
# local_time=2013-10-08 04:11:33 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=774 16777213 85 91 964575 157951365 0 0
# scanned=56432
# found=0
# cleaned=0
# scan_time=20667
Code:
ATTFilter Results of screen317's Security Check version 0.99.74 Windows XP Service Pack 2 x86 Out of date service pack!! Internet Explorer 6 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Warten Sie, w„hrend WMIC installiert wird.d i s p l a y N a m e ECHO ist ausgeschaltet (OFF). a v a s t ! ECHO ist ausgeschaltet (OFF). A n t i v i r u s ECHO ist ausgeschaltet (OFF). Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 10.1.102.64 Flash Player out of Date! Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox 23.0.1 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast avastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by winnie (administrator) on ASGARD on 08-10-2013 16:50:06
Running from C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 6
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AVAST Software) C:\Programme\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
(Rocket Division Software) C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
(Canon Inc.) C:\Programme\Canon\CAL\CALMAIN.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Desktop.exe
(TeamViewer GmbH) c:\programme\teamviewer\version8\TeamViewer.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
(shbox.de) C:\Programme\FreePDF_XP\fpassist.exe
(C-Media Electronic Inc. (www.cmedia.com.tw)) C:\WINDOWS\Mixer.exe
(Sonix) C:\WINDOWS\vsnp2std.exe
(ArcSoft Inc.) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
(AVAST Software) C:\Programme\AVAST Software\Avast\avastUI.exe
(Nero AG) C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
(ArcSoft Inc.) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\tv_w32.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [CorelDRAW Graphics Suite 11b] - C:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe [733184 2003-11-28] (Corel Corporation)
HKLM\...\Run: [EPSON Stylus C86 Series] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE [99840 2003-11-25] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FreePDF Assistant] - C:\Programme\FreePDF_XP\fpassist.exe [312320 2007-06-26] (shbox.de)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [C-Media Mixer] - Mixer.exe /startup
HKLM\...\Run: [snp2std] - C:\WINDOWS\vsnp2std.exe [675840 2006-09-15] (Sonix)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [avast] - C:\Programme\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [94208 2005-09-08] (Nero AG)
HKU\basti\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [ 2005-09-08] (Nero AG)
HKU\basti\...\Run: [mscj.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscj.exe
HKU\basti\...\Run: [mscjm.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscjm.exe
HKU\basti\...\Run: [WdHelpSnap] - rundll32.exe "C:\Dokumente und Einstellungen\basti\Lokale Einstellungen\Anwendungsdaten\isaUser32\WdHelpSnap.dll",Applemapdrv userMouseman
HKU\basti\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe [ 2010-12-30] (Adobe Systems, Inc.)
HKU\katharina\...\Run: [srvh] - "C:\WINDOWS\system32\srvh.exe" -autorun
HKU\margarete\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [ 2005-09-08] (Nero AG)
HKU\margarete\...\Run: [] - "srvh.exe" -autorun
HKU\margarete\...\Run: [srvh] - "C:\WINDOWS\system32\srvh.exe" -autorun
HKU\matthias\...\Run: [AdobeUpdater] - C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe [ 2009-01-12] (Adobe Systems Incorporated)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Mozilla\Firefox\Profiles\6lgj5dmp.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programme\Microsoft Silverlight\npctrl.1.0.20926.0.dll ( Microsoft Corporation)
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Mozilla\Firefox\Profiles\6lgj5dmp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype extension for Firefox - C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Programme\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Programme\AVAST Software\Avast\WebRep\FF
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2007-04-06] ()
R2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 CCALib8; C:\Programme\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117656 2013-09-03] (Mozilla Foundation)
R2 StarWindService; C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [217600 2005-04-01] (Rocket Division Software)
R2 TeamViewer8; C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [5071712 2013-09-12] (TeamViewer GmbH)
==================== Drivers (Whitelisted) ====================
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R3 cmpci; C:\Windows\System32\drivers\cmaudio.sys [374094 2002-03-26] (C-Media Inc)
S3 hidgame; C:\Windows\System32\DRIVERS\hidgame.sys [8576 2001-08-17] (Microsoft Corporation)
S3 Kbardsentca; C:\WINDOWS\system32\drivers\MSPQM.sys [4992 2004-08-03] (Microsoft Corporation)
S3 LwAdiHid; C:\Windows\System32\DRIVERS\LwAdiHid.sys [20864 2004-08-03] (Logitech Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [48728 2013-09-27] (MalwareBytes)
R3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation)
R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2004-11-11] ()
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12039552 2007-04-09] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [642560 2007-04-06] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [21248 2008-04-14] (AVIRA GmbH)
R3 vaxscsi; C:\Windows\System32\Drivers\vaxscsi.sys [223128 2007-04-06] ()
S3 catchme; \??\C:\DOKUME~1\winnie\LOKALE~1\Temp\catchme.sys [x]
S4 InCDFs; system32\drivers\InCDFs.sys [x]
S1 InCDPass; system32\drivers\InCDPass.sys [x]
S1 InCDRm; system32\drivers\InCDRm.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-07 15:22 - 2013-10-07 15:22 - 00000582 _____ C:\Dokumente und Einstellungen\winnie\Desktop\JRT.txt
2013-10-05 19:51 - 2013-10-05 19:51 - 00030168 ____C C:\ComboFix.txt
2013-10-04 09:38 - 2013-10-05 19:51 - 00000000 ___DC C:\Qoobox
2013-10-04 09:38 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-04 09:38 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-04 09:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-04 09:36 - 2013-10-04 08:58 - 05130782 ____R (Swearware) C:\Dokumente und Einstellungen\winnie\Desktop\ComboFix.exe
2013-10-04 09:22 - 2013-10-04 09:22 - 00000000 ___SD C:\Dokumente und Einstellungen\winnie\UserData
2013-10-02 10:58 - 2013-10-02 10:58 - 00000000 RSHDC C:\cmdcons
2013-10-02 10:58 - 2007-04-06 14:15 - 00000211 ____C C:\Boot.bak
2013-10-02 10:58 - 2004-08-03 23:00 - 00262448 _RSHC C:\cmldr
2013-10-02 10:54 - 2013-10-05 19:48 - 00000000 ____D C:\WINDOWS\erdnt
2013-09-28 13:45 - 2013-10-08 16:50 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
2013-09-28 13:45 - 2013-09-28 13:45 - 00000000 ___DC C:\FRST
2013-09-27 20:48 - 2013-09-27 20:50 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-09-27 20:48 - 2013-09-27 20:48 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-27 12:16 - 2013-10-08 12:16 - 00000356 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-09-27 12:16 - 2013-09-27 12:16 - 00001653 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
2013-09-27 12:16 - 2013-09-27 12:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
2013-09-27 12:16 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00177864 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00049760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-09-27 12:16 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-09-27 12:12 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-09-27 12:10 - 2013-09-27 12:10 - 00000000 ____D C:\Programme\AVAST Software
2013-09-27 12:08 - 2013-09-27 12:10 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
2013-09-27 09:18 - 2013-09-26 18:08 - 131918888 _____ C:\Dokumente und Einstellungen\winnie\Desktop\avast_free_antivirus_setup.exe
2013-09-27 09:10 - 2013-09-27 09:10 - 00045082 _____ C:\Dokumente und Einstellungen\winnie\Desktop\OTL.Txt
2013-09-27 09:10 - 2013-09-27 09:10 - 00030338 _____ C:\Dokumente und Einstellungen\winnie\Desktop\Extras.Txt
2013-09-26 20:18 - 2013-09-26 20:18 - 00000756 _____ C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Malwarebytes
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
2013-09-26 20:17 - 2013-09-26 20:18 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-09-26 20:17 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-09-26 19:00 - 2013-09-26 19:00 - 00001998 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\AdwCleaner[S0].txt
2013-09-26 18:34 - 2013-10-07 13:53 - 00000000 ___DC C:\AdwCleaner
2013-09-26 18:33 - 2013-09-26 18:33 - 00000660 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\JRT.txt
2013-09-26 18:20 - 2013-09-26 18:20 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-26 18:19 - 2013-09-26 18:15 - 01030038 _____ (Thisisu) C:\Dokumente und Einstellungen\winnie\Desktop\JRT.exe
2013-09-26 18:17 - 2013-09-26 18:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Dokumente und Einstellungen\winnie\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-26 18:17 - 2013-09-26 18:14 - 00602112 _____ (OldTimer Tools) C:\Dokumente und Einstellungen\winnie\Desktop\OTL.exe
2013-09-26 18:15 - 2013-09-26 18:15 - 00002450 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\aswMBR.txt
2013-09-26 18:15 - 2013-09-26 18:15 - 00000512 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\MBR.dat
2013-09-26 13:02 - 2013-09-26 13:02 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-09-26 12:59 - 2013-09-27 20:48 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\mbar
2013-09-26 12:55 - 2013-09-26 12:54 - 02237968 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\winnie\Desktop\tdsskiller.exe
2013-09-26 12:22 - 2013-09-26 12:58 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\sophos
2013-09-26 12:10 - 2013-09-26 12:10 - 00001108 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\connections.reg
2013-09-26 09:57 - 2013-09-26 09:57 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Lokale Einstellungen\Anwendungsdaten\Sophos
2013-09-26 09:43 - 2013-09-27 18:59 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos
2013-09-26 09:34 - 2013-09-26 09:34 - 00000000 ____D C:\Programme\MSXML 4.0
2013-09-25 16:21 - 2013-09-26 09:29 - 00000000 ___DC C:\savw_100_sa
2013-09-25 14:15 - 2013-09-25 14:15 - 00000787 _____ C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 8.lnk
2013-09-25 14:15 - 2013-09-25 14:15 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8
2013-09-25 14:14 - 2013-09-25 14:14 - 00000000 ____D C:\Programme\TeamViewer
==================== One Month Modified Files and Folders =======
2013-10-08 16:50 - 2013-09-28 13:45 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
2013-10-08 16:21 - 2007-04-02 09:10 - 00000000 ___RD C:\Programme
2013-10-08 13:41 - 2007-04-02 08:24 - 00382828 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-08 12:16 - 2013-09-27 12:16 - 00000356 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-10-08 09:36 - 2007-04-02 09:13 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-08 09:36 - 2007-04-02 09:13 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-08 09:35 - 2007-04-02 08:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-08 09:34 - 2007-04-02 08:31 - 00032508 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-07 15:22 - 2013-10-07 15:22 - 00000582 _____ C:\Dokumente und Einstellungen\winnie\Desktop\JRT.txt
2013-10-07 13:55 - 2004-11-11 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-07 13:54 - 2007-04-06 14:17 - 00000190 ___SH C:\Dokumente und Einstellungen\winnie\ntuser.ini
2013-10-07 13:54 - 2007-04-06 14:17 - 00000000 ____D C:\Dokumente und Einstellungen\winnie
2013-10-07 13:53 - 2013-09-26 18:34 - 00000000 ___DC C:\AdwCleaner
2013-10-06 11:13 - 2007-06-27 18:43 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\Kunst
2013-10-06 00:16 - 2007-04-02 08:30 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService
2013-10-05 19:51 - 2013-10-05 19:51 - 00030168 ____C C:\ComboFix.txt
2013-10-05 19:51 - 2013-10-04 09:38 - 00000000 ___DC C:\Qoobox
2013-10-05 19:49 - 2007-04-10 12:30 - 00000000 ___RD C:\Dokumente und Einstellungen\margarete\Startmenü\Programme\Autostart
2013-10-05 19:48 - 2013-10-02 10:54 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-05 19:46 - 2004-11-11 14:00 - 00000227 ____C C:\WINDOWS\system.ini
2013-10-04 09:30 - 2007-06-04 17:08 - 00233760 ____C C:\Dokumente und Einstellungen\winnie\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2013-10-04 09:22 - 2013-10-04 09:22 - 00000000 ___SD C:\Dokumente und Einstellungen\winnie\UserData
2013-10-04 08:58 - 2013-10-04 09:36 - 05130782 ____R (Swearware) C:\Dokumente und Einstellungen\winnie\Desktop\ComboFix.exe
2013-10-04 08:49 - 2007-04-02 09:09 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2013-10-03 17:05 - 2007-04-02 08:22 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-10-02 10:58 - 2013-10-02 10:58 - 00000000 RSHDC C:\cmdcons
2013-10-02 10:58 - 2007-04-02 10:08 - 00000327 _RSHC C:\boot.ini
2013-10-01 13:50 - 2009-01-08 16:09 - 00000000 ____D C:\Programme\SkyTestFQ
2013-10-01 13:21 - 2013-09-03 17:39 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-10-01 13:13 - 2010-04-05 17:58 - 00000000 ___RD C:\Programme\Skype
2013-10-01 13:13 - 2010-01-08 16:52 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2013-09-28 13:45 - 2013-09-28 13:45 - 00000000 ___DC C:\FRST
2013-09-27 20:50 - 2013-09-27 20:48 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-09-27 20:48 - 2013-09-27 20:48 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-27 20:48 - 2013-09-26 12:59 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\mbar
2013-09-27 18:59 - 2013-09-26 09:43 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos
2013-09-27 12:16 - 2013-09-27 12:16 - 00001653 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
2013-09-27 12:16 - 2013-09-27 12:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
2013-09-27 12:16 - 2007-04-02 08:26 - 00002951 ____C C:\WINDOWS\system32\CONFIG.NT
2013-09-27 12:10 - 2013-09-27 12:10 - 00000000 ____D C:\Programme\AVAST Software
2013-09-27 12:10 - 2013-09-27 12:08 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
2013-09-27 09:10 - 2013-09-27 09:10 - 00045082 _____ C:\Dokumente und Einstellungen\winnie\Desktop\OTL.Txt
2013-09-27 09:10 - 2013-09-27 09:10 - 00030338 _____ C:\Dokumente und Einstellungen\winnie\Desktop\Extras.Txt
2013-09-27 07:56 - 2007-04-02 10:02 - 00000000 ____D C:\WINDOWS\twain_32
2013-09-26 20:18 - 2013-09-26 20:18 - 00000756 _____ C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Malwarebytes
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
2013-09-26 20:18 - 2013-09-26 20:17 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-09-26 19:00 - 2013-09-26 19:00 - 00001998 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\AdwCleaner[S0].txt
2013-09-26 18:33 - 2013-09-26 18:33 - 00000660 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\JRT.txt
2013-09-26 18:20 - 2013-09-26 18:20 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-26 18:16 - 2007-04-06 11:05 - 00000190 __SHC C:\Dokumente und Einstellungen\matthias\ntuser.ini
2013-09-26 18:15 - 2013-09-26 18:19 - 01030038 _____ (Thisisu) C:\Dokumente und Einstellungen\winnie\Desktop\JRT.exe
2013-09-26 18:15 - 2013-09-26 18:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Dokumente und Einstellungen\winnie\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-26 18:15 - 2013-09-26 18:15 - 00002450 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\aswMBR.txt
2013-09-26 18:15 - 2013-09-26 18:15 - 00000512 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\MBR.dat
2013-09-26 18:14 - 2013-09-26 18:17 - 00602112 _____ (OldTimer Tools) C:\Dokumente und Einstellungen\winnie\Desktop\OTL.exe
2013-09-26 18:08 - 2013-09-27 09:18 - 131918888 _____ C:\Dokumente und Einstellungen\winnie\Desktop\avast_free_antivirus_setup.exe
2013-09-26 15:59 - 2007-04-02 08:23 - 00000000 ____D C:\WINDOWS\srchasst
2013-09-26 13:02 - 2013-09-26 13:02 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-09-26 12:58 - 2013-09-26 12:22 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\sophos
2013-09-26 12:54 - 2013-09-26 12:55 - 02237968 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\winnie\Desktop\tdsskiller.exe
2013-09-26 12:32 - 2013-05-27 11:14 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Siblhzisnrb
2013-09-26 12:10 - 2013-09-26 12:10 - 00001108 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\connections.reg
2013-09-26 09:57 - 2013-09-26 09:57 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Lokale Einstellungen\Anwendungsdaten\Sophos
2013-09-26 09:34 - 2013-09-26 09:34 - 00000000 ____D C:\Programme\MSXML 4.0
2013-09-26 09:29 - 2013-09-25 16:21 - 00000000 ___DC C:\savw_100_sa
2013-09-26 09:27 - 2007-04-02 09:09 - 00796344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-25 15:03 - 2010-12-25 19:09 - 00000000 ____D C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744
2013-09-25 14:15 - 2013-09-25 14:15 - 00000787 _____ C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 8.lnk
2013-09-25 14:15 - 2013-09-25 14:15 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8
2013-09-25 14:14 - 2013-09-25 14:14 - 00000000 ____D C:\Programme\TeamViewer
2013-09-25 13:08 - 2007-04-06 14:21 - 00002495 _____ C:\Dokumente und Einstellungen\winnie\Desktop\Microsoft Word.lnk
2013-09-24 21:47 - 2007-08-22 15:04 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\e5
2013-09-22 11:55 - 2007-07-21 17:22 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\Ku5
2013-09-22 11:49 - 2007-04-15 20:26 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\d6
2013-09-22 11:47 - 2007-11-06 22:02 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\d5
2013-09-19 10:23 - 2007-04-10 12:30 - 00000190 ___SH C:\Dokumente und Einstellungen\margarete\ntuser.ini
2013-09-18 15:40 - 2007-07-21 17:39 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\formulare
2013-09-13 19:07 - 2012-07-09 17:53 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
Files to move or delete:
====================
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\dm.ini
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 1035264 ____A (Microsoft Corporation) 22fe1be02eadde1632e478e4125639e0
C:\Windows\System32\winlogon.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0507392 ____A (Microsoft Corporation) 2b6a0baf33a9918f09442d873848ff72
C:\Windows\System32\svchost.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0014336 ____A (Microsoft Corporation) 65a819b121eb6fdab4400ea42bdffe64
C:\Windows\System32\services.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0108544 ____A (Microsoft Corporation) edb6b81761bd60f32f740bbc40afb676
C:\Windows\System32\User32.dll
[2004-11-11 14:00] - [2004-11-11 14:00] - 0578560 ____A (Microsoft Corporation) 56785fd5236d7b22cf471a6da9db46d8
C:\Windows\System32\userinit.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0025088 ____A (Microsoft Corporation) d1e53dc57143f2584b1dd53b036c0633
C:\Windows\System32\Drivers\volsnap.sys
[2004-11-11 14:00] - [2004-11-11 14:00] - 0053760 ____A (Microsoft Corporation) d6888520ff56d72a50437e371ca25fc9
==================== End Of Log ============================
--- --- --- FRST Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by winnie at 2013-10-08 17:01:30
Running from C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
Adobe Flash Player 10 Plugin (Version: 10.1.102.64)
Adobe Photoshop CS (Version: CS)
Adobe Reader 8.1.2 - Deutsch (Version: 8.1.2)
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Apache HTTP Server 2.2.10 (Version: 2.2.10)
avast! Free Antivirus (Version: 8.0.1497.0)
Bomberclone
Bridge Builder
Canon Camera Access Library (Version: 8.1.1.17)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.2.0.8)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.1.0.7)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.2.0.5)
Canon Internet Library for ZoomBrowser EX (Version: 1.4.2.6)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.4.0.7)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.5.0.5)
Canon Utilities Digital Photo Professional 2.2 (Version: 2.2.0.1)
Canon Utilities EOS Utility (Version: 1.1.0.8)
Canon Utilities PhotoStitch (Version: 3.1.18.42)
Canon Utilities ZoomBrowser EX (Version: 5.7.0.74)
CorelDRAW Graphics Suite 12 (Version: 12.0.0.458)
ElsterFormular für Privatanwender (Version: 12.3.2.6814p)
EPSON PhotoQuicker3.5
EPSON Web-To-Page
EPSON-Drucker-Software
ESC86 Referenzhandbuch
ESC86 Softwarehandbuch
FreePDF XP (Remove only)
GTK+ Runtime 2.14.7 rev a (remove only)
IrfanView (remove only)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MediaImpression 2.0 for PENTAX (Version: 2.0.63.630)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft Office XP Professional mit FrontPage (Version: 10.0.2701.01)
Microsoft Silverlight (Version: 1.0.20926.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero 7 Ultra Edition (Version: 7.00.0177)
PCI Audio Driver
RedMon - Redirection Port Monitor
ScanToWeb
Skype Toolbars (Version: 1.0.4051)
Skype™ 5.0 (Version: 5.0.152)
TeamViewer 8 (Version: 8.0.20935)
USB Scanner
USB2.0 PC Camera (SN9C201&202) (Version: 5.7.22.000)
WebFldrs XP (Version: 9.50.7523)
Windows Installer 3.1 (KB893803) (Version: 3.1)
WinRAR Archivierer
WINZD 2013-04
ZTestHL 12.0.0 (Version: 12.0.0)
==================== Restore Points =========================
03-10-2013 15:05:28 Systemprüfpunkt
04-10-2013 06:48:55 Sygate Personal Firewall wird entfernt
08-10-2013 02:33:50 Systemprüfpunkt
==================== Hosts content: ==========================
2004-11-11 14:00 - 2013-10-05 19:46 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Programme\AVAST Software\Avast\AvastEmUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-10-07 09:51 - 2013-10-07 08:38 - 02104832 _____ () C:\Programme\AVAST Software\Avast\defs\13100700\algo.dll
2008-02-12 20:52 - 2005-01-06 19:33 - 00116224 _____ () C:\WINDOWS\system32\redmonnt.dll
2007-04-06 10:29 - 2005-10-19 11:56 - 00125952 ____N () C:\Programme\WinRAR\rarext.dll
2004-11-11 14:00 - 2004-11-11 14:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/27/2013 00:27:17 PM) (Source: crypt32) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (09/27/2013 00:27:05 PM) (Source: crypt32) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (09/27/2013 00:27:02 PM) (Source: crypt32) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (09/19/2013 10:04:19 AM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.
Error: (09/19/2013 10:04:19 AM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.
Error: (09/12/2013 05:57:30 PM) (Source: Microsoft Office 10) (User: )
Description: Faulting application winword.exe, version 10.0.2627.0, faulting module winword.exe, version 10.0.2627.0, fault address 0x00046c3b.
Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.
Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.
Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.
Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.
System errors:
=============
Error: (10/08/2013 09:32:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TeamViewer 8" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error: (10/08/2013 09:32:11 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Canon Camera Access Library 8" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/08/2013 09:32:11 AM) (Source: Service Control Manager) (User: )
Description: Dienst "StarWind iSCSI Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/08/2013 09:32:09 AM) (Source: Service Control Manager) (User: )
Description: Dienst "ArcSoft Connect Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/08/2013 09:22:11 AM) (Source: Windows Update Agent) (User: )
Description: Verbindung kann nicht hergestellt werden: Die Verbindung mit dem Dienst für automatische Updates konnte nicht hergestellt werden, so dass keine Updates zum angegebenen Zeitplan übertragen und installiert werden können. Es wird weiterhin versucht, eine Verbindung herzustellen.
Error: (10/06/2013 09:22:11 AM) (Source: Windows Update Agent) (User: )
Description: Verbindung kann nicht hergestellt werden: Die Verbindung mit dem Dienst für automatische Updates konnte nicht hergestellt werden, so dass keine Updates zum angegebenen Zeitplan übertragen und installiert werden können. Es wird weiterhin versucht, eine Verbindung herzustellen.
Error: (10/02/2013 01:38:04 PM) (Source: System Error) (User: )
Description: Fehlercode 0000004d, 1. Parameter 0001d218, 2. Parameter 0001d218, 3. Parameter 0000769e, 4. Parameter 00000000.
Error: (10/02/2013 01:37:56 PM) (Source: System Error) (User: )
Description: Fehlercode 100000ea, 1. Parameter 819b3700, 2. Parameter 82157008, 3. Parameter f8964cb4, 4. Parameter 00000001.
Error: (10/02/2013 01:37:48 PM) (Source: System Error) (User: )
Description: Fehlercode 000000ea, 1. Parameter 82146be0, 2. Parameter 820296e0, 3. Parameter 82023230, 4. Parameter 00000001.
Error: (10/02/2013 01:37:43 PM) (Source: System Error) (User: )
Description: Fehlercode 100000ea, 1. Parameter 82141020, 2. Parameter 820dabf8, 3. Parameter f8968cb4, 4. Parameter 00000001.
Microsoft Office Sessions:
=========================
Error: (09/27/2013 00:27:17 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (09/27/2013 00:27:05 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (09/27/2013 00:27:02 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (09/19/2013 10:04:19 AM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a
Error: (09/19/2013 10:04:19 AM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a
Error: (09/12/2013 05:57:30 PM) (Source: Microsoft Office 10)(User: )
Description: winword.exe10.0.2627.0winword.exe10.0.2627.000046c3b
Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a
Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a
Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a
Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a
==================== Memory info ===========================
Percentage of memory in use: 70%
Total physical RAM: 511.49 MB
Available physical RAM: 148.76 MB
Total Pagefile: 1249.54 MB
Available Pagefile: 942.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.47 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:19.53 GB) (Free:5.31 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:14.65 GB) (Free:3.29 GB) NTFS
Drive e: () (Fixed) (Total:3.98 GB) (Free:3.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 38 GB) (Disk ID: 0AE20AE1)
Partition 1: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=19 GB) - (Type=OF Extended)
==================== End Of Log ============================
Beste Grüße, pummel |
|
09.10.2013, 08:16
| #14 |
| /// the machine /// TB-Ausbilder | TDSSKiller: MEM:Backdoor.Win32.Sinowal.d Vor allem Windows. Das Servicepack 3 gibt es schon 5 Jahre. Jetzt updaten, nach dem Fix. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\basti\...\Run: [mscj.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscj.exe
HKU\basti\...\Run: [mscjm.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscjm.exe
HKU\margarete\...\Run: [] - "srvh.exe" -autorun
HKU\margarete\...\Run: [srvh] - "C:\WINDOWS\system32\srvh.exe" -autorun
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\dm.ini
C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744
C:\WINDOWS\system32\srvh.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Jetzt so oft Win Update aufsuchen und alles installieren bis nach mehreren Reboots keine Updates mehr angezeigt werden, dann bitte ein frisches FRST log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.10.2013, 11:19
| #15 |
| | TDSSKiller: MEM:Backdoor.Win32.Sinowal.d Hallo schrauber, ja, das ist wohl wahr. Man sollte sich nicht drauf verlassen, dass die Herrschaften immer das machen, was man ihnen predigt. Hier ist schon mal die Fixlog. Der Rest wird vermutlich noch etwas dauern. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by winnie at 2013-10-09 10:31:32 Run:1
Running from C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\basti\...\Run: [mscj.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscj.exe
HKU\basti\...\Run: [mscjm.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscjm.exe
HKU\margarete\...\Run: [] - "srvh.exe" -autorun
HKU\margarete\...\Run: [srvh] - "C:\WINDOWS\system32\srvh.exe" -autorun
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\dm.ini
C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744
C:\WINDOWS\system32\srvh.exe
*****************
HKU\basti\Software\Microsoft\Windows\CurrentVersion\Run\\mscj.exe => Value deleted successfully.
HKU\basti\Software\Microsoft\Windows\CurrentVersion\Run\\mscjm.exe => Value deleted successfully.
HKU\margarete\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\margarete\Software\Microsoft\Windows\CurrentVersion\Run\\srvh => Value deleted successfully.
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\dm.ini => Moved successfully.
C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744 => Moved successfully.
"C:\WINDOWS\system32\srvh.exe" => File/Directory not found.
==== End of Fixlog ====
Beste Grüße, pummel |
|
| Themen zu TDSSKiller: MEM:Backdoor.Win32.Sinowal.d |
| avast, backdoor.win32.sinowal.d, canon, computer, detected, frage, log, log file, object, policyagent, rootkit, sigcheck, system, windows, windows xp |
Linear-Darstellung
