| |
| |||||||
Log-Analyse und Auswertung: TDSSKiller: MEM:Backdoor.Win32.Sinowal.dWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.10.2013, 10:17
| #1 |
| |  TDSSKiller: MEM:Backdoor.Win32.Sinowal.d Hallo zusammen, nachdem meine Eltern einen netten Brief von ihrem Internetanbieter bekommen haben mit der Bitte, doch mal ihren PC (uralt, XP SP2) unter die Lupe zu nehmen, habe ich das mal gemacht. Vermutlich haben sie sich über irgendeinen Anhang was eingefangen. Ich habe bereits u.a. folgende Software genutzt, ohne jedoch irgendetwas zu löschen oder einen Versuch unternommen zu haben, etwas auszumerzen: 1. Avast: kein Fund. 2. MBAM: kein Fund. 3. aswMBR: 2 rote Zeilen bei 17:11:46.093 Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-28 17:04:02
-----------------------------
17:04:02.640 OS Version: Windows 5.1.2600 Service Pack 2
17:04:02.640 Number of processors: 1 586 0x204
17:04:02.843 ComputerName: ASGARD UserName: winnie
17:04:09.859 Initialize success
17:04:20.234 AVAST engine defs: 13092800
17:10:07.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:10:07.375 Disk 0 Vendor: Maxtor_4D040H2 DAH017K0 Size: 39083MB BusType: 3
17:10:07.546 Disk 0 MBR read successfully
17:10:07.546 Disk 0 MBR scan
17:10:07.593 Disk 0 Windows XP default MBR code
17:10:07.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20002 MB offset 63
17:10:07.640 Disk 0 Partition - 00 0F Extended LBA 19069 MB offset 40965750
17:10:07.750 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14998 MB offset 40965813
17:10:07.750 Disk 0 Partition - 00 05 Extended 4071 MB offset 71682030
17:10:07.781 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 4071 MB offset 71682093
17:10:07.796 Disk 0 scanning sectors +80019765
17:10:08.140 Disk 0 scanning C:\WINDOWS\system32\drivers
17:10:31.859 Service scanning
17:10:42.953 Service Kbardsentca C:\WINDOWS\C:\WINDOWS\system32\drivers\MSPQM.sys **LOCKED** 123
17:10:56.500 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
17:11:01.859 Service vaxscsi C:\WINDOWS\System32\Drivers\vaxscsi.sys **LOCKED** 32
17:11:05.281 Modules scanning
17:11:46.031 Disk 0 trace - called modules:
17:11:46.093 ntoskrnl.exe >>UNKNOWN [0x8239feb0]<<
17:11:46.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82350ab8]
17:11:46.093 \Driver\Disk[0x82374a08] -> IRP_MJ_CREATE -> 0x8239feb0
17:11:46.796 AVAST engine scan C:\WINDOWS
17:11:54.765 AVAST engine scan C:\WINDOWS\system32
17:15:40.203 AVAST engine scan C:\WINDOWS\system32\drivers
17:16:02.281 AVAST engine scan C:\Dokumente und Einstellungen\winnie
17:51:34.296 AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:52:59.765 Scan finished successfully
17:58:02.968 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner\MBR.dat"
17:58:03.109 The log file has been saved successfully to "C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner\aswMBR.txt"
Code:
ATTFilter 10:43:25.0000 1684 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:43:26.0296 1684 ============================================================
10:43:26.0328 1684 Current date / time: 2013/10/01 10:43:26.0296
10:43:26.0328 1684 SystemInfo:
10:43:26.0328 1684
10:43:26.0328 1684 OS Version: 5.1.2600 ServicePack: 2.0
10:43:26.0328 1684 Product type: Workstation
10:43:26.0328 1684 ComputerName: ASGARD
10:43:26.0406 1684 UserName: winnie
10:43:26.0406 1684 Windows directory: C:\WINDOWS
10:43:26.0406 1684 System windows directory: C:\WINDOWS
10:43:26.0406 1684 Processor architecture: Intel x86
10:43:26.0406 1684 Number of processors: 1
10:43:26.0406 1684 Page size: 0x1000
10:43:26.0406 1684 Boot type: Normal boot
10:43:26.0406 1684 ============================================================
10:43:28.0984 1684 Drive \Device\Harddisk0\DR0 - Size: 0x98ABA0000 (38.17 Gb), SectorSize: 0x200, Cylinders: 0x1376, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:43:29.0031 1684 ============================================================
10:43:29.0031 1684 \Device\Harddisk0\DR0:
10:43:29.0031 1684 MBR partitions:
10:43:29.0046 1684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
10:43:29.0062 1684 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x1D4B139
10:43:29.0156 1684 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x445C82D, BlocksNum 0x7F3908
10:43:29.0156 1684 ============================================================
10:43:29.0218 1684 C: <-> \Device\Harddisk0\DR0\Partition1
10:43:29.0250 1684 D: <-> \Device\Harddisk0\DR0\Partition2
10:43:29.0281 1684 E: <-> \Device\Harddisk0\DR0\Partition3
10:43:29.0281 1684 ============================================================
10:43:29.0281 1684 Initialize success
10:43:29.0281 1684 ============================================================
10:43:42.0140 1936 ============================================================
10:43:42.0140 1936 Scan started
10:43:42.0140 1936 Mode: Manual; SigCheck; TDLFS;
10:43:42.0140 1936 ============================================================
10:43:42.0671 1936 ================ Scan system memory ========================
10:43:50.0765 1936 System memory ( MEM:Backdoor.Win32.Sinowal.d ) - infected
10:43:50.0765 1936 System memory - detected MEM:Backdoor.Win32.Sinowal.d (0)
10:43:50.0765 1936 ================ Scan services =============================
10:43:51.0203 1936 Abiosdsk - ok
10:43:51.0218 1936 abp480n5 - ok
10:43:51.0359 1936 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
10:43:52.0265 1936 ACDaemon - ok
10:43:52.0359 1936 [ 94B4741D2CF9ED38140B831293D1601A ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:44:01.0000 1936 ACPI - ok
10:44:01.0156 1936 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:44:01.0656 1936 ACPIEC - ok
10:44:01.0765 1936 [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
10:44:01.0921 1936 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
10:44:01.0921 1936 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
10:44:01.0953 1936 adpu160m - ok
10:44:02.0046 1936 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:44:02.0671 1936 aec - ok
10:44:02.0703 1936 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
10:44:02.0812 1936 Afc - ok
10:44:02.0890 1936 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:44:03.0609 1936 AFD - ok
10:44:03.0656 1936 [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
10:44:04.0234 1936 agp440 - ok
10:44:04.0250 1936 Aha154x - ok
10:44:04.0281 1936 aic78u2 - ok
10:44:04.0375 1936 aic78xx - ok
10:44:04.0453 1936 [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:44:05.0187 1936 Alerter - ok
10:44:05.0203 1936 [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG C:\WINDOWS\System32\alg.exe
10:44:05.0703 1936 ALG - ok
10:44:05.0781 1936 AliIde - ok
10:44:05.0796 1936 amsint - ok
10:44:05.0843 1936 [ BECD5328E7869807D6557BE4FE60C72F ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:44:06.0390 1936 AppMgmt - ok
10:44:06.0390 1936 asc - ok
10:44:06.0484 1936 asc3350p - ok
10:44:06.0500 1936 asc3550 - ok
10:44:06.0765 1936 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:44:06.0843 1936 aspnet_state - ok
10:44:06.0890 1936 [ B9FE438B3CAD82B2014710349A2022F7 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
10:44:06.0937 1936 aswFsBlk - ok
10:44:07.0046 1936 [ AE5549DD21F6DE06406031EF1D51ACC3 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
10:44:07.0171 1936 aswMonFlt - ok
10:44:07.0218 1936 [ D084D0A7A66619FC29776CBBB9D5FA55 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
10:44:07.0250 1936 AswRdr - ok
10:44:07.0343 1936 [ FA72FA503F580C3C628DD8C7D7622E37 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
10:44:07.0375 1936 aswRvrt - ok
10:44:07.0468 1936 [ 4D53349D848C6BADB3D4ACBE98C27676 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
10:44:07.0625 1936 aswSnx - ok
10:44:07.0687 1936 [ 813024DFD54A41B3AFAE2B1E2796CB80 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
10:44:07.0828 1936 aswSP - ok
10:44:07.0859 1936 [ 5E18413310134130D7772F0668698CB7 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
10:44:07.0890 1936 aswTdi - ok
10:44:07.0953 1936 [ A5F637D61719D37A5B4868C385E363C0 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
10:44:07.0984 1936 aswVmm - ok
10:44:08.0046 1936 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:44:08.0593 1936 AsyncMac - ok
10:44:08.0671 1936 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:44:09.0156 1936 atapi - ok
10:44:09.0171 1936 Atdisk - ok
10:44:09.0328 1936 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:44:10.0000 1936 Atmarpc - ok
10:44:10.0046 1936 [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:44:10.0656 1936 AudioSrv - ok
10:44:10.0718 1936 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:44:11.0203 1936 audstub - ok
10:44:11.0343 1936 [ 9330941C8F6DF417F6DBBE998DB6687E ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
10:44:11.0359 1936 avast! Antivirus - ok
10:44:11.0453 1936 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:44:12.0015 1936 Beep - ok
10:44:12.0109 1936 [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS C:\WINDOWS\system32\qmgr.dll
10:44:12.0953 1936 BITS - ok
10:44:13.0015 1936 [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser C:\WINDOWS\System32\browser.dll
10:44:13.0484 1936 Browser - ok
10:44:13.0562 1936 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:44:14.0218 1936 cbidf2k - ok
10:44:14.0265 1936 [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8 C:\Programme\Canon\CAL\CALMAIN.exe
10:44:14.0453 1936 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
10:44:14.0453 1936 CCALib8 - detected UnsignedFile.Multi.Generic (1)
10:44:14.0562 1936 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:44:15.0109 1936 CCDECODE - ok
10:44:15.0109 1936 cd20xrnt - ok
10:44:15.0171 1936 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:44:15.0609 1936 Cdaudio - ok
10:44:15.0671 1936 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:44:16.0187 1936 Cdfs - ok
10:44:16.0218 1936 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:44:16.0875 1936 Cdrom - ok
10:44:16.0890 1936 Changer - ok
10:44:16.0968 1936 [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:44:17.0562 1936 CiSvc - ok
10:44:17.0593 1936 [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:44:18.0281 1936 ClipSrv - ok
10:44:18.0343 1936 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:44:18.0453 1936 clr_optimization_v2.0.50727_32 - ok
10:44:18.0515 1936 CmdIde - ok
10:44:18.0640 1936 [ 9120C9CAAC11A6149B6B1EB1598733B6 ] cmpci C:\WINDOWS\system32\drivers\cmaudio.sys
10:44:19.0000 1936 cmpci - ok
10:44:19.0015 1936 COMSysApp - ok
10:44:19.0109 1936 Cpqarray - ok
10:44:19.0250 1936 [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:44:19.0812 1936 CryptSvc - ok
10:44:19.0828 1936 dac2w2k - ok
10:44:19.0906 1936 dac960nt - ok
10:44:20.0046 1936 [ 9F28FF58D6D67B123272869D89D14004 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:44:20.0843 1936 DcomLaunch - ok
10:44:20.0906 1936 [ 69F986B2688BA95A0D9362B0E233D5FF ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:44:21.0578 1936 Dhcp - ok
10:44:21.0656 1936 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:44:22.0218 1936 Disk - ok
10:44:22.0296 1936 dmadmin - ok
10:44:22.0390 1936 [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:44:23.0109 1936 dmboot - ok
10:44:23.0156 1936 [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:44:23.0796 1936 dmio - ok
10:44:23.0843 1936 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:44:24.0437 1936 dmload - ok
10:44:24.0468 1936 [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver C:\WINDOWS\System32\dmserver.dll
10:44:25.0093 1936 dmserver - ok
10:44:25.0140 1936 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:44:25.0718 1936 DMusic - ok
10:44:25.0765 1936 [ D1F5B71BBAEEE07B78980DBD878C0BC7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:44:26.0343 1936 Dnscache - ok
10:44:26.0359 1936 dpti2o - ok
10:44:26.0421 1936 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:44:26.0968 1936 drmkaud - ok
10:44:27.0062 1936 [ 877A4512CC9074D6954776AF47021766 ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:44:27.0562 1936 ERSvc - ok
10:44:27.0625 1936 [ EDB6B81761BD60F32F740BBC40AFB676 ] Eventlog C:\WINDOWS\system32\services.exe
10:44:28.0265 1936 Eventlog - ok
10:44:28.0296 1936 [ 4E1A8645EE77CB9454FFE53C59620A25 ] EventSystem C:\WINDOWS\system32\es.dll
10:44:28.0906 1936 EventSystem - ok
10:44:28.0953 1936 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:44:29.0406 1936 Fastfat - ok
10:44:29.0468 1936 [ BAC5F7F0C2B8C1B9832594851E0F9914 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:44:29.0968 1936 FastUserSwitchingCompatibility - ok
10:44:30.0031 1936 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
10:44:30.0531 1936 Fdc - ok
10:44:30.0578 1936 [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:44:31.0156 1936 Fips - ok
10:44:31.0203 1936 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:44:31.0796 1936 Flpydisk - ok
10:44:31.0859 1936 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:44:32.0296 1936 FltMgr - ok
10:44:32.0328 1936 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:44:32.0828 1936 Fs_Rec - ok
10:44:32.0890 1936 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:44:33.0546 1936 Ftdisk - ok
10:44:33.0562 1936 [ 5F92FD09E5610A5995DA7D775EADCD12 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
10:44:34.0187 1936 gameenum - ok
10:44:34.0218 1936 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:44:34.0609 1936 Gpc - ok
10:44:34.0703 1936 [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:44:35.0296 1936 helpsvc - ok
10:44:35.0406 1936 [ 923EE4EEF2582909A056904CA8026015 ] hidgame C:\WINDOWS\system32\DRIVERS\hidgame.sys
10:44:35.0984 1936 hidgame - ok
10:44:36.0000 1936 HidServ - ok
10:44:36.0046 1936 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:44:36.0500 1936 HidUsb - ok
10:44:36.0515 1936 hpn - ok
10:44:36.0593 1936 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:44:37.0125 1936 HTTP - ok
10:44:37.0203 1936 [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:44:37.0828 1936 HTTPFilter - ok
10:44:37.0843 1936 i2omgmt - ok
10:44:37.0859 1936 i2omp - ok
10:44:37.0906 1936 [ 7C575018D0413440D75432A78B88C899 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:44:38.0421 1936 i8042prt - ok
10:44:38.0609 1936 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
10:44:38.0765 1936 IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:44:38.0765 1936 IDriverT - detected UnsignedFile.Multi.Generic (1)
10:44:38.0828 1936 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:44:39.0359 1936 Imapi - ok
10:44:39.0500 1936 [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService C:\WINDOWS\system32\imapi.exe
10:44:40.0031 1936 ImapiService - ok
10:44:40.0046 1936 InCDFs - ok
10:44:40.0109 1936 InCDPass - ok
10:44:40.0140 1936 InCDRm - ok
10:44:40.0281 1936 ini910u - ok
10:44:40.0421 1936 [ D63C33F65F6EBC732116403D88883B2D ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
10:44:40.0906 1936 IntelIde - ok
10:44:40.0968 1936 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:44:41.0609 1936 Ip6Fw - ok
10:44:41.0640 1936 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:44:42.0187 1936 IpFilterDriver - ok
10:44:42.0250 1936 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:44:42.0734 1936 IpInIp - ok
10:44:42.0765 1936 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:44:43.0359 1936 IpNat - ok
10:44:43.0421 1936 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:44:43.0953 1936 IPSec - ok
10:44:44.0031 1936 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:44:44.0359 1936 IRENUM - ok
10:44:44.0437 1936 [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:44:44.0890 1936 isapnp - ok
10:44:44.0953 1936 [ 1988A33FF19242576C3D0EF9CE785DA7 ] Kbardsentca C:\WINDOWS\system32\drivers\MSPQM.sys
10:44:45.0625 1936 Kbardsentca - ok
10:44:45.0671 1936 [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:44:46.0218 1936 Kbdclass - ok
10:44:46.0265 1936 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:44:46.0781 1936 kmixer - ok
10:44:46.0828 1936 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:44:47.0453 1936 KSecDD - ok
10:44:47.0515 1936 [ F8170AA51CD202BC062B8A0983F361B7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:44:48.0203 1936 lanmanserver - ok
10:44:48.0234 1936 [ 36D74668F5448D55887FA3958488DC06 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:44:48.0953 1936 lanmanworkstation - ok
10:44:49.0046 1936 lbrtfdc - ok
10:44:49.0109 1936 [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:44:49.0578 1936 LmHosts - ok
10:44:49.0656 1936 [ A8FE41A339CEB3B517321A7FF0ED67C5 ] LwAdiHid C:\WINDOWS\system32\DRIVERS\LwAdiHid.sys
10:44:50.0250 1936 LwAdiHid - ok
10:44:50.0281 1936 [ B749B05D5A7AD704E47D4565B4894D99 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
10:44:50.0359 1936 mbamchameleon - ok
10:44:50.0390 1936 [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:44:51.0093 1936 Messenger - ok
10:44:51.0140 1936 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:44:51.0656 1936 mnmdd - ok
10:44:51.0718 1936 [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:44:52.0421 1936 mnmsrvc - ok
10:44:52.0453 1936 [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:44:52.0968 1936 Modem - ok
10:44:53.0015 1936 [ 71E15CA47FD947552054AFB28536268F ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:44:53.0468 1936 Mouclass - ok
10:44:53.0484 1936 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:44:54.0171 1936 mouhid - ok
10:44:54.0218 1936 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:44:54.0781 1936 MountMgr - ok
10:44:54.0875 1936 [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
10:44:54.0968 1936 MozillaMaintenance - ok
10:44:54.0968 1936 mraid35x - ok
10:44:55.0062 1936 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:44:55.0640 1936 MRxDAV - ok
10:44:55.0687 1936 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:44:56.0234 1936 MRxSmb - ok
10:44:56.0312 1936 [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:44:56.0906 1936 MSDTC - ok
10:44:56.0968 1936 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:44:57.0609 1936 Msfs - ok
10:44:57.0625 1936 MSIServer - ok
10:44:57.0671 1936 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:44:58.0203 1936 MSKSSRV - ok
10:44:58.0234 1936 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:44:58.0875 1936 MSPCLOCK - ok
10:44:58.0906 1936 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:44:59.0546 1936 MSPQM - ok
10:44:59.0609 1936 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:45:00.0234 1936 mssmbios - ok
10:45:00.0281 1936 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
10:45:00.0750 1936 MSTEE - ok
10:45:00.0781 1936 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
10:45:01.0453 1936 ms_mpu401 - ok
10:45:01.0500 1936 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:45:02.0078 1936 Mup - ok
10:45:02.0140 1936 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:45:02.0687 1936 NABTSFEC - ok
10:45:02.0750 1936 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:45:03.0343 1936 NDIS - ok
10:45:03.0390 1936 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:45:03.0875 1936 NdisIP - ok
10:45:03.0906 1936 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:45:04.0421 1936 NdisTapi - ok
10:45:04.0453 1936 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:45:05.0203 1936 Ndisuio - ok
10:45:05.0234 1936 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:45:05.0687 1936 NdisWan - ok
10:45:05.0718 1936 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:45:06.0359 1936 NDProxy - ok
10:45:06.0359 1936 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:45:06.0968 1936 NetBIOS - ok
10:45:07.0000 1936 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:45:07.0703 1936 NetBT - ok
10:45:07.0750 1936 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE C:\WINDOWS\system32\netdde.exe
10:45:08.0406 1936 NetDDE - ok
10:45:08.0421 1936 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:45:09.0031 1936 NetDDEdsdm - ok
10:45:09.0078 1936 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:45:09.0656 1936 Netlogon - ok
10:45:09.0687 1936 [ CDF4DA6B518105343FE9E8AFBBF8FBF4 ] Netman C:\WINDOWS\System32\netman.dll
10:45:10.0296 1936 Netman - ok
10:45:10.0375 1936 [ B36E08F680BAE4DFC5C24D00A2DFC9E7 ] Nla C:\WINDOWS\System32\mswsock.dll
10:45:10.0921 1936 Nla - ok
10:45:10.0968 1936 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:45:11.0453 1936 Npfs - ok
10:45:11.0625 1936 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:45:12.0359 1936 Ntfs - ok
10:45:12.0390 1936 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:45:12.0921 1936 NtLmSsp - ok
10:45:13.0000 1936 [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:45:13.0718 1936 NtmsSvc - ok
10:45:13.0765 1936 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:45:14.0328 1936 Null - ok
10:45:14.0484 1936 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:45:15.0375 1936 nv - ok
10:45:15.0406 1936 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:45:15.0937 1936 NwlnkFlt - ok
10:45:16.0031 1936 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:45:16.0734 1936 NwlnkFwd - ok
10:45:16.0765 1936 [ B2F17A2EDB5450E61973A037F63A595B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
10:45:17.0250 1936 Parport - ok
10:45:17.0312 1936 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:45:17.0843 1936 PartMgr - ok
10:45:17.0953 1936 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:45:18.0546 1936 ParVdm - ok
10:45:18.0578 1936 [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:45:19.0078 1936 PCI - ok
10:45:19.0078 1936 PCIDump - ok
10:45:19.0156 1936 PCIIde - ok
10:45:19.0281 1936 [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:45:19.0859 1936 Pcmcia - ok
10:45:19.0859 1936 PDCOMP - ok
10:45:19.0875 1936 PDFRAME - ok
10:45:19.0968 1936 PDRELI - ok
10:45:20.0062 1936 PDRFRAME - ok
10:45:20.0140 1936 perc2 - ok
10:45:20.0218 1936 perc2hib - ok
10:45:20.0359 1936 [ EDB6B81761BD60F32F740BBC40AFB676 ] PlugPlay C:\WINDOWS\system32\services.exe
10:45:21.0062 1936 PlugPlay - ok
10:45:21.0140 1936 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:45:21.0796 1936 PolicyAgent - ok
10:45:21.0843 1936 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:45:22.0421 1936 PptpMiniport - ok
10:45:22.0500 1936 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:45:22.0968 1936 ProtectedStorage - ok
10:45:23.0000 1936 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:45:23.0531 1936 PSched - ok
10:45:23.0750 1936 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:45:24.0328 1936 Ptilink - ok
10:45:24.0359 1936 ql1080 - ok
10:45:24.0375 1936 Ql10wnt - ok
10:45:24.0390 1936 ql12160 - ok
10:45:24.0421 1936 ql1240 - ok
10:45:24.0453 1936 ql1280 - ok
10:45:24.0515 1936 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:45:25.0015 1936 RasAcd - ok
10:45:25.0078 1936 [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:45:25.0859 1936 RasAuto - ok
10:45:25.0890 1936 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:45:26.0328 1936 Rasl2tp - ok
10:45:26.0390 1936 [ A5D2D745A2AEFA327DCA6DA317B5FD70 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:45:27.0062 1936 RasMan - ok
10:45:27.0109 1936 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:45:27.0718 1936 RasPppoe - ok
10:45:27.0781 1936 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:45:28.0359 1936 Raspti - ok
10:45:28.0406 1936 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:45:29.0109 1936 Rdbss - ok
10:45:29.0125 1936 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:45:29.0734 1936 RDPCDD - ok
10:45:29.0812 1936 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:45:30.0437 1936 rdpdr - ok
10:45:30.0593 1936 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:45:31.0109 1936 RDPWD - ok
10:45:31.0140 1936 [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:45:31.0875 1936 RDSessMgr - ok
10:45:31.0937 1936 [ AA56702E230860565CB8D43680F57F33 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:45:32.0515 1936 redbook - ok
10:45:32.0546 1936 [ EBA80CDF25E02084857957E820004934 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:45:33.0265 1936 RemoteAccess - ok
10:45:33.0343 1936 [ AE81CF7D7CFA79CD03E8FB99788A7E09 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
10:45:34.0390 1936 RemoteRegistry - ok
10:45:34.0437 1936 [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator C:\WINDOWS\system32\locator.exe
10:45:34.0968 1936 RpcLocator - ok
10:45:35.0046 1936 [ 9F28FF58D6D67B123272869D89D14004 ] RpcSs C:\WINDOWS\system32\rpcss.dll
10:45:35.0875 1936 RpcSs - ok
10:45:35.0921 1936 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:45:36.0546 1936 RSVP - ok
10:45:36.0593 1936 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
10:45:37.0203 1936 rtl8139 - ok
10:45:37.0218 1936 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs C:\WINDOWS\system32\lsass.exe
10:45:37.0859 1936 SamSs - ok
10:45:37.0906 1936 [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:45:38.0562 1936 SCardSvr - ok
10:45:38.0609 1936 [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:45:39.0125 1936 Schedule - ok
10:45:39.0156 1936 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:45:39.0468 1936 Secdrv - ok
10:45:39.0531 1936 [ FED544B43903FB801B106F062110358A ] seclogon C:\WINDOWS\System32\seclogon.dll
10:45:40.0218 1936 seclogon - ok
10:45:40.0250 1936 [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS C:\WINDOWS\system32\sens.dll
10:45:40.0937 1936 SENS - ok
10:45:40.0953 1936 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:45:41.0609 1936 serenum - ok
10:45:41.0640 1936 [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:45:42.0140 1936 Serial - ok
10:45:42.0156 1936 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:45:42.0640 1936 Sfloppy - ok
10:45:42.0703 1936 [ 9245420422E409A25C1410ACB4244060 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:45:43.0390 1936 SharedAccess - ok
10:45:43.0437 1936 [ BAC5F7F0C2B8C1B9832594851E0F9914 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:45:44.0015 1936 ShellHWDetection - ok
10:45:44.0015 1936 Simbad - ok
10:45:44.0078 1936 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:45:44.0562 1936 SLIP - ok
10:45:44.0828 1936 [ F3CC67EBBD33EC8D87BE51169B5ADD6D ] SmcService C:\Programme\Sygate\SPF\smc.exe
10:45:45.0062 1936 SmcService - ok
10:45:45.0687 1936 [ 8C5AF605A85C5214D40542D933DA737C ] SNP2STD C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
10:45:47.0406 1936 SNP2STD - ok
10:45:47.0484 1936 [ 8A12AB5DE877B8F97D5EE70E16A5C9B2 ] Sophos AutoUpdate Service c:\Programme\Sophos\AutoUpdate\ALsvc.exe
10:45:47.0656 1936 Sophos AutoUpdate Service - ok
10:45:47.0671 1936 Sparrow - ok
10:45:47.0750 1936 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:45:48.0484 1936 splitter - ok
10:45:48.0531 1936 [ 54E7113A4BD696E430919BCAF5C65E06 ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:45:49.0203 1936 Spooler - ok
10:45:49.0296 1936 [ 87E7F21843FCDC6AF1967A928929CFF9 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
10:45:49.0296 1936 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 87E7F21843FCDC6AF1967A928929CFF9
10:45:49.0312 1936 sptd ( LockedFile.Multi.Generic ) - warning
10:45:49.0312 1936 sptd - detected LockedFile.Multi.Generic (1)
10:45:49.0375 1936 [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:45:49.0765 1936 sr - ok
10:45:49.0796 1936 [ 015F302C4CF961F20C3F98F3A7CA7917 ] srservice C:\WINDOWS\system32\srsvc.dll
10:45:50.0765 1936 srservice - ok
10:45:50.0796 1936 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:45:51.0453 1936 Srv - ok
10:45:51.0531 1936 [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:45:52.0890 1936 SSDPSRV - ok
10:45:52.0937 1936 [ 71D609C5DFF067906D930BDE031C4CFE ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:45:53.0125 1936 ssmdrv ( UnsignedFile.Multi.Generic ) - warning
10:45:53.0125 1936 ssmdrv - detected UnsignedFile.Multi.Generic (1)
10:45:53.0234 1936 [ AB2B9349ADA4AC5EC74B622B8303FE23 ] StarWindService C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
10:45:53.0640 1936 StarWindService ( UnsignedFile.Multi.Generic ) - warning
10:45:53.0640 1936 StarWindService - detected UnsignedFile.Multi.Generic (1)
10:45:53.0718 1936 [ 7E751068ADA60FC77638622E86A7CD9E ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:45:54.0468 1936 stisvc - ok
10:45:54.0546 1936 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:45:55.0031 1936 streamip - ok
10:45:55.0062 1936 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:45:55.0703 1936 swenum - ok
10:45:55.0750 1936 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:45:56.0312 1936 swmidi - ok
10:45:56.0328 1936 SwPrv - ok
10:45:56.0406 1936 symc810 - ok
10:45:56.0484 1936 symc8xx - ok
10:45:56.0562 1936 sym_hi - ok
10:45:56.0593 1936 sym_u3 - ok
10:45:56.0703 1936 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:45:57.0484 1936 sysaudio - ok
10:45:57.0546 1936 [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:45:58.0234 1936 SysmonLog - ok
10:45:58.0265 1936 [ 4584E2A5FE662AB3E7C32936E1449043 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:45:58.0921 1936 TapiSrv - ok
10:45:59.0000 1936 [ 09EB23A4567BDD56D9580A059E616E23 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:45:59.0171 1936 Tcpip ( UnsignedFile.Multi.Generic ) - warning
10:45:59.0171 1936 Tcpip - detected UnsignedFile.Multi.Generic (1)
10:45:59.0218 1936 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:45:59.0765 1936 TDPIPE - ok
10:45:59.0812 1936 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:46:00.0921 1936 TDTCP - ok
10:46:01.0625 1936 [ 576918B02840A360702051BC4269B13F ] TeamViewer8 C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
10:46:02.0890 1936 TeamViewer8 - ok
10:46:02.0984 1936 [ 64E59FCF5F81F55442E8476CE8E54CA0 ] Teefer C:\WINDOWS\system32\Drivers\Teefer.sys
10:46:03.0078 1936 Teefer ( UnsignedFile.Multi.Generic ) - warning
10:46:03.0078 1936 Teefer - detected UnsignedFile.Multi.Generic (1)
10:46:03.0125 1936 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:46:03.0625 1936 TermDD - ok
10:46:03.0687 1936 [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService C:\WINDOWS\System32\termsrv.dll
10:46:04.0437 1936 TermService - ok
10:46:04.0468 1936 [ BAC5F7F0C2B8C1B9832594851E0F9914 ] Themes C:\WINDOWS\System32\shsvcs.dll
10:46:05.0187 1936 Themes - ok
10:46:05.0234 1936 [ 58708746B8267033E5CF2B29659E7F74 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
10:46:05.0750 1936 TlntSvr - ok
10:46:05.0765 1936 TosIde - ok
10:46:05.0875 1936 [ A34E894201D66E380E1FA96FE11B587E ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:46:06.0531 1936 TrkWks - ok
10:46:06.0593 1936 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:46:07.0234 1936 Udfs - ok
10:46:07.0250 1936 ultra - ok
10:46:07.0281 1936 [ 1977313E362C8732C1AF4D1BCB9C06B7 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
10:46:07.0765 1936 UMWdf - ok
10:46:07.0828 1936 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:46:08.0296 1936 Update - ok
10:46:08.0343 1936 [ 09D4A2D7C5A8ABEC227D118765FAADDF ] upnphost C:\WINDOWS\System32\upnphost.dll
10:46:08.0796 1936 upnphost - ok
10:46:08.0828 1936 [ A99F867E76CFDAA28EE305B93F70E84F ] UPS C:\WINDOWS\System32\ups.exe
10:46:09.0453 1936 UPS - ok
10:46:09.0484 1936 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:46:10.0000 1936 usbhub - ok
10:46:10.0140 1936 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:46:10.0671 1936 usbscan - ok
10:46:10.0718 1936 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:46:11.0218 1936 USBSTOR - ok
10:46:11.0250 1936 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:46:11.0812 1936 usbuhci - ok
10:46:11.0859 1936 [ 92CEBC2BC7BE2C8D49391B365569F306 ] vaxscsi C:\WINDOWS\System32\Drivers\vaxscsi.sys
10:46:11.0875 1936 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92CEBC2BC7BE2C8D49391B365569F306
10:46:11.0890 1936 vaxscsi ( LockedFile.Multi.Generic ) - warning
10:46:11.0890 1936 vaxscsi - detected LockedFile.Multi.Generic (1)
10:46:11.0937 1936 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:46:12.0390 1936 VgaSave - ok
10:46:12.0406 1936 ViaIde - ok
10:46:12.0468 1936 [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:46:13.0000 1936 VolSnap - ok
10:46:13.0046 1936 [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS C:\WINDOWS\System32\vssvc.exe
10:46:13.0625 1936 VSS - ok
10:46:13.0703 1936 [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time C:\WINDOWS\system32\w32time.dll
10:46:14.0375 1936 W32Time - ok
10:46:14.0406 1936 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:46:14.0890 1936 Wanarp - ok
10:46:14.0906 1936 WDICA - ok
10:46:14.0953 1936 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:46:15.0578 1936 wdmaud - ok
10:46:15.0609 1936 [ 1EB51FEEA9D3208EAE60604F4346C02E ] WebClient C:\WINDOWS\System32\webclnt.dll
10:46:16.0296 1936 WebClient - ok
10:46:16.0328 1936 [ 8E95E30E9031C3AC25EC2455DA19831F ] wg3n C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
10:46:16.0500 1936 wg3n ( UnsignedFile.Multi.Generic ) - warning
10:46:16.0500 1936 wg3n - detected UnsignedFile.Multi.Generic (1)
10:46:16.0640 1936 [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:46:17.0171 1936 winmgmt - ok
10:46:17.0296 1936 [ 5FDCCC838CD95F61097D8A637F842AA8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
10:46:17.0921 1936 WmdmPmSN - ok
10:46:17.0984 1936 [ 9CBB06E4438D6A0D52A46E0B44796D37 ] Wmi C:\WINDOWS\System32\advapi32.dll
10:46:18.0687 1936 Wmi - ok
10:46:18.0859 1936 [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:46:19.0375 1936 WmiApSrv - ok
10:46:19.0390 1936 [ F62A090F00C5B4E597E8AA4B1048CE05 ] wpsdrvnt C:\WINDOWS\system32\drivers\wpsdrvnt.sys
10:46:19.0562 1936 wpsdrvnt ( UnsignedFile.Multi.Generic ) - warning
10:46:19.0562 1936 wpsdrvnt - detected UnsignedFile.Multi.Generic (1)
10:46:19.0656 1936 [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:46:20.0375 1936 wscsvc - ok
10:46:20.0421 1936 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:46:20.0921 1936 WSTCODEC - ok
10:46:20.0953 1936 [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:46:21.0687 1936 wuauserv - ok
10:46:21.0781 1936 [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:46:22.0578 1936 WZCSVC - ok
10:46:22.0640 1936 [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:46:23.0296 1936 xmlprov - ok
10:46:23.0312 1936 ================ Scan global ===============================
10:46:23.0390 1936 [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
10:46:23.0468 1936 [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll
10:46:23.0640 1936 [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll
10:46:23.0828 1936 [ EDB6B81761BD60F32F740BBC40AFB676 ] C:\WINDOWS\system32\services.exe
10:46:23.0890 1936 [Global] - ok
10:46:23.0953 1936 ================ Scan MBR ==================================
10:46:23.0968 1936 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
10:46:25.0640 1936 \Device\Harddisk0\DR0 - ok
10:46:25.0656 1936 ================ Scan VBR ==================================
10:46:25.0687 1936 [ D7570C01026DEA662DA683AF40399D1A ] \Device\Harddisk0\DR0\Partition1
10:46:25.0687 1936 \Device\Harddisk0\DR0\Partition1 - ok
10:46:25.0734 1936 [ 3FF55E3A650A7955AB6B83B31FA29385 ] \Device\Harddisk0\DR0\Partition2
10:46:25.0734 1936 \Device\Harddisk0\DR0\Partition2 - ok
10:46:25.0796 1936 [ 87B48A5169851BA98B6AEB60CB5BF175 ] \Device\Harddisk0\DR0\Partition3
10:46:25.0796 1936 \Device\Harddisk0\DR0\Partition3 - ok
10:46:25.0796 1936 ============================================================
10:46:25.0796 1936 Scan finished
10:46:25.0796 1936 ============================================================
10:46:25.0984 1900 Detected object count: 12
10:46:25.0984 1900 Actual detected object count: 12
10:59:12.0218 1900 System memory ( MEM:Backdoor.Win32.Sinowal.d ) - skipped by user
10:59:12.0218 1900 System memory ( MEM:Backdoor.Win32.Sinowal.d ) - User select action: Skip
10:59:12.0218 1900 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0218 1900 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0250 1900 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0250 1900 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0250 1900 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0250 1900 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0281 1900 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:59:12.0281 1900 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
10:59:12.0312 1900 ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0312 1900 ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0312 1900 StarWindService ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0312 1900 StarWindService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0375 1900 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0375 1900 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0375 1900 Teefer ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0375 1900 Teefer ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0390 1900 vaxscsi ( LockedFile.Multi.Generic ) - skipped by user
10:59:12.0390 1900 vaxscsi ( LockedFile.Multi.Generic ) - User select action: Skip
10:59:12.0437 1900 wg3n ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0437 1900 wg3n ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0437 1900 wpsdrvnt ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0437 1900 wpsdrvnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
Besten Dank schon mal! pummel Geändert von pummelfee (01.10.2013 um 10:33 Uhr) |
| Themen zu TDSSKiller: MEM:Backdoor.Win32.Sinowal.d |
| avast, backdoor.win32.sinowal.d, canon, computer, detected, frage, log, log file, object, policyagent, rootkit, sigcheck, system, windows, windows xp |
Baum-Darstellung