| |
| |||||||
Log-Analyse und Auswertung: syshost.exe trojaner/rootkitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.09.2014, 13:21
| #1 |
| |  syshost.exe trojaner/rootkit Guten Abend, vielleicht lässt sich die Sache einfach durch Dateien löschen lösen, aber da bei virustotal der scan von Malwarebytes "Rootkit" im Namen führt, möchte ich mal auf Nummer sicher gehen. Aber von vorne. Als mir eine hohe Auslastung durch "syshost.exe" aufgefallen ist dachte ich ersteinmal nur "und wer steckt jetzt wieder dahinter", da Systemprozess ja gerne mal mehrere Sachen zusammengefasst anzeigen (wie zB svchost) Also Process Explorer angeworfen und ein bisschen reingeguckt, und er liest mich keine Strings und kein Environment sehen, hatte eine offene TCP/IP Verbindung auf eine russische Domain, die aber niederländisch gehostet ist ( h47-91.net.ix-host.ru ) und liest mich weder die einzelnen Threads, noch den ganzen Prozess killen. Mit dem nichtsnutzigem Security Task Manager habe ich zumindest den Prozess abgeschossen bekommen. WOfür Process Explorer dann wieder gut war: Er hat mir gesagt, wie lange der Prozess schon aktiv ist (eine Woche -.-) und somit konnte ich schon eine ganze Reihe an verdächtigen Dateien, einschließlich syshost.exe selbst, finden und hochladen: https://www.virustotal.com/de/file/142f0ab2229bda3c6cc0412f967ed5b79f71ca0ecf04faab87f927639fe598f9/analysis/1411145937/ MBAM: Code:
ATTFilter <mbam-log>
<header>
<date>
2014/09/19 20:10:19 +0200
</date>
<logfile>
mbam-log-2014-09-19 (20-10-19).xml
</logfile>
<isadmin>
yes
</isadmin>
</header>
<engine>
<version>
2.00.2.1012
</version>
<malware-database>
v2014.09.19.05
</malware-database>
<rootkit-database>
v2014.09.18.01
</rootkit-database>
<license>
free
</license>
<file-protection>
disabled
</file-protection>
<web-protection>
disabled
</web-protection>
<self-protection>
disabled
</self-protection>
</engine>
<system>
<osversion>
Windows XP Service Pack 3
</osversion>
<arch>
x86
</arch>
<username>
Administrator
</username>
<filesys>
NTFS
</filesys>
</system>
<summary>
<type>
threat
</type>
<result>
completed
</result>
<objects>
273272
</objects>
<time>
570
</time>
<processes>
0
</processes>
<modules>
0
</modules>
<keys>
0
</keys>
<values>
0
</values>
<datas>
0
</datas>
<folders>
0
</folders>
<files>
1
</files>
<sectors>
0
</sectors>
</summary>
<options>
<memory>
enabled
</memory>
<startup>
enabled
</startup>
<filesystem>
enabled
</filesystem>
<archives>
enabled
</archives>
<rootkits>
disabled
</rootkits>
<deeprootkit>
disabled
</deeprootkit>
<heuristics>
enabled
</heuristics>
<pup>
enabled
</pup>
<pum>
enabled
</pum>
</options>
<items>
<file>
<path>
C:\WINDOWS\Installer\{B2383C33-D063-4B80-83DA-6A48639A34A9}\syshost.exe
</path>
<vendor>
Rootkit.Necurs.FMSGen
</vendor>
<action>
success
</action>
<hash>
d6abe50a740761d518a1dbd0837e8977
</hash>
</file>
</items>
</mbam-log>
FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 Ran by Administrator (administrator) on EEE-PC on 20-09-2014 13:33:32 Running from C:\Dokumente und Einstellungen\Administrator\Desktop\Software Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 6 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Broadcom Corporation.) C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe (BinarySense Ltd.) C:\Programme\Gemeinsame Dateien\BinarySense\disksvc.exe () C:\Programme\ShrewSoft\VPN Client\iked.exe () C:\Programme\ShrewSoft\VPN Client\ipsecd.exe (Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe (Ralink Technology, Corp.) C:\Programme\RALINK\Common\RaRegistry.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) C:\WINDOWS\SoundMan.exe (ASUSTeK Computer Inc.) C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) C:\Programme\EeePC\ACPI\AsEPCMon.exe (ELANTECH Devices Corp.) C:\Programme\Elantech\ETDCtrl.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Broadcom Corporation.) C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (ASUSTeK Computer Inc.) C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (Intel Corporation) C:\WINDOWS\system32\igfxext.exe (Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe (Broadcom Corporation.) C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE (Sysinternals - www.sysinternals.com) C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Rar$EX00.015\procexp.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16861696 2008-04-28] (Realtek Semiconductor Corp.) HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [86016 2006-07-22] (Realtek Semiconductor Corp.) HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2808832 2006-05-05] (RealTek Semicoductor Corp.) HKLM\...\Run: [AsusTray] => C:\Programme\EeePC\ACPI\AsTray.exe [114688 2008-12-04] (ASUSTeK Computer Inc.) HKLM\...\Run: [AsusACPIServer] => C:\Programme\EeePC\ACPI\AsAcpiSvr.exe [622592 2008-12-17] (ASUSTeK Computer Inc.) HKLM\...\Run: [AsusEPCMonitor] => C:\Programme\EeePC\ACPI\AsEPCMon.exe [94208 2008-05-21] (ASUSTeK Computer Inc.) HKLM\...\Run: [ETDWare] => C:\Programme\Elantech\ETDCtrl.exe [416768 2009-01-23] (ELANTECH Devices Corp.) HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] () HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation) HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION! HKU\S-1-5-21-507921405-1708537768-515967899-500\...\Run: [DAEMON Tools Lite] => C:\Programme\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd) HKU\S-1-5-21-507921405-1708537768-515967899-500\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe [829832 2013-10-16] (Adobe Systems Incorporated) HKU\S-1-5-21-507921405-1708537768-515967899-500\...\MountPoints2: {1a044bad-8676-11df-bc7a-dda4b44cc282} - E:\SVABICE\\\\\\\\\ZABICE.exe HKU\S-1-5-21-507921405-1708537768-515967899-500\...\MountPoints2: {3cc42a8c-1f42-11e0-bca5-002215f32eb3} - F:\Autorun.exe Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk ShortcutTarget: BTTray.lnk -> C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ralink Wireless Utility.lnk ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Programme\RALINK\Common\RaUI.exe (Ralink Technology, Corp.) Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk ShortcutTarget: SuperHybridEngine.lnk -> C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home SearchScopes: HKLM - DefaultScope value is missing. BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Programme\Microsoft ActiveSync\aatp.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{A10F0BB1-078C-41C7-B039-FBDBBE111E5E}: [NameServer] 134.130.4.1,134.130.5.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) Locked "6cb4f0b1c715c25e" service could not be unlocked. <===== ATTENTION Locked "syshost32" service could not be unlocked. <===== ATTENTION R2 btwdins; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [264800 2008-01-29] (Broadcom Corporation.) R2 HDD & SSD access service; C:\Programme\Gemeinsame Dateien\BinarySense\disksvc.exe [165888 2010-06-22] (BinarySense Ltd.) [File not signed] R2 iked; C:\Programme\ShrewSoft\VPN Client\iked.exe [772408 2013-07-01] () R2 ipsecd; C:\Programme\ShrewSoft\VPN Client\ipsecd.exe [544400 2013-07-01] () R2 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182696 2013-10-29] (Oracle Corporation) R2 RalinkRegistryWriter; C:\Programme\RALINK\Common\RaRegistry.exe [185632 2009-12-15] (Ralink Technology, Corp.) S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AsusACPI; C:\WINDOWS\System32\DRIVERS\ASUSACPI.sys [10752 2008-04-08] (ASUSTeK Computer Inc.) S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539640 2007-12-10] (Broadcom Corporation.) R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.) R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [879624 2007-11-21] (Broadcom Corporation.) S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156392 2007-06-29] (Broadcom Corporation.) S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [55352 2007-03-31] (Broadcom Corporation.) S3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37280 2007-03-23] (Broadcom Corporation.) S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [74688 2007-11-27] (Broadcom Corporation.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R1 FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [12288 2008-04-14] (Microsoft Corporation) R3 Ktp; C:\WINDOWS\System32\DRIVERS\ETD.sys [93696 2009-02-12] (ELANTECH Devices Corp.) R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [36864 2008-03-12] (Atheros Communications, Inc.) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) U0 ojugue; C:\WINDOWS\System32\drivers\xmkwhhvk.sys [52440 2014-09-19] (Malwarebytes Corporation) R3 pflt; C:\WINDOWS\System32\DRIVERS\vfilter.sys [24192 2013-07-01] (Shrew Soft Inc) S3 RT80x86; C:\WINDOWS\System32\DRIVERS\RT2860.sys [1323040 2010-02-04] (Ralink Technology, Corp.) R2 Scutum50; C:\WINDOWS\System32\Drivers\Scutum50.sys [19072 2009-04-21] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2010-05-12] () [File not signed] S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [25984 2009-07-16] (The OpenVPN Project) [File not signed] S3 vnet; C:\WINDOWS\System32\DRIVERS\virtualnet.sys [11904 2013-07-01] (Shrew Soft Inc) S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [104064 2004-12-06] (Microsoft Corporation) U3 a7qpbvr4; C:\WINDOWS\system32\Drivers\a7qpbvr4.sys [0 ] (Microsoft Corporation) U5 6cb4f0b1c715c25e; C:\Windows\System32\Drivers\6cb4f0b1c715c25e.sys [69120 2014-09-12] () <===== ATTENTION Necurs Rootkit? S4 IntelIde; No ImagePath S3 vpnva; system32\DRIVERS\vpnva.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-20 13:30 - 2014-09-20 13:33 - 00000000 ____D () C:\FRST 2014-09-19 20:20 - 2014-09-19 20:20 - 00052440 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\xmkwhhvk.sys 2014-09-19 19:54 - 2014-09-19 19:54 - 00000000 ____D () C:\Programme\ Malwarebytes Anti-Malware 2014-09-19 19:54 - 2014-09-19 19:54 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ Malwarebytes Anti-Malware 2014-09-19 19:54 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-09-12 09:28 - 2014-09-12 09:28 - 00069120 _____ () C:\WINDOWS\system32\Drivers\6cb4f0b1c715c25e.sys 2014-08-23 20:33 - 2014-08-23 20:33 - 00005309 _____ () C:\WINDOWS\KB2964358.log 2014-08-23 20:33 - 2014-08-23 20:33 - 00004952 _____ () C:\WINDOWS\KB2884256.log 2014-08-23 20:33 - 2014-08-23 20:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2964358$ 2014-08-23 20:33 - 2014-08-23 20:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2936068$ 2014-08-23 20:33 - 2014-08-23 20:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-08-23 20:33 - 2014-08-23 20:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2884256$ 2014-08-23 20:32 - 2014-08-23 20:33 - 00012178 _____ () C:\WINDOWS\KB2922229.log 2014-08-23 20:31 - 2014-08-23 20:33 - 00013728 _____ () C:\WINDOWS\KB2936068.log 2014-08-23 20:31 - 2013-08-29 02:56 - 00026240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbser.sys 2014-08-23 20:18 - 2014-08-23 20:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-08-23 20:16 - 2014-08-23 20:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-20 13:34 - 2010-05-10 09:40 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp 2014-09-20 13:33 - 2014-09-20 13:30 - 00000000 ____D () C:\FRST 2014-09-20 13:33 - 2010-06-15 07:15 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Desktop\Software 2014-09-20 13:27 - 2010-05-09 23:20 - 01922950 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-19 20:20 - 2014-09-19 20:20 - 00052440 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\xmkwhhvk.sys 2014-09-19 20:20 - 2011-01-09 23:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2443685$ 2014-09-19 20:06 - 2010-07-09 19:18 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2014-09-19 19:54 - 2014-09-19 19:54 - 00000000 ____D () C:\Programme\ Malwarebytes Anti-Malware 2014-09-19 19:54 - 2014-09-19 19:54 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ Malwarebytes Anti-Malware 2014-09-19 19:54 - 2010-07-09 19:18 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2014-09-19 19:54 - 2010-05-10 00:02 - 00000000 ___RD () C:\Programme 2014-09-19 19:54 - 2010-05-10 00:02 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme 2014-09-19 18:53 - 2013-12-11 19:35 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan 2014-09-19 18:38 - 2013-07-20 22:28 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla 2014-09-19 18:34 - 2010-06-13 13:09 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\uTorrent 2014-09-19 17:44 - 2010-12-30 23:05 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Desktop\TMP 2014-09-19 14:45 - 2010-10-17 22:04 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype 2014-09-12 09:28 - 2014-09-12 09:28 - 00069120 _____ () C:\WINDOWS\system32\Drivers\6cb4f0b1c715c25e.sys 2014-09-10 20:18 - 2012-12-22 08:11 - 00640698 _____ () C:\WINDOWS\setupapi.log 2014-09-05 13:16 - 2010-05-10 00:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-09-05 13:16 - 2010-05-10 00:05 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-09-05 13:16 - 2010-05-09 23:33 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-05 13:16 - 2010-05-09 23:02 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2014-09-05 13:15 - 2010-05-10 09:40 - 00000190 ___SH () C:\Dokumente und Einstellungen\Administrator\ntuser.ini 2014-09-05 13:15 - 2010-05-09 23:33 - 00032628 _____ () C:\WINDOWS\SchedLgU.Txt 2014-08-31 15:32 - 2013-02-01 23:23 - 00000682 _____ () C:\Dokumente und Einstellungen\All Users\Startmenü\LINE.lnk 2014-08-31 15:32 - 2013-02-01 23:23 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\LINE 2014-08-30 15:21 - 2010-05-09 23:18 - 00089915 _____ () C:\WINDOWS\wmsetup.log 2014-08-23 20:33 - 2014-08-23 20:33 - 00005309 _____ () C:\WINDOWS\KB2964358.log 2014-08-23 20:33 - 2014-08-23 20:33 - 00004952 _____ () C:\WINDOWS\KB2884256.log 2014-08-23 20:33 - 2014-08-23 20:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2964358$ 2014-08-23 20:33 - 2014-08-23 20:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2936068$ 2014-08-23 20:33 - 2014-08-23 20:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-08-23 20:33 - 2014-08-23 20:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2884256$ 2014-08-23 20:33 - 2014-08-23 20:32 - 00012178 _____ () C:\WINDOWS\KB2922229.log 2014-08-23 20:33 - 2014-08-23 20:31 - 00013728 _____ () C:\WINDOWS\KB2936068.log 2014-08-23 20:33 - 2010-05-12 10:56 - 00051435 _____ () C:\WINDOWS\updspapi.log 2014-08-23 20:33 - 2010-05-10 00:03 - 01854099 _____ () C:\WINDOWS\iis6.log 2014-08-23 20:33 - 2010-05-10 00:03 - 01583073 _____ () C:\WINDOWS\FaxSetup.log 2014-08-23 20:33 - 2010-05-10 00:03 - 00805480 _____ () C:\WINDOWS\ocgen.log 2014-08-23 20:33 - 2010-05-10 00:03 - 00742311 _____ () C:\WINDOWS\tsoc.log 2014-08-23 20:33 - 2010-05-10 00:03 - 00540321 _____ () C:\WINDOWS\comsetup.log 2014-08-23 20:33 - 2010-05-10 00:03 - 00513740 _____ () C:\WINDOWS\msmqinst.log 2014-08-23 20:33 - 2010-05-10 00:03 - 00329785 _____ () C:\WINDOWS\ntdtcsetup.log 2014-08-23 20:33 - 2010-05-10 00:03 - 00279660 _____ () C:\WINDOWS\netfxocm.log 2014-08-23 20:33 - 2010-05-10 00:03 - 00111731 _____ () C:\WINDOWS\MedCtrOC.log 2014-08-23 20:33 - 2010-05-10 00:03 - 00089210 _____ () C:\WINDOWS\ocmsn.log 2014-08-23 20:33 - 2010-05-10 00:03 - 00079601 _____ () C:\WINDOWS\msgsocm.log 2014-08-23 20:33 - 2010-05-10 00:03 - 00079313 _____ () C:\WINDOWS\tabletoc.log 2014-08-23 20:33 - 2010-05-10 00:03 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-08-23 20:33 - 2010-05-10 00:03 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-08-23 20:25 - 2010-05-10 00:02 - 00277240 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-08-23 20:21 - 2014-03-12 22:36 - 00009026 _____ () C:\WINDOWS\KB2929961.log 2014-08-23 20:18 - 2014-08-23 20:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-08-23 20:17 - 2014-03-12 22:36 - 00010349 _____ () C:\WINDOWS\KB2930275.log 2014-08-23 20:16 - 2014-08-23 20:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ Some content of TEMP: ==================== C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\20140129031049968jniverify.dll C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\jre-7u51-windows-i586-iftw.exe C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\jre-7u55-windows-i586-iftw.exe C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\jre-7u67-windows-i586-iftw.exe C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\secuniasi5215972083521042157.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ //interesasnt: one month created files and folders ist nicht so ganz vollständig, da verschiedene andere Dateien, die auch am 12.9. 9:27 aufgetaucht sind, nicht aufgeführt werden addition FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Administrator at 2014-09-20 13:35:46
Running from C:\Dokumente und Einstellungen\Administrator\Desktop\Software
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\ShockwaveFlash) (Version: 9 - Adobe Systems)
Asus ACPI Driver (HKLM\...\{19F5658D-92E8-4A08-8657-D38ABB1574B2}) (Version: 4.00.0010 - ASUSTek Computer)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Continuum 0.40 (HKLM\...\Continuum_is1) (Version: - )
Dymola 7.0 (HKLM\...\{460F13C2-D782-4C15-A88E-88FCD50CC4C7}) (Version: 7.0.219 - Dynasim AB)
ECAP (HKLM\...\{85E3CFBC-9B1B-470C-AF72-54EACA0F1322}) (Version: 1.0.1.4 - ECAP)
Eee Instant Key (HKLM\...\{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}) (Version: 1.06 - ASUS)
ETDWare PS/2-x86 7.0.4.3 WHQL (HKLM\...\Elantech) (Version: - )
Foxit Reader (HKLM\...\Foxit Reader) (Version: 3.3.0.430 - Foxit Software Company)
GOM Player (HKLM\...\GOM Player) (Version: 2.1.25.5015 - Gretech Corporation)
HDD Temperature v.4 (HKLM\...\{72B6A1F0-EEB1-4E53-87C7-2E3C8A103473}) (Version: 4.0.24 - BinarySense Inc.)
Hotfix für Windows XP (KB2158563) (HKLM\...\KB2158563) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB2443685) (HKLM\...\KB2443685) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB2570791) (HKLM\...\KB2570791) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB2633952) (HKLM\...\KB2633952) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB2756822) (HKLM\...\KB2756822) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB2779562) (HKLM\...\KB2779562) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB979306) (HKLM\...\KB979306) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB981793) (HKLM\...\KB981793) (Version: 1 - Microsoft Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Katawa Shoujo (HKLM\...\Katawa Shoujo) (Version: - )
KeyHoleTV (HKLM\...\KeyHoleTV) (Version: - )
LCARS Terminal 3.0.1 (HKLM\...\LCARS Terminal) (Version: - Nicolas Reimann)
LINE (HKLM\...\LINE) (Version: 3.7.5.98 - LINE Corporation)
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft ActiveSync 3.8 (HKLM\...\Windows CE Services) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MPEG2 Codec(libmpeg2/mad) (HKLM\...\MPEG2 Codec(libmpeg2/mad)) (Version: - )
Notepad++ (HKLM\...\Notepad++) (Version: 5.6.8 - )
OpenOffice.org 3.2 (HKLM\...\{8D1E61D1-1395-4E97-997F-D002DB3A5074}) (Version: 3.2.9502 - OpenOffice.org)
Opera 11.52 (HKLM\...\Opera 11.52.1100) (Version: 11.52.1100 - Opera Software ASA)
Orca (HKLM\...\{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}) (Version: 3.1.3790.0000 - Microsoft Corporation)
Parmen (HKLM\...\Parmen) (Version: - )
PicoZip Recovery Tool 1.02 (HKLM\...\PicoZip Recovery Tool 1.02) (Version: 1.02 - Softchitect)
Pro/ENGINEER Mechanica Release Wildfire 3.0 Datecode M240 (HKLM\...\Pro/ENGINEER Mechanica Release Wildfire 3.0 Datecode M240) (Version: Wildfire 3.0 - PTC)
Pro/ENGINEER Release Wildfire 3.0 Datecode M240 (HKLM\...\Pro/ENGINEER Release Wildfire 3.0 Datecode M240) (Version: Wildfire 3.0 - PTC)
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.7.0 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5612 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.38 - Piriform)
Secure Download Manager (HKLM\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Security Task Manager 1.7 (HKLM\...\Security Task Manager) (Version: 1.7 - Neuber GmbH)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - )
Sicherheitsupdate f・ Windows XP (KB2544893-v2) (HKLM\...\KB2544893-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Microsoft Windows (KB2564958) (HKLM\...\KB2564958) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2378111) (HKLM\...\KB2378111_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2803821) (HKLM\...\KB2803821_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2803821-v2) (HKLM\...\KB2803821-v2_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB952069) (HKLM\...\KB952069_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB954155) (HKLM\...\KB954155_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB968816) (HKLM\...\KB968816_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB973540) (HKLM\...\KB973540_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB975558) (HKLM\...\KB975558_WM8) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB978695) (HKLM\...\KB978695_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB979402) (HKLM\...\KB979402_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2079403) (HKLM\...\KB2079403) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2115168) (HKLM\...\KB2115168) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2121546) (HKLM\...\KB2121546) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2160329) (HKLM\...\KB2160329) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2229593) (HKLM\...\KB2229593) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2259922) (HKLM\...\KB2259922) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2279986) (HKLM\...\KB2279986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2286198) (HKLM\...\KB2286198) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2296011) (HKLM\...\KB2296011) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2296199) (HKLM\...\KB2296199) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2347290) (HKLM\...\KB2347290) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2360937) (HKLM\...\KB2360937) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2387149) (HKLM\...\KB2387149) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2393802) (HKLM\...\KB2393802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2412687) (HKLM\...\KB2412687) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2419632) (HKLM\...\KB2419632) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2423089) (HKLM\...\KB2423089) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2436673) (HKLM\...\KB2436673) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2440591) (HKLM\...\KB2440591) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2443105) (HKLM\...\KB2443105) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2476490) (HKLM\...\KB2476490) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2476687) (HKLM\...\KB2476687) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478960) (HKLM\...\KB2478960) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478971) (HKLM\...\KB2478971) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2479628) (HKLM\...\KB2479628) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2479943) (HKLM\...\KB2479943) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2481109) (HKLM\...\KB2481109) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2483185) (HKLM\...\KB2483185) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2485376) (HKLM\...\KB2485376) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2485663) (HKLM\...\KB2485663) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2503658) (HKLM\...\KB2503658) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2503665) (HKLM\...\KB2503665) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2506212) (HKLM\...\KB2506212) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2506223) (HKLM\...\KB2506223) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2507618) (HKLM\...\KB2507618) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2507938) (HKLM\...\KB2507938) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2508272) (HKLM\...\KB2508272) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2508429) (HKLM\...\KB2508429) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2509553) (HKLM\...\KB2509553) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2510581) (HKLM\...\KB2510581) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2511455) (HKLM\...\KB2511455) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2524375) (HKLM\...\KB2524375) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2535512) (HKLM\...\KB2535512) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2536276) (HKLM\...\KB2536276) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2536276-v2) (HKLM\...\KB2536276-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2544893) (HKLM\...\KB2544893) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2555917) (HKLM\...\KB2555917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2562937) (HKLM\...\KB2562937) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2566454) (HKLM\...\KB2566454) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2567053) (HKLM\...\KB2567053) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2567680) (HKLM\...\KB2567680) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2570222) (HKLM\...\KB2570222) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2570947) (HKLM\...\KB2570947) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2584146) (HKLM\...\KB2584146) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2585542) (HKLM\...\KB2585542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2592799) (HKLM\...\KB2592799) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2598479) (HKLM\...\KB2598479) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2603381) (HKLM\...\KB2603381) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2618451) (HKLM\...\KB2618451) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2619339) (HKLM\...\KB2619339) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2620712) (HKLM\...\KB2620712) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2621440) (HKLM\...\KB2621440) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2624667) (HKLM\...\KB2624667) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2631813) (HKLM\...\KB2631813) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2633171) (HKLM\...\KB2633171) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2639417) (HKLM\...\KB2639417) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2646524) (HKLM\...\KB2646524) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2653956) (HKLM\...\KB2653956) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2655992) (HKLM\...\KB2655992) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2659262) (HKLM\...\KB2659262) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2660465) (HKLM\...\KB2660465) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2661637) (HKLM\...\KB2661637) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2676562) (HKLM\...\KB2676562) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2686509) (HKLM\...\KB2686509) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2691442) (HKLM\...\KB2691442) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2698365) (HKLM\...\KB2698365) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2705219-v2) (HKLM\...\KB2705219-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2712808) (HKLM\...\KB2712808) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2719985) (HKLM\...\KB2719985) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2723135-v2) (HKLM\...\KB2723135-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2724197) (HKLM\...\KB2724197) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2727528) (HKLM\...\KB2727528) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2731847-v2) (HKLM\...\KB2731847-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2753842-v2) (HKLM\...\KB2753842-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2757638) (HKLM\...\KB2757638) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2758857) (HKLM\...\KB2758857) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2770660) (HKLM\...\KB2770660) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2778344) (HKLM\...\KB2778344) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2779030) (HKLM\...\KB2779030) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2780091) (HKLM\...\KB2780091) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2799494) (HKLM\...\KB2799494) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2802968) (HKLM\...\KB2802968) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2808735) (HKLM\...\KB2808735) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813170) (HKLM\...\KB2813170) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820197) (HKLM\...\KB2820197) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2829361) (HKLM\...\KB2829361) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2839229) (HKLM\...\KB2839229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2845187) (HKLM\...\KB2845187) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2849470) (HKLM\...\KB2849470) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850851) (HKLM\...\KB2850851) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868038) (HKLM\...\KB2868038) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876315) (HKLM\...\KB2876315) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2879017) (HKLM\...\KB2879017) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2883150) (HKLM\...\KB2883150) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2884256) (HKLM\...\KB2884256) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893984) (HKLM\...\KB2893984) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898785) (HKLM\...\KB2898785) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2909212) (HKLM\...\KB2909212) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2909921) (HKLM\...\KB2909921) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2936068) (HKLM\...\KB2936068) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2964358) (HKLM\...\KB2964358) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923561) (HKLM\...\KB923561) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923789) (HKLM\...\KB923789) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB946648) (HKLM\...\KB946648) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950760) (HKLM\...\KB950760) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950762) (HKLM\...\KB950762) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950974) (HKLM\...\KB950974) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB951376-v2) (HKLM\...\KB951376-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB951748) (HKLM\...\KB951748) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952004) (HKLM\...\KB952004) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952954) (HKLM\...\KB952954) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB955069) (HKLM\...\KB955069) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956572) (HKLM\...\KB956572) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956744) (HKLM\...\KB956744) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956802) (HKLM\...\KB956802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956803) (HKLM\...\KB956803) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956844) (HKLM\...\KB956844) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB958644) (HKLM\...\KB958644) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB958869) (HKLM\...\KB958869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB959426) (HKLM\...\KB959426) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960225) (HKLM\...\KB960225) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960803) (HKLM\...\KB960803) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960859) (HKLM\...\KB960859) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB961501) (HKLM\...\KB961501) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB969059) (HKLM\...\KB969059) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB969947) (HKLM\...\KB969947) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB970238) (HKLM\...\KB970238) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB971468) (HKLM\...\KB971468) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB971657) (HKLM\...\KB971657) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB971961) (HKLM\...\KB971961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB972270) (HKLM\...\KB972270) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973507) (HKLM\...\KB973507) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973869) (HKLM\...\KB973869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973904) (HKLM\...\KB973904) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974112) (HKLM\...\KB974112) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974318) (HKLM\...\KB974318) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974392) (HKLM\...\KB974392) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974571) (HKLM\...\KB974571) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975025) (HKLM\...\KB975025) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975467) (HKLM\...\KB975467) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975560) (HKLM\...\KB975560) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975561) (HKLM\...\KB975561) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975562) (HKLM\...\KB975562) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975713) (HKLM\...\KB975713) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977816) (HKLM\...\KB977816) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977914) (HKLM\...\KB977914) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978037) (HKLM\...\KB978037) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978262) (HKLM\...\KB978262) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978338) (HKLM\...\KB978338) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978542) (HKLM\...\KB978542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978601) (HKLM\...\KB978601) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978706) (HKLM\...\KB978706) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979309) (HKLM\...\KB979309) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979482) (HKLM\...\KB979482) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979559) (HKLM\...\KB979559) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979683) (HKLM\...\KB979683) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979687) (HKLM\...\KB979687) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB980195) (HKLM\...\KB980195) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB980218) (HKLM\...\KB980218) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB980232) (HKLM\...\KB980232) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB980436) (HKLM\...\KB980436) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981322) (HKLM\...\KB981322) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981349) (HKLM\...\KB981349) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981852) (HKLM\...\KB981852) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981957) (HKLM\...\KB981957) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981997) (HKLM\...\KB981997) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982132) (HKLM\...\KB982132) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982214) (HKLM\...\KB982214) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982665) (HKLM\...\KB982665) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982802) (HKLM\...\KB982802) (Version: 1 - Microsoft Corporation)
Skype™ 3.8 (HKLM\...\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}) (Version: 3.8.188 - Skype Technologies S.A.)
Super Hybrid Engine (HKLM\...\{0990B5DF-92C3-4AD6-A18D-BF3ADF311240}) (Version: 1.03 - ASUS)
Update f・ Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update für Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update für Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB980182) (HKLM\...\KB980182) (Version: 1 - Microsoft Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.5500 - WIDCOMM, Inc.)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - )
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
xp-AntiSpy 3.97-9 (HKLM\...\xp-AntiSpy) (Version: - Christian Taubenheim)
ZBar Bar Code Reader (HKLM\...\ZBar) (Version: 0.10 - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-507921405-1708537768-515967899-500_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Programme\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-507921405-1708537768-515967899-500_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Programme\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-507921405-1708537768-515967899-500_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Programme\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-507921405-1708537768-515967899-500_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Programme\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-507921405-1708537768-515967899-500_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Programme\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-507921405-1708537768-515967899-500_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Programme\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2010-05-09 23:02 - 2008-04-14 16:00 - 00000820 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) =============
2013-07-01 10:21 - 2013-07-01 10:21 - 00772408 _____ () C:\Programme\ShrewSoft\VPN Client\iked.exe
2013-07-01 01:16 - 2013-07-01 01:16 - 00438272 _____ () C:\Programme\ShrewSoft\VPN Client\libike.dll
2013-07-01 01:15 - 2013-07-01 01:15 - 00016384 _____ () C:\Programme\ShrewSoft\VPN Client\libidb.dll
2013-07-01 01:15 - 2013-07-01 01:15 - 00014848 _____ () C:\Programme\ShrewSoft\VPN Client\libith.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00030208 _____ () C:\Programme\ShrewSoft\VPN Client\libvnet.dll
2013-07-01 01:16 - 2013-07-01 01:16 - 00010752 _____ () C:\Programme\ShrewSoft\VPN Client\liblog.dll
2013-07-01 01:16 - 2013-07-01 01:16 - 00102400 _____ () C:\Programme\ShrewSoft\VPN Client\libip.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00024576 _____ () C:\Programme\ShrewSoft\VPN Client\libpfk.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00014848 _____ () C:\Programme\ShrewSoft\VPN Client\libdtp.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00026624 _____ () C:\Programme\ShrewSoft\VPN Client\libvflt.dll
2013-07-01 10:21 - 2013-07-01 10:21 - 00544400 _____ () C:\Programme\ShrewSoft\VPN Client\ipsecd.exe
2008-01-29 15:03 - 2008-01-29 15:03 - 00040960 _____ () C:\Programme\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-05-09 23:03 - 2008-04-14 16:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2010-05-12 20:28 - 2010-03-15 11:28 - 00141824 _____ () C:\Programme\WinRAR\rarext.dll
2009-11-04 02:14 - 2009-11-04 02:14 - 00054272 _____ () C:\Programme\Notepad++\NppShell_01.dll
2008-01-29 15:05 - 2008-01-29 15:05 - 02842624 _____ () C:\WINDOWS\system32\btwicons.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E8BE05FA
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: HDDtemp4 => C:\Programme\BinarySense\HDDTemp4\\hddtemp4 /minimized
MSCONFIG\startupreg: Microsoft(R) System Manager => C:\WINDOWS\system32\bc17f9.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/20/2014 01:31:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung frst.exe, Version 12.9.2014.0, fehlgeschlagenes Modul frst.exe, Version 12.9.2014.0, Fehleradresse 0x0001efa4.
Das medienspezifische Ereignis für [frst.exe!ws!] wird verarbeitet.
Error: (09/15/2014 09:02:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung skype.exe, Version 3.8.0.188, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0001168b.
Das medienspezifische Ereignis für [skype.exe!ws!] wird verarbeitet.
Error: (07/12/2014 11:16:00 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (07/12/2014 11:15:59 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (07/12/2014 11:15:59 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (07/12/2014 11:15:59 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (02/24/2014 00:09:00 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuauclt (13032) Versuch, in Datei "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" bei Offset 8192 (0x0000000000002000) für 57344 (0x0000e000) Bytes zu schreiben, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.
Error: (02/24/2014 00:08:59 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuauclt (5112) Versuch, in Datei "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" bei Offset 8192 (0x0000000000002000) für 57344 (0x0000e000) Bytes zu schreiben, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.
Error: (02/24/2014 00:08:58 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuauclt (9452) Versuch, in Datei "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" bei Offset 8192 (0x0000000000002000) für 57344 (0x0000e000) Bytes zu schreiben, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.
Error: (02/24/2014 00:08:58 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuauclt (16184) Versuch, in Datei "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" bei Offset 8192 (0x0000000000002000) für 57344 (0x0000e000) Bytes zu schreiben, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.
System errors:
=============
Error: (09/20/2014 01:27:08 PM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: Der Registrierungsschlüssel "wuauserv" hat den Zugriff für SYSTEM-Kontoprogramme verweigert. Der Dienststeuerungs-Manager hat daher den Besitz des Registrierungsschlüssels übernommen.
Error: (09/19/2014 08:06:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (09/19/2014 07:54:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (09/19/2014 07:06:42 PM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: Der Registrierungsschlüssel "syshost32" hat den Zugriff für SYSTEM-Kontoprogramme verweigert. Der Dienststeuerungs-Manager hat daher den Besitz des Registrierungsschlüssels übernommen.
Error: (09/19/2014 07:06:42 PM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: Der Registrierungsschlüssel "wuauserv" hat den Zugriff für SYSTEM-Kontoprogramme verweigert. Der Dienststeuerungs-Manager hat daher den Besitz des Registrierungsschlüssels übernommen.
Error: (09/19/2014 07:06:42 PM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: Der Registrierungsschlüssel "BITS" hat den Zugriff für SYSTEM-Kontoprogramme verweigert. Der Dienststeuerungs-Manager hat daher den Besitz des Registrierungsschlüssels übernommen.
Error: (09/19/2014 06:44:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "syshost32" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/19/2014 06:44:48 PM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: Der Registrierungsschlüssel "syshost32" hat den Zugriff für SYSTEM-Kontoprogramme verweigert. Der Dienststeuerungs-Manager hat daher den Besitz des Registrierungsschlüssels übernommen.
Error: (09/19/2014 06:44:42 PM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: Der Registrierungsschlüssel "syshost32" hat den Zugriff für SYSTEM-Kontoprogramme verweigert. Der Dienststeuerungs-Manager hat daher den Besitz des Registrierungsschlüssels übernommen.
Error: (09/19/2014 06:44:42 PM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: Der Registrierungsschlüssel "syshost32" hat den Zugriff für SYSTEM-Kontoprogramme verweigert. Der Dienststeuerungs-Manager hat daher den Besitz des Registrierungsschlüssels übernommen.
Microsoft Office Sessions:
=========================
Error: (09/20/2014 01:31:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst.exe12.9.2014.0frst.exe12.9.2014.00001efa4
Error: (09/15/2014 09:02:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: skype.exe3.8.0.188ntdll.dll5.1.2600.60550001168b
Error: (07/12/2014 11:16:00 PM) (Source: crypt32) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (07/12/2014 11:15:59 PM) (Source: crypt32) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (07/12/2014 11:15:59 PM) (Source: crypt32) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (07/12/2014 11:15:59 PM) (Source: crypt32) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (02/24/2014 00:09:00 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuauclt13032C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb8192 (0x0000000000002000)57344 (0x0000e000)-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.
Error: (02/24/2014 00:08:59 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuauclt5112C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb8192 (0x0000000000002000)57344 (0x0000e000)-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.
Error: (02/24/2014 00:08:58 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuauclt9452C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb8192 (0x0000000000002000)57344 (0x0000e000)-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.
Error: (02/24/2014 00:08:58 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuauclt16184C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb8192 (0x0000000000002000)57344 (0x0000e000)-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.
==================== Memory info ===========================
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Percentage of memory in use: 46%
Total physical RAM: 1015.17 MB
Available physical RAM: 548.14 MB
Total Pagefile: 2442.01 MB
Available Pagefile: 2016.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.03 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:149.04 GB) (Free:59.98 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: () (Removable) (Total:0.48 GB) (Free:0.32 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: D300DA08)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8 MB) - (Type=EF)
========================================================
Disk: 1 (Size: 488.5 MB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
//interessant: system errors GMER Beim Start die Meldung Code:
ATTFilter LoadDriver("C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\uwtdapow.sys") error 0xC0000001: Ein dauerhafter Unterschlüssel kann nicht unter einem temporären übergeordneten Schlüssel erstellt werden.
GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-20 14:16:58
Windows 5.1.2600 Service Pack 3
Running: 1my2yt82.exe
---- Services - GMER 2.1 ----
Service C:\WINDOWS\System32\Drivers\6cb4f0b1c715c25e.sys (*** hidden *** ) [BOOT] 6cb4f0b1c715c25e <-- ROOTKIT !!!
Service C:\WINDOWS\Installer\{B2383C33-D063-4B80-83DA-6A48639A34A9}\syshost.exe (*** hidden *** ) [AUTO] syshost32 <-- ROOTKIT !!!
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\6cb4f0b1c715c25e@ImagePath \SystemRoot\System32\Drivers\6cb4f0b1c715c25e.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\6cb4f0b1c715c25e@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\6cb4f0b1c715c25e@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\6cb4f0b1c715c25e@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\6cb4f0b1c715c25e@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\6cb4f0b1c715c25e@Tag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\6cb4f0b1c715c25e@DisplayName syshost.exe
Reg HKLM\SYSTEM\CurrentControlSet\Services\6cb4f0b1c715c25e
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC6 0xC8 0x0D 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0x7B 0xCE 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0x9E 0x48 0x14 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\syshost32@Type 16
Reg HKLM\SYSTEM\CurrentControlSet\Services\syshost32@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\syshost32@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\syshost32@ImagePath "C:\WINDOWS\Installer\{B2383C33-D063-4B80-83DA-6A48639A34A9}\syshost.exe" /service
Reg HKLM\SYSTEM\CurrentControlSet\Services\syshost32@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\syshost32\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\syshost32\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\syshost32
---- EOF - GMER 2.1 ----
Wärend GMER gelaufen ist hat sich ProcessExplorer mit nem Fehler verabschiedet, aber den hätte ich vorher wohl auch ausmachen sollen *lalala* Wegen 6cb4f... habe ich noch nichts unternommen. Einen Neustart habe ich in dieser Woche seit der Prozess gestartet wurde nie durchgeführt (Laptop, das immer nur in den Standby gesetzt wird) Bitte sagt mir, dass das nur ein blöder Botnet Trojaner ist. Ich hasse es Rechner neu aufzusetzen. Was mir nachträglich noch aufgefallen ist: Zeitweise verursacht SHLWAPI.ddl (ausgeführt unter explorer.exe) sehr hohe Auslastungen Ich danke schoneinmal für die Hilfe |
|
20.09.2014, 13:24
| #2 | |
| /// TB-Ausbilder   | syshost.exe trojaner/rootkit Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter. Nichts mehr auf eigene Faust unternehmen! Wir beginnen so: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
|
20.09.2014, 13:39
| #3 |
| | syshost.exe trojaner/rootkit Hallo Matthias,
__________________tdsskiller wünscht von mir einen Reboot "Extended monitoring driver is required for more advanced threats detection" Ist das soweit sicher, ohne das sich etwas eventuell noch tiefer ins System eingräbt? |
|
20.09.2014, 15:28
| #4 | |
| /// TB-Ausbilder | syshost.exe trojaner/rootkitZitat:
|
|
20.09.2014, 17:06
| #5 | |
| | syshost.exe trojaner/rootkitZitat:
Den Scan habe ich jetzt aus dem abgesicherten Modus heraus gemacht 6cb4f0b1c715c25e plus ein paar unsigned asus treiber Code:
ATTFilter 17:54:00.0703 0x0418 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
17:54:04.0546 0x0418 ============================================================
17:54:04.0546 0x0418 Current date / time: 2014/09/20 17:54:04.0546
17:54:04.0546 0x0418 SystemInfo:
17:54:04.0546 0x0418
17:54:04.0546 0x0418 OS Version: 5.1.2600 ServicePack: 3.0
17:54:04.0546 0x0418 Product type: Workstation
17:54:04.0546 0x0418 ComputerName: EEE-PC
17:54:04.0546 0x0418 UserName: Administrator
17:54:04.0546 0x0418 Windows directory: C:\WINDOWS
17:54:04.0546 0x0418 System windows directory: C:\WINDOWS
17:54:04.0546 0x0418 Processor architecture: Intel x86
17:54:04.0546 0x0418 Number of processors: 2
17:54:04.0546 0x0418 Page size: 0x1000
17:54:04.0546 0x0418 Boot type: Safe boot
17:54:04.0546 0x0418 ============================================================
17:54:04.0546 0x0418 BG loaded
17:54:06.0250 0x0418 System UUID: {86D107B0-7E38-3615-BAD1-DDFD9EE692D5}
17:54:10.0546 0x0418 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
17:54:10.0546 0x0418 ============================================================
17:54:10.0546 0x0418 \Device\Harddisk0\DR0:
17:54:10.0546 0x0418 MBR partitions:
17:54:10.0546 0x0418 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
17:54:10.0546 0x0418 ============================================================
17:54:10.0593 0x0418 C: <-> \Device\Harddisk0\DR0\Partition1
17:54:10.0593 0x0418 ============================================================
17:54:10.0593 0x0418 Initialize success
17:54:10.0593 0x0418 ============================================================
17:54:46.0453 0x0438 ============================================================
17:54:46.0453 0x0438 Scan started
17:54:46.0453 0x0438 Mode: Manual; SigCheck; TDLFS;
17:54:46.0453 0x0438 ============================================================
17:54:46.0453 0x0438 KSN ping started
17:54:47.0390 0x0438 KSN ping finished: false
17:54:52.0890 0x0438 ================ Scan system memory ========================
17:54:52.0890 0x0438 System memory - ok
17:54:52.0890 0x0438 ================ Scan services =============================
17:54:52.0953 0x0438 Suspicious service (NoAccess): 6cb4f0b1c715c25e
17:54:53.0484 0x0438 [ 5A553543948F966FF1E5E8D5300F4BFB, 1A5C2E2DEAAE8DDBF051970A27707B12286A425A142F08F071A03DEBE3F54D21 ] 6cb4f0b1c715c25e C:\WINDOWS\System32\Drivers\6cb4f0b1c715c25e.sys
17:54:53.0484 0x0438 Suspicious file ( NoAccess ): C:\WINDOWS\System32\Drivers\6cb4f0b1c715c25e.sys. md5: 5A553543948F966FF1E5E8D5300F4BFB, sha256: 1A5C2E2DEAAE8DDBF051970A27707B12286A425A142F08F071A03DEBE3F54D21
17:54:55.0734 0x0438 6cb4f0b1c715c25e - detected Rootkit.Win32.Necurs.gen ( 0 )
17:54:56.0390 0x0438 6cb4f0b1c715c25e ( Rootkit.Win32.Necurs.gen ) - infected
17:54:56.0390 0x0438 Force sending object to P2P due to detect: 6cb4f0b1c715c25e
17:54:56.0406 0x0438 Object send P2P result: false
17:54:56.0421 0x0438 Abiosdsk - ok
17:54:56.0453 0x0438 abp480n5 - ok
17:54:56.0671 0x0438 [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:55:02.0500 0x0438 ACPI - ok
17:55:02.0562 0x0438 [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:55:02.0843 0x0438 ACPIEC - ok
17:55:02.0859 0x0438 adpu160m - ok
17:55:03.0031 0x0438 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:55:03.0437 0x0438 aec - ok
17:55:03.0578 0x0438 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:55:03.0796 0x0438 AFD - ok
17:55:03.0812 0x0438 Aha154x - ok
17:55:03.0843 0x0438 aic78u2 - ok
17:55:03.0875 0x0438 aic78xx - ok
17:55:03.0953 0x0438 [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:55:04.0250 0x0438 Alerter - ok
17:55:04.0328 0x0438 [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG C:\WINDOWS\System32\alg.exe
17:55:04.0484 0x0438 ALG - ok
17:55:04.0500 0x0438 AliIde - ok
17:55:04.0531 0x0438 amsint - ok
17:55:04.0734 0x0438 [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:55:05.0015 0x0438 AppMgmt - ok
17:55:05.0031 0x0438 asc - ok
17:55:05.0046 0x0438 asc3350p - ok
17:55:05.0078 0x0438 asc3550 - ok
17:55:05.0250 0x0438 aspnet_state - ok
17:55:05.0328 0x0438 [ 12415A4B61DED200FE9932B47A35FA42, EA9D32CCD98990F6F20412F919B0477D63771E631755CC593E2CD9B8D70A8E25 ] AsusACPI C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
17:55:05.0421 0x0438 AsusACPI - ok
17:55:05.0468 0x0438 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:55:05.0765 0x0438 AsyncMac - ok
17:55:05.0890 0x0438 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:55:06.0156 0x0438 atapi - ok
17:55:06.0187 0x0438 Atdisk - ok
17:55:06.0296 0x0438 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:55:06.0593 0x0438 Atmarpc - ok
17:55:06.0687 0x0438 [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:55:06.0984 0x0438 AudioSrv - ok
17:55:07.0062 0x0438 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:55:07.0312 0x0438 audstub - ok
17:55:07.0421 0x0438 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:55:07.0703 0x0438 Beep - ok
17:55:08.0015 0x0438 [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS C:\WINDOWS\system32\qmgr.dll
17:55:08.0875 0x0438 BITS - ok
17:55:09.0000 0x0438 [ F934D1B230F84E1D19DD00AC5A7A83ED, 32CD3A7A1F06DCCE2A4D9FA6E2AE7B3E2B57FA2D5F1C74EA79D72E5E0E352E60 ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
17:55:09.0187 0x0438 Bridge - ok
17:55:09.0312 0x0438 [ F934D1B230F84E1D19DD00AC5A7A83ED, 32CD3A7A1F06DCCE2A4D9FA6E2AE7B3E2B57FA2D5F1C74EA79D72E5E0E352E60 ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
17:55:09.0437 0x0438 BridgeMP - ok
17:55:09.0578 0x0438 [ B71549F23736ADF83A571061C47777FD, A1D0320736EE777030A543DCA086367EB5A5B6F95088B9C22D8E09326C3A39A9 ] Browser C:\WINDOWS\System32\browser.dll
17:55:09.0859 0x0438 Browser - ok
17:55:10.0296 0x0438 [ B6E16DA77EAFE84A8C5BC44784FEEAEA, 5E891966A09ACFB6DAA5E9468F8FEA9814F921FA1C15CF9F5487D730295BDA5D ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
17:55:11.0593 0x0438 btaudio - ok
17:55:11.0703 0x0438 [ 58A49BD10E08D3D4333A60DEDCB1CED8, 2110462BDD51BCEB661C089376E60E5ECE5F5908CF80A09035190529C9F306A4 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
17:55:11.0812 0x0438 BTDriver - ok
17:55:12.0421 0x0438 [ EF5E0DE0A7CA2977A9255F36F4D915AB, ECF2445200CDF6379ABE0BDA0CDDC4D9FF94CC34D652AD536E34C1AEB576B710 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
17:55:13.0593 0x0438 BTKRNL - ok
17:55:13.0937 0x0438 [ FAC8968CE8EFBC0E418FC978A1F174D9, EAA53AA5C5CCF4DC0A84CBADE48F7732C8682F2B374A4ADCD97766AC54AF2D14 ] btwdins C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
17:55:14.0187 0x0438 btwdins - ok
17:55:14.0312 0x0438 [ 80F61DE965C116051614AC2F04222FF7, 010201E19B96DA3937C168051205728AF47FA96C89D1553F1F67739227B086E5 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
17:55:14.0484 0x0438 BTWDNDIS - ok
17:55:14.0562 0x0438 [ E48668B4A6A5CF68B33AECAD18EE8E1E, CC190DCED4B71FDCC113E90B4FCAC4975830C6C86C04F9CDDF2C4E9F2661AA30 ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
17:55:14.0656 0x0438 btwhid - ok
17:55:14.0750 0x0438 [ 8BCD7BFE9C70A8FF7444263435B18AA1, CD260090E88D75C5F277403075FA43BA71166E9C65B9ECD3E2D767E67D92374D ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
17:55:14.0828 0x0438 btwmodem - ok
17:55:14.0921 0x0438 [ 053DC5BE74621B63BB48C2B86BAFC7B0, 0BF9810CBB7D94DE00A2153DCF0649BC0A27CDBAF76412E61696083C54189778 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
17:55:15.0046 0x0438 BTWUSB - ok
17:55:15.0109 0x0438 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:55:15.0375 0x0438 cbidf2k - ok
17:55:15.0468 0x0438 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:55:15.0812 0x0438 CCDECODE - ok
17:55:15.0828 0x0438 cd20xrnt - ok
17:55:15.0906 0x0438 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:55:16.0187 0x0438 Cdaudio - ok
17:55:16.0312 0x0438 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:55:16.0625 0x0438 Cdfs - ok
17:55:16.0750 0x0438 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:55:17.0031 0x0438 Cdrom - ok
17:55:17.0046 0x0438 Changer - ok
17:55:17.0140 0x0438 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:55:17.0421 0x0438 CiSvc - ok
17:55:17.0531 0x0438 [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:55:17.0859 0x0438 ClipSrv - ok
17:55:17.0953 0x0438 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:55:18.0218 0x0438 CmBatt - ok
17:55:18.0234 0x0438 CmdIde - ok
17:55:18.0343 0x0438 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:55:18.0625 0x0438 Compbatt - ok
17:55:18.0640 0x0438 COMSysApp - ok
17:55:18.0703 0x0438 Cpqarray - ok
17:55:18.0796 0x0438 [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:55:19.0046 0x0438 CryptSvc - ok
17:55:19.0062 0x0438 dac2w2k - ok
17:55:19.0093 0x0438 dac960nt - ok
17:55:19.0437 0x0438 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:55:19.0734 0x0438 DcomLaunch - ok
17:55:19.0906 0x0438 [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:55:20.0187 0x0438 Dhcp - ok
17:55:20.0265 0x0438 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:55:20.0578 0x0438 Disk - ok
17:55:20.0593 0x0438 dmadmin - ok
17:55:21.0218 0x0438 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:55:22.0390 0x0438 dmboot - ok
17:55:22.0578 0x0438 [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:55:22.0984 0x0438 dmio - ok
17:55:23.0062 0x0438 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:55:23.0343 0x0438 dmload - ok
17:55:23.0421 0x0438 [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:55:23.0687 0x0438 dmserver - ok
17:55:23.0796 0x0438 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:55:24.0109 0x0438 DMusic - ok
17:55:24.0234 0x0438 [ 407F3227AC618FD1CA54B335B083DE07, 96B8E734648FE9A4EBA59C096C8779BD1A11A93A6303AFD438A406C8122D36C6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:55:24.0390 0x0438 Dnscache - ok
17:55:24.0515 0x0438 [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:55:24.0953 0x0438 Dot3svc - ok
17:55:24.0968 0x0438 dpti2o - ok
17:55:25.0046 0x0438 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:55:25.0296 0x0438 drmkaud - ok
17:55:25.0406 0x0438 [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:55:25.0718 0x0438 EapHost - ok
17:55:25.0796 0x0438 [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:55:26.0109 0x0438 ERSvc - ok
17:55:26.0265 0x0438 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] Eventlog C:\WINDOWS\system32\services.exe
17:55:26.0328 0x0438 Eventlog - ok
17:55:26.0562 0x0438 [ AF4F6B5739D18CA7972AB53E091CBC74, A399E2CC026730D3A429727AAB48093B9F1E5DD8EB6336519C7F16182FDB3905 ] EventSystem C:\WINDOWS\system32\es.dll
17:55:26.0703 0x0438 EventSystem - ok
17:55:26.0859 0x0438 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:55:27.0234 0x0438 Fastfat - ok
17:55:27.0406 0x0438 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:55:27.0500 0x0438 FastUserSwitchingCompatibility - ok
17:55:27.0578 0x0438 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
17:55:27.0843 0x0438 Fdc - ok
17:55:27.0906 0x0438 [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:55:28.0234 0x0438 Fips - ok
17:55:28.0312 0x0438 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:55:28.0578 0x0438 Flpydisk - ok
17:55:28.0750 0x0438 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:55:29.0140 0x0438 FltMgr - ok
17:55:29.0250 0x0438 [ 1F943241F4963CD51E5F61C93D3F45C7, 79762E040ABB6D22921150F9987F9FD999EE2CAA7D1BFB2EC6482A1BFE1F907E ] FsVga C:\WINDOWS\system32\DRIVERS\fsvga.sys
17:55:29.0500 0x0438 FsVga - ok
17:55:29.0562 0x0438 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:55:29.0859 0x0438 Fs_Rec - ok
17:55:30.0000 0x0438 [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:55:30.0343 0x0438 Ftdisk - ok
17:55:30.0453 0x0438 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:55:30.0765 0x0438 Gpc - ok
17:55:30.0953 0x0438 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:55:31.0234 0x0438 HDAudBus - ok
17:55:31.0484 0x0438 [ 9AE4747663A6C62F6FFE0B991A0F531A, 1D92011CDD97AB6DFDB71F72FB79A6332B4F2BFDE92AAC874982E6B33F557CBE ] HDD & SSD access service C:\Programme\Gemeinsame Dateien\BinarySense\disksvc.exe
17:55:31.0640 0x0438 HDD & SSD access service - detected UnsignedFile.Multi.Generic ( 1 )
17:55:31.0640 0x0438 HDD & SSD access service ( UnsignedFile.Multi.Generic ) - warning
17:55:31.0765 0x0438 [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:55:32.0062 0x0438 helpsvc - ok
17:55:32.0156 0x0438 [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:55:32.0453 0x0438 HidServ - ok
17:55:32.0531 0x0438 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:55:32.0796 0x0438 HidUsb - ok
17:55:32.0890 0x0438 [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:55:33.0203 0x0438 hkmsvc - ok
17:55:33.0218 0x0438 hpn - ok
17:55:33.0500 0x0438 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:55:33.0781 0x0438 HTTP - ok
17:55:33.0843 0x0438 [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:55:34.0140 0x0438 HTTPFilter - ok
17:55:34.0156 0x0438 i2omgmt - ok
17:55:34.0187 0x0438 i2omp - ok
17:55:34.0328 0x0438 [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:55:34.0593 0x0438 i8042prt - ok
17:55:38.0781 0x0438 [ 0F68E2EC713F132FFB19E45415B09679, B1439A5D157F9FF54E803581D2B86411DB079242D837617021A4A0BC195E67BB ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:55:46.0546 0x0438 ialm - ok
17:55:46.0640 0x0438 iked - ok
17:55:46.0687 0x0438 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:55:46.0968 0x0438 Imapi - ok
17:55:47.0125 0x0438 [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:55:47.0484 0x0438 ImapiService - ok
17:55:47.0515 0x0438 ini910u - ok
17:55:50.0734 0x0438 [ 45FFC97A47248550E799DA5EB5DCA6A1, 7AB9D6CBB3C614F23B69031D500483450F3710FBB2C7C6FF62A6F492B7810235 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:55:57.0000 0x0438 IntcAzAudAddService - ok
17:55:57.0046 0x0438 IntelIde - ok
17:55:57.0125 0x0438 [ 4C7D2750158ED6E7AD642D97BFFAE351, C05E4799752F090DCB632F07F62ADE38D31534621064D269AD535CA0BDFED448 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:55:57.0421 0x0438 intelppm - ok
17:55:57.0515 0x0438 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:55:57.0828 0x0438 Ip6Fw - ok
17:55:57.0906 0x0438 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:55:58.0187 0x0438 IpFilterDriver - ok
17:55:58.0281 0x0438 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:55:58.0546 0x0438 IpInIp - ok
17:55:58.0734 0x0438 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:55:59.0156 0x0438 IpNat - ok
17:55:59.0296 0x0438 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:55:59.0609 0x0438 IPSec - ok
17:55:59.0625 0x0438 ipsecd - ok
17:55:59.0734 0x0438 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:55:59.0875 0x0438 IRENUM - ok
17:56:00.0000 0x0438 [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:56:00.0296 0x0438 isapnp - ok
17:56:00.0609 0x0438 [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
17:56:00.0796 0x0438 JavaQuickStarterService - ok
17:56:00.0875 0x0438 [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:56:01.0140 0x0438 Kbdclass - ok
17:56:01.0250 0x0438 [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:56:01.0515 0x0438 kbdhid - ok
17:56:01.0671 0x0438 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:56:02.0078 0x0438 kmixer - ok
17:56:02.0187 0x0438 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:56:02.0406 0x0438 KSecDD - ok
17:56:02.0515 0x0438 [ 85B6D85C044E3DF77E92B5A7B265008F, 1068FE42D23BA26DAF73EF2BAAD19ED9B3781F7BB89799C28EEE2F13A766807B ] Ktp C:\WINDOWS\system32\DRIVERS\ETD.sys
17:56:02.0625 0x0438 Ktp - ok
17:56:02.0703 0x0438 [ 303627228DD739D98289679901A38C8F, 2E2C249CDD0C1D04EF4EC03DD5EF1984DD74FC66253BBDA553FB30FAA8173F60 ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
17:56:02.0796 0x0438 L1e - ok
17:56:02.0921 0x0438 [ 2BBDCB79900990F0716DFCB714E72DE7, 6283789201164A9254632D9A3C8A54FE697717D5F8D5A37804D924DC2B70C8E3 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
17:56:03.0140 0x0438 LanmanServer - ok
17:56:03.0281 0x0438 [ 1869B14B06B44B44AF70548E1EA3303F, 4D63B4DAF580C86F86837C7D1753E2105B4C52E26D4CA0CAAFE83755EFF7AFBE ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:56:03.0453 0x0438 lanmanworkstation - ok
17:56:03.0484 0x0438 lbrtfdc - ok
17:56:03.0609 0x0438 [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:56:03.0921 0x0438 LmHosts - ok
17:56:04.0015 0x0438 [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:56:04.0312 0x0438 Messenger - ok
17:56:04.0406 0x0438 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:56:04.0656 0x0438 mnmdd - ok
17:56:04.0796 0x0438 [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:56:05.0093 0x0438 mnmsrvc - ok
17:56:05.0171 0x0438 [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:56:05.0468 0x0438 Modem - ok
17:56:05.0546 0x0438 [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:56:05.0828 0x0438 Mouclass - ok
17:56:05.0906 0x0438 [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:56:06.0171 0x0438 mouhid - ok
17:56:06.0250 0x0438 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:56:06.0531 0x0438 MountMgr - ok
17:56:06.0562 0x0438 mraid35x - ok
17:56:06.0781 0x0438 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:56:07.0187 0x0438 MRxDAV - ok
17:56:07.0562 0x0438 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:56:08.0187 0x0438 MRxSmb - ok
17:56:08.0265 0x0438 [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:56:08.0531 0x0438 MSDTC - ok
17:56:08.0640 0x0438 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:56:08.0890 0x0438 Msfs - ok
17:56:08.0906 0x0438 MSIServer - ok
17:56:08.0984 0x0438 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:56:09.0234 0x0438 MSKSSRV - ok
17:56:09.0328 0x0438 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:56:09.0578 0x0438 MSPCLOCK - ok
17:56:09.0640 0x0438 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:56:09.0937 0x0438 MSPQM - ok
17:56:10.0031 0x0438 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:56:10.0265 0x0438 mssmbios - ok
17:56:10.0359 0x0438 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:56:10.0609 0x0438 MSTEE - ok
17:56:10.0781 0x0438 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:56:10.0937 0x0438 Mup - ok
17:56:11.0031 0x0438 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:56:11.0343 0x0438 NABTSFEC - ok
17:56:11.0640 0x0438 [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:56:12.0109 0x0438 napagent - ok
17:56:12.0281 0x0438 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:56:12.0703 0x0438 NDIS - ok
17:56:12.0765 0x0438 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:56:13.0015 0x0438 NdisIP - ok
17:56:13.0109 0x0438 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:56:13.0203 0x0438 NdisTapi - ok
17:56:13.0281 0x0438 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:56:13.0562 0x0438 Ndisuio - ok
17:56:13.0671 0x0438 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:56:14.0015 0x0438 NdisWan - ok
17:56:14.0140 0x0438 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:56:14.0234 0x0438 NDProxy - ok
17:56:14.0296 0x0438 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:56:14.0609 0x0438 NetBIOS - ok
17:56:14.0765 0x0438 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:56:15.0171 0x0438 NetBT - ok
17:56:15.0328 0x0438 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE C:\WINDOWS\system32\netdde.exe
17:56:15.0687 0x0438 NetDDE - ok
17:56:15.0859 0x0438 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:56:16.0125 0x0438 NetDDEdsdm - ok
17:56:16.0250 0x0438 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:56:16.0531 0x0438 Netlogon - ok
17:56:16.0718 0x0438 [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman C:\WINDOWS\System32\netman.dll
17:56:17.0171 0x0438 Netman - ok
17:56:17.0421 0x0438 [ F1B67B6B0751AE0E6E964B02821206A3, 3D5A7593ABDEE2047C5738671C85DC8B95A4ECF58D5D7B04EEE13A689839A540 ] Nla C:\WINDOWS\System32\mswsock.dll
17:56:17.0515 0x0438 Nla - ok
17:56:17.0578 0x0438 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:56:17.0843 0x0438 Npfs - ok
17:56:18.0281 0x0438 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:56:19.0093 0x0438 Ntfs - ok
17:56:19.0171 0x0438 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:56:19.0421 0x0438 NtLmSsp - ok
17:56:19.0781 0x0438 [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:56:20.0515 0x0438 NtmsSvc - ok
17:56:20.0578 0x0438 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
17:56:20.0859 0x0438 Null - ok
17:56:20.0906 0x0438 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:56:21.0171 0x0438 NwlnkFlt - ok
17:56:21.0265 0x0438 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:56:21.0546 0x0438 NwlnkFwd - ok
17:56:21.0640 0x0438 [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
17:56:21.0953 0x0438 Parport - ok
17:56:22.0015 0x0438 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:56:22.0281 0x0438 PartMgr - ok
17:56:22.0359 0x0438 [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:56:22.0609 0x0438 ParVdm - ok
17:56:22.0734 0x0438 [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:56:23.0062 0x0438 PCI - ok
17:56:23.0078 0x0438 PCIDump - ok
17:56:23.0109 0x0438 [ 59BA86D9A61CBCF4DF8E598C331F5B82, 822D11C5CE77BFD7B2F25350CCBF92B0B9388EEA6D86ED220B768C720976D839 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:56:23.0390 0x0438 PCIIde - ok
17:56:23.0546 0x0438 [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:56:23.0937 0x0438 Pcmcia - ok
17:56:23.0953 0x0438 PDCOMP - ok
17:56:23.0984 0x0438 PDFRAME - ok
17:56:24.0015 0x0438 PDRELI - ok
17:56:24.0046 0x0438 PDRFRAME - ok
17:56:24.0078 0x0438 perc2 - ok
17:56:24.0109 0x0438 perc2hib - ok
17:56:24.0312 0x0438 [ F5ED2F15364B1F58C8B392F43167058F, 62B6DD86708AA2A9FC183C3493C93AAC024E58C36837D095E18DD871F0291079 ] pflt C:\WINDOWS\system32\DRIVERS\vfilter.sys
17:56:24.0421 0x0438 pflt - ok
17:56:24.0531 0x0438 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] PlugPlay C:\WINDOWS\system32\services.exe
17:56:24.0593 0x0438 PlugPlay - ok
17:56:24.0625 0x0438 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:56:24.0890 0x0438 PolicyAgent - ok
17:56:24.0968 0x0438 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:56:25.0281 0x0438 PptpMiniport - ok
17:56:25.0343 0x0438 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:56:25.0593 0x0438 ProtectedStorage - ok
17:56:25.0703 0x0438 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:56:26.0046 0x0438 PSched - ok
17:56:26.0078 0x0438 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:56:26.0390 0x0438 Ptilink - ok
17:56:26.0406 0x0438 ql1080 - ok
17:56:26.0437 0x0438 Ql10wnt - ok
17:56:26.0468 0x0438 ql12160 - ok
17:56:26.0500 0x0438 ql1240 - ok
17:56:26.0531 0x0438 ql1280 - ok
17:56:26.0781 0x0438 [ 720FEA3AAA15FE7E0BEAB10AC2E6D2B0, E1E6A79751B7CAA86F4C7F9DD2A835D5C30FBD433644F916B8E54CD8105D00D2 ] RalinkRegistryWriter C:\Programme\RALINK\Common\RaRegistry.exe
17:56:26.0937 0x0438 RalinkRegistryWriter - ok
17:56:26.0984 0x0438 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:56:27.0265 0x0438 RasAcd - ok
17:56:27.0359 0x0438 [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:56:27.0687 0x0438 RasAuto - ok
17:56:27.0781 0x0438 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:56:28.0093 0x0438 Rasl2tp - ok
17:56:28.0312 0x0438 [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:56:28.0687 0x0438 RasMan - ok
17:56:28.0781 0x0438 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:56:29.0078 0x0438 RasPppoe - ok
17:56:29.0109 0x0438 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:56:29.0421 0x0438 Raspti - ok
17:56:29.0578 0x0438 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:56:29.0953 0x0438 Rdbss - ok
17:56:30.0015 0x0438 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:56:30.0281 0x0438 RDPCDD - ok
17:56:30.0500 0x0438 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:56:30.0812 0x0438 rdpdr - ok
17:56:31.0000 0x0438 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:56:31.0203 0x0438 RDPWD - ok
17:56:31.0359 0x0438 [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:56:31.0781 0x0438 RDSessMgr - ok
17:56:31.0890 0x0438 [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:56:32.0156 0x0438 redbook - ok
17:56:32.0296 0x0438 [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:56:32.0593 0x0438 RemoteAccess - ok
17:56:32.0718 0x0438 [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:56:33.0046 0x0438 RemoteRegistry - ok
17:56:33.0171 0x0438 [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator C:\WINDOWS\system32\locator.exe
17:56:33.0515 0x0438 RpcLocator - ok
17:56:33.0843 0x0438 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:56:34.0093 0x0438 RpcSs - ok
17:56:34.0234 0x0438 [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:56:34.0593 0x0438 RSVP - ok
17:56:35.0562 0x0438 [ 7DCC219C0D5634F87CE4D33EB1F6DADA, 9B58B4B19C3237E927DF24287CCBBA33ED1B7E895B8874964A49CA1F18CB190A ] RT80x86 C:\WINDOWS\system32\DRIVERS\RT2860.sys
17:56:37.0078 0x0438 RT80x86 - ok
17:56:37.0125 0x0438 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs C:\WINDOWS\system32\lsass.exe
17:56:37.0390 0x0438 SamSs - ok
17:56:37.0546 0x0438 [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:56:37.0921 0x0438 SCardSvr - ok
17:56:38.0140 0x0438 [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:56:38.0546 0x0438 Schedule - ok
17:56:38.0656 0x0438 [ F34C06D1C706A6D9433570B087A18B02, 5A1B059458CD71FA9883C8E92F9300B86B79A6E6FBBC87431630DA43D1508319 ] Scutum50 C:\WINDOWS\system32\Drivers\Scutum50.sys
17:56:38.0703 0x0438 Scutum50 - detected UnsignedFile.Multi.Generic ( 1 )
17:56:38.0703 0x0438 Scutum50 ( UnsignedFile.Multi.Generic ) - warning
17:56:38.0750 0x0438 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:56:38.0906 0x0438 Secdrv - ok
17:56:39.0015 0x0438 [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon C:\WINDOWS\System32\seclogon.dll
17:56:39.0296 0x0438 seclogon - ok
17:56:39.0390 0x0438 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS C:\WINDOWS\system32\sens.dll
17:56:39.0687 0x0438 SENS - ok
17:56:39.0765 0x0438 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:56:40.0046 0x0438 serenum - ok
17:56:40.0140 0x0438 [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
17:56:40.0453 0x0438 Serial - ok
17:56:40.0531 0x0438 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:56:40.0781 0x0438 Sfloppy - ok
17:56:41.0062 0x0438 [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:56:41.0718 0x0438 SharedAccess - ok
17:56:41.0875 0x0438 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:56:41.0953 0x0438 ShellHWDetection - ok
17:56:41.0968 0x0438 Simbad - ok
17:56:42.0015 0x0438 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:56:42.0281 0x0438 SLIP - ok
17:56:42.0296 0x0438 Sparrow - ok
17:56:42.0343 0x0438 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:56:42.0625 0x0438 splitter - ok
17:56:42.0750 0x0438 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:56:42.0890 0x0438 Spooler - ok
17:56:43.0406 0x0438 [ CDDDEC541BC3C96F91ECB48759673505, B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
17:56:44.0281 0x0438 sptd - ok
17:56:44.0375 0x0438 [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:56:44.0578 0x0438 sr - ok
17:56:44.0734 0x0438 [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice C:\WINDOWS\system32\srsvc.dll
17:56:44.0875 0x0438 srservice - ok
17:56:45.0203 0x0438 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:56:45.0718 0x0438 Srv - ok
17:56:45.0859 0x0438 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:56:46.0093 0x0438 SSDPSRV - ok
17:56:46.0359 0x0438 [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:56:47.0015 0x0438 stisvc - ok
17:56:47.0093 0x0438 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:56:47.0375 0x0438 streamip - ok
17:56:47.0421 0x0438 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:56:47.0656 0x0438 swenum - ok
17:56:47.0750 0x0438 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:56:48.0062 0x0438 swmidi - ok
17:56:48.0078 0x0438 SwPrv - ok
17:56:48.0156 0x0438 symc810 - ok
17:56:48.0187 0x0438 symc8xx - ok
17:56:48.0218 0x0438 sym_hi - ok
17:56:48.0250 0x0438 sym_u3 - ok
17:56:48.0375 0x0438 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:56:48.0687 0x0438 sysaudio - ok
17:56:48.0875 0x0438 syshost32 - ok
17:56:49.0000 0x0438 [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:56:49.0328 0x0438 SysmonLog - ok
17:56:49.0437 0x0438 [ E930A912C441B14E12DD744E726ED4CE, CB2501082EDD19EF07B6EE6D8F00DFD2D42A2286CFC18CEA986E19A40CDF98A5 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
17:56:49.0484 0x0438 tap0901 - detected UnsignedFile.Multi.Generic ( 1 )
17:56:49.0484 0x0438 tap0901 ( UnsignedFile.Multi.Generic ) - warning
17:56:49.0703 0x0438 [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:56:50.0437 0x0438 TapiSrv - ok
17:56:50.0828 0x0438 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:56:51.0531 0x0438 Tcpip - ok
17:56:51.0625 0x0438 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:56:51.0984 0x0438 TDPIPE - ok
17:56:52.0062 0x0438 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:56:52.0531 0x0438 TDTCP - ok
17:56:52.0640 0x0438 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:56:53.0031 0x0438 TermDD - ok
17:56:53.0328 0x0438 [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService C:\WINDOWS\System32\termsrv.dll
17:56:54.0156 0x0438 TermService - ok
17:56:54.0281 0x0438 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:56:54.0375 0x0438 Themes - ok
17:56:54.0531 0x0438 [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:56:54.0843 0x0438 TlntSvr - ok
17:56:54.0921 0x0438 TosIde - ok
17:56:55.0109 0x0438 [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:56:55.0515 0x0438 TrkWks - ok
17:56:55.0671 0x0438 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:56:56.0125 0x0438 Udfs - ok
17:56:56.0140 0x0438 ultra - ok
17:56:56.0484 0x0438 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:56:57.0000 0x0438 Update - ok
17:56:57.0218 0x0438 [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:56:57.0578 0x0438 upnphost - ok
17:56:57.0625 0x0438 [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS C:\WINDOWS\System32\ups.exe
17:56:57.0937 0x0438 UPS - ok
17:56:58.0000 0x0438 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:56:58.0187 0x0438 usbccgp - ok
17:56:58.0250 0x0438 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:56:58.0312 0x0438 usbehci - ok
17:56:58.0421 0x0438 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:56:58.0703 0x0438 usbhub - ok
17:56:58.0781 0x0438 [ 84C44D720655A8AA475E57A9E764D675, 2D450199338A217FBD951317812A74223E8B477974C7634667E8896316C3FEA0 ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys
17:56:59.0015 0x0438 usbser - ok
17:56:59.0093 0x0438 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:56:59.0421 0x0438 usbstor - ok
17:56:59.0515 0x0438 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:56:59.0796 0x0438 usbuhci - ok
17:56:59.0921 0x0438 [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
17:57:00.0093 0x0438 usbvideo - ok
17:57:00.0140 0x0438 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:57:00.0406 0x0438 VgaSave - ok
17:57:00.0421 0x0438 ViaIde - ok
17:57:00.0531 0x0438 [ A8087593A397B43BE57F4CD3AA11E81F, 6AF0EBFD9291B24975B7E2BD6C16EA2276D9495C7742243344797BB17683719B ] vnet C:\WINDOWS\system32\DRIVERS\virtualnet.sys
17:57:00.0593 0x0438 vnet - ok
17:57:00.0671 0x0438 [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:57:00.0968 0x0438 VolSnap - ok
17:57:01.0015 0x0438 vpnva - ok
17:57:01.0281 0x0438 [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS C:\WINDOWS\System32\vssvc.exe
17:57:01.0609 0x0438 VSS - ok
17:57:01.0828 0x0438 [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time C:\WINDOWS\system32\w32time.dll
17:57:02.0109 0x0438 W32Time - ok
17:57:02.0203 0x0438 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:57:02.0531 0x0438 Wanarp - ok
17:57:02.0671 0x0438 [ DC7F91B2ED24A738C807EA07F298928C, A4DCE890B7CC550B0DD3D7D4CDE01623B64C5688953CE386D9602CD542B261C9 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
17:57:02.0859 0x0438 wceusbsh - ok
17:57:02.0875 0x0438 WDICA - ok
17:57:02.0984 0x0438 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:57:03.0937 0x0438 wdmaud - ok
17:57:04.0031 0x0438 [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient C:\WINDOWS\System32\webclnt.dll
17:57:04.0593 0x0438 WebClient - ok
17:57:05.0015 0x0438 [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:57:05.0296 0x0438 winmgmt - ok
17:57:05.0453 0x0438 [ 6E18978B749F0696A774DE3F2CB142DD, 4BBE31A78F6CF474A4CFDBB7C365DE058247F8BFA21F7E563111E84D8937BC26 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
17:57:05.0734 0x0438 WmdmPmSN - ok
17:57:06.0328 0x0438 [ FFA4D901D46D07A5BAB2D8307FBB51A6, 53C6D04D111EDF774C7F7EEB8D032B372E6244774D56B1B34CF1236027EC9450 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:57:06.0828 0x0438 Wmi - ok
17:57:07.0000 0x0438 [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:57:07.0359 0x0438 WmiApSrv - ok
17:57:07.0531 0x0438 [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:57:07.0953 0x0438 wscsvc - ok
17:57:08.0031 0x0438 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:57:08.0296 0x0438 WSTCODEC - ok
17:57:08.0375 0x0438 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:57:08.0703 0x0438 wuauserv - ok
17:57:09.0187 0x0438 [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:57:10.0062 0x0438 WZCSVC - ok
17:57:10.0234 0x0438 [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:57:10.0625 0x0438 xmlprov - ok
17:57:10.0687 0x0438 ================ Scan global ===============================
17:57:10.0843 0x0438 [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] C:\WINDOWS\system32\basesrv.dll
17:57:11.0062 0x0438 [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
17:57:11.0296 0x0438 [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
17:57:11.0406 0x0438 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] C:\WINDOWS\system32\services.exe
17:57:11.0421 0x0438 [ Global ] - ok
17:57:11.0421 0x0438 ================ Scan MBR ==================================
17:57:11.0468 0x0438 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
17:57:12.0031 0x0438 \Device\Harddisk0\DR0 - ok
17:57:12.0031 0x0438 ================ Scan VBR ==================================
17:57:12.0046 0x0438 [ 4245CEA1EB3D659C1B14657ADD2B60D1 ] \Device\Harddisk0\DR0\Partition1
17:57:12.0062 0x0438 \Device\Harddisk0\DR0\Partition1 - ok
17:57:12.0062 0x0438 ================ Scan generic autorun ======================
17:57:23.0546 0x0438 [ 61176ADAE8FD9DF0A8F1BF88D046CB93, 45AA62402B314CEF6481CFB713616127E3F68250E6A86BBA76EE942B8828E5AD ] C:\WINDOWS\RTHDCPL.EXE
17:57:47.0640 0x0438 RTHDCPL - ok
17:57:47.0781 0x0438 [ 0D034E8C4F88C5B2B0C1AF3CF438CC4F, F44F9A6BBA0AE6D350F98CDBF2D5B09D56D9B1CF46F4CB9F50566232B32F8BAE ] C:\WINDOWS\SOUNDMAN.EXE
17:57:47.0953 0x0438 SoundMan - ok
17:57:49.0859 0x0438 [ EC05E964058693D1F71D1B5506B5CF09, B1E126AA040800FEC99CAE2C675A225183D50A6F3D24262051A5FB5D96E61012 ] C:\WINDOWS\ALCWZRD.EXE
17:57:53.0484 0x0438 AlcWzrd - ok
17:57:53.0609 0x0438 [ 5490BD0896299C6FCB1AC0040742B2A7, 12938ACC18B257C9293FA278A59E5DEF56021F29A93D700B38DEEF92EC2D3B68 ] C:\Programme\EeePC\ACPI\AsTray.exe
17:57:53.0734 0x0438 AsusTray - detected UnsignedFile.Multi.Generic ( 1 )
17:57:53.0734 0x0438 AsusTray ( UnsignedFile.Multi.Generic ) - warning
17:57:54.0171 0x0438 [ 25BB2C4C7D4709855BF8BB66E499941B, 003E2496D5C14469650CFA75F84B9394E2B34C2E3DD7E3F7E6B1E8C4079BD91C ] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe
17:57:54.0937 0x0438 AsusACPIServer - detected UnsignedFile.Multi.Generic ( 1 )
17:57:54.0937 0x0438 AsusACPIServer ( UnsignedFile.Multi.Generic ) - warning
17:57:54.0937 0x0438 Force sending object to P2P due to detect: C:\Programme\EeePC\ACPI\AsAcpiSvr.exe
17:57:55.0250 0x0438 Object send P2P result: false
17:57:55.0328 0x0438 [ 2D3A4F1B70420B367763AB14F9E9510F, 6301BC932A12403AC64ADB3C0A45A492499AD3AD12729329891BD4BA3E322518 ] C:\Programme\EeePC\ACPI\AsEPCMon.exe
17:57:55.0421 0x0438 AsusEPCMonitor - detected UnsignedFile.Multi.Generic ( 1 )
17:57:55.0421 0x0438 AsusEPCMonitor ( UnsignedFile.Multi.Generic ) - warning
17:57:55.0734 0x0438 [ DD3F9185387C4392D59A11673B84A67B, C1B85748C8286488887261D2F2523392DDFCE31C4D8788B15473E973B1959987 ] C:\Programme\Elantech\ETDCtrl.exe
17:57:56.0265 0x0438 ETDWare - ok
17:57:56.0500 0x0438 [ 7BBE4CF421AECC7F0226EDD75F12079F, 8E78FC5E0657DB066F9EBAADEA9AFECB1AAA570DD9C08C7ED42116704D2E379D ] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
17:57:56.0906 0x0438 IMJPMIG8.1 - ok
17:57:57.0015 0x0438 [ 1B17E09C1223F6D17336D2DD7A1AF4F4, 06DFAD95007532CCF46D593EEDC2474936614AEDCEA7BF983E36DAD22F850B08 ] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
17:57:57.0343 0x0438 MSPY2002 - ok
17:57:57.0718 0x0438 [ 024DC0F68DF5FD6AE9DD82DFBAF479D6, FDBF0FD05CFB757C704B22703DF23E05207F14877A4EF52E3032012B6FD0C4E0 ] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
17:57:58.0468 0x0438 PHIME2002ASync - ok
17:57:58.0828 0x0438 [ 024DC0F68DF5FD6AE9DD82DFBAF479D6, FDBF0FD05CFB757C704B22703DF23E05207F14877A4EF52E3032012B6FD0C4E0 ] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
17:57:59.0265 0x0438 PHIME2002A - ok
17:57:59.0421 0x0438 [ 4F0BED169FAB31EA094A649B0473B5C6, 492516BEA51D0A793F055EB789DC0A07477A78FAC6321C0AAB9BEF72EE7FCC80 ] C:\WINDOWS\system32\igfxtray.exe
17:57:59.0593 0x0438 IgfxTray - ok
17:57:59.0703 0x0438 [ 8B0DE4B972DB725FB9D591E69CD236FB, DF84C7DAE087772C4AAF8D13B48F9BE1E6BC31869DE6BD9642B598C0DF660F12 ] C:\WINDOWS\system32\hkcmd.exe
17:57:59.0859 0x0438 HotKeysCmds - ok
17:57:59.0968 0x0438 [ CC632EB3A7D106464E933E7D53883550, F1378C5AD859296A73BF23F3AB1765D5BD4EFB856E011A7A8676BE793BBC29B5 ] C:\WINDOWS\system32\igfxpers.exe
17:58:00.0125 0x0438 Persistence - ok
17:58:00.0375 0x0438 [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
17:58:00.0609 0x0438 SunJavaUpdateSched - ok
17:58:00.0781 0x0438 [ 4DA2F2DA54A92850F56C0DB712058188, 9FB9BD1D9874DD64A627FFBE7B54B753D5496425BB595A112D0E17601A5E86A0 ] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe
17:58:00.0875 0x0438 Malwarebytes Anti-Malware (cleanup) - ok
17:58:00.0875 0x0438 {F79B4AEA-120D-4808-9376-FB23F64217F1} - ok
17:58:00.0937 0x0438 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
17:58:01.0187 0x0438 CTFMON.EXE - ok
17:58:01.0250 0x0438 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
17:58:01.0484 0x0438 CTFMON.EXE - ok
17:58:01.0562 0x0438 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\ctfmon.exe
17:58:01.0796 0x0438 CTFMON.EXE - ok
17:58:02.0109 0x0438 [ F34E7705751BB413283434697BF8E55D, BDF8B29A56C51439BEB9B4C3576341BBE3EE80582063AD602AB77D19A0630C35 ] C:\Programme\DAEMON Tools Lite\DTLite.exe
17:58:02.0593 0x0438 DAEMON Tools Lite - ok
17:58:03.0234 0x0438 [ 98EBAF30AE3B607B916F0773456B075A, 7A7FF445E6075999BCEAA6B045435D5318C02E27BF2BEBBFE966E7A5451FAAB8 ] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe
17:58:04.0218 0x0438 FlashPlayerUpdate - ok
17:58:04.0375 0x0438 ============================================================
17:58:04.0375 0x0438 Scan finished
17:58:04.0375 0x0438 ============================================================
17:58:04.0421 0x0430 Detected object count: 7
17:58:04.0421 0x0430 Actual detected object count: 7
17:59:18.0890 0x0430 6cb4f0b1c715c25e ( Rootkit.Win32.Necurs.gen ) - skipped by user
17:59:18.0890 0x0430 6cb4f0b1c715c25e ( Rootkit.Win32.Necurs.gen ) - User select action: Skip
17:59:18.0890 0x0430 HDD & SSD access service ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:18.0890 0x0430 HDD & SSD access service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:59:18.0906 0x0430 Scutum50 ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:18.0906 0x0430 Scutum50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:59:18.0921 0x0430 tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:18.0921 0x0430 tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:59:18.0937 0x0430 AsusTray ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:18.0937 0x0430 AsusTray ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:59:18.0937 0x0430 AsusACPIServer ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:18.0937 0x0430 AsusACPIServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:59:18.0953 0x0430 AsusEPCMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:18.0953 0x0430 AsusEPCMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
21.09.2014, 11:04
| #6 | |
| /// TB-Ausbilder | syshost.exe trojaner/rootkit Servus, ok, nochmal über den abgesicherten Modus laufen lassen. Zitat:
Dann im Anschluss ComboFix vom normalen Modus ausführen: Scan mit Combofix
|
|
21.09.2014, 12:00
| #7 |
| | syshost.exe trojaner/rootkit Unser tolles Web based reputation system blockt die URL, weil sie angeblicht malware verteilt. Aber das lässt sich ja schöner weise über den simpelsten onlineproxy schon umgehen -.- TDSS vom abgesicherten Code:
ATTFilter 12:15:59.0859 0x031c TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
12:16:02.0687 0x031c ============================================================
12:16:02.0687 0x031c Current date / time: 2014/09/21 12:16:02.0687
12:16:02.0687 0x031c SystemInfo:
12:16:02.0687 0x031c
12:16:02.0687 0x031c OS Version: 5.1.2600 ServicePack: 3.0
12:16:02.0687 0x031c Product type: Workstation
12:16:02.0687 0x031c ComputerName: EEE-PC
12:16:02.0703 0x031c UserName: Administrator
12:16:02.0703 0x031c Windows directory: C:\WINDOWS
12:16:02.0703 0x031c System windows directory: C:\WINDOWS
12:16:02.0703 0x031c Processor architecture: Intel x86
12:16:02.0703 0x031c Number of processors: 2
12:16:02.0703 0x031c Page size: 0x1000
12:16:02.0703 0x031c Boot type: Safe boot
12:16:02.0703 0x031c ============================================================
12:16:02.0703 0x031c BG loaded
12:16:04.0156 0x031c System UUID: {86D107B0-7E38-3615-BAD1-DDFD9EE692D5}
12:16:08.0312 0x031c Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
12:16:08.0312 0x031c ============================================================
12:16:08.0312 0x031c \Device\Harddisk0\DR0:
12:16:08.0328 0x031c MBR partitions:
12:16:08.0328 0x031c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
12:16:08.0328 0x031c ============================================================
12:16:08.0359 0x031c C: <-> \Device\Harddisk0\DR0\Partition1
12:16:08.0359 0x031c ============================================================
12:16:08.0359 0x031c Initialize success
12:16:08.0359 0x031c ============================================================
12:16:10.0031 0x034c ============================================================
12:16:10.0031 0x034c Scan started
12:16:10.0031 0x034c Mode: Manual;
12:16:10.0031 0x034c ============================================================
12:16:10.0031 0x034c KSN ping started
12:16:10.0062 0x034c KSN ping finished: false
12:16:16.0062 0x034c ================ Scan system memory ========================
12:16:16.0062 0x034c System memory - ok
12:16:16.0078 0x034c ================ Scan services =============================
12:16:16.0125 0x034c Suspicious service (NoAccess): 6cb4f0b1c715c25e
12:16:16.0671 0x034c [ 5A553543948F966FF1E5E8D5300F4BFB, 1A5C2E2DEAAE8DDBF051970A27707B12286A425A142F08F071A03DEBE3F54D21 ] 6cb4f0b1c715c25e C:\WINDOWS\System32\Drivers\6cb4f0b1c715c25e.sys
12:16:16.0671 0x034c Suspicious file ( NoAccess ): C:\WINDOWS\System32\Drivers\6cb4f0b1c715c25e.sys. md5: 5A553543948F966FF1E5E8D5300F4BFB, sha256: 1A5C2E2DEAAE8DDBF051970A27707B12286A425A142F08F071A03DEBE3F54D21
12:16:17.0109 0x034c 6cb4f0b1c715c25e - detected Rootkit.Win32.Necurs.gen ( 0 )
12:16:17.0765 0x034c 6cb4f0b1c715c25e ( Rootkit.Win32.Necurs.gen ) - infected
12:16:17.0765 0x034c Force sending object to P2P due to detect: 6cb4f0b1c715c25e
12:16:17.0796 0x034c Object send P2P result: false
12:16:17.0812 0x034c Abiosdsk - ok
12:16:17.0843 0x034c abp480n5 - ok
12:16:18.0031 0x034c [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:16:18.0046 0x034c ACPI - ok
12:16:18.0093 0x034c [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:16:18.0093 0x034c ACPIEC - ok
12:16:18.0125 0x034c adpu160m - ok
12:16:18.0281 0x034c [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:16:18.0296 0x034c aec - ok
12:16:18.0453 0x034c [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:16:18.0453 0x034c AFD - ok
12:16:18.0484 0x034c Aha154x - ok
12:16:18.0515 0x034c aic78u2 - ok
12:16:18.0546 0x034c aic78xx - ok
12:16:18.0765 0x034c [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:16:18.0765 0x034c Alerter - ok
12:16:18.0828 0x034c [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG C:\WINDOWS\System32\alg.exe
12:16:18.0843 0x034c ALG - ok
12:16:18.0859 0x034c AliIde - ok
12:16:18.0890 0x034c amsint - ok
12:16:19.0062 0x034c [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:16:19.0078 0x034c AppMgmt - ok
12:16:19.0093 0x034c asc - ok
12:16:19.0125 0x034c asc3350p - ok
12:16:19.0156 0x034c asc3550 - ok
12:16:19.0343 0x034c aspnet_state - ok
12:16:19.0406 0x034c [ 12415A4B61DED200FE9932B47A35FA42, EA9D32CCD98990F6F20412F919B0477D63771E631755CC593E2CD9B8D70A8E25 ] AsusACPI C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
12:16:19.0406 0x034c AsusACPI - ok
12:16:19.0468 0x034c [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:16:19.0468 0x034c AsyncMac - ok
12:16:19.0578 0x034c [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:16:19.0593 0x034c atapi - ok
12:16:19.0609 0x034c Atdisk - ok
12:16:19.0718 0x034c [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:16:19.0718 0x034c Atmarpc - ok
12:16:19.0796 0x034c [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:16:19.0812 0x034c AudioSrv - ok
12:16:19.0875 0x034c [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:16:19.0875 0x034c audstub - ok
12:16:19.0953 0x034c [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:16:19.0968 0x034c Beep - ok
12:16:20.0296 0x034c [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS C:\WINDOWS\system32\qmgr.dll
12:16:20.0328 0x034c BITS - ok
12:16:20.0421 0x034c [ F934D1B230F84E1D19DD00AC5A7A83ED, 32CD3A7A1F06DCCE2A4D9FA6E2AE7B3E2B57FA2D5F1C74EA79D72E5E0E352E60 ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
12:16:20.0421 0x034c Bridge - ok
12:16:20.0500 0x034c [ F934D1B230F84E1D19DD00AC5A7A83ED, 32CD3A7A1F06DCCE2A4D9FA6E2AE7B3E2B57FA2D5F1C74EA79D72E5E0E352E60 ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
12:16:20.0500 0x034c BridgeMP - ok
12:16:20.0609 0x034c [ B71549F23736ADF83A571061C47777FD, A1D0320736EE777030A543DCA086367EB5A5B6F95088B9C22D8E09326C3A39A9 ] Browser C:\WINDOWS\System32\browser.dll
12:16:20.0609 0x034c Browser - ok
12:16:21.0078 0x034c [ B6E16DA77EAFE84A8C5BC44784FEEAEA, 5E891966A09ACFB6DAA5E9468F8FEA9814F921FA1C15CF9F5487D730295BDA5D ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
12:16:21.0109 0x034c btaudio - ok
12:16:21.0187 0x034c [ 58A49BD10E08D3D4333A60DEDCB1CED8, 2110462BDD51BCEB661C089376E60E5ECE5F5908CF80A09035190529C9F306A4 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
12:16:21.0187 0x034c BTDriver - ok
12:16:21.0796 0x034c [ EF5E0DE0A7CA2977A9255F36F4D915AB, ECF2445200CDF6379ABE0BDA0CDDC4D9FF94CC34D652AD536E34C1AEB576B710 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
12:16:21.0875 0x034c BTKRNL - ok
12:16:22.0203 0x034c [ FAC8968CE8EFBC0E418FC978A1F174D9, EAA53AA5C5CCF4DC0A84CBADE48F7732C8682F2B374A4ADCD97766AC54AF2D14 ] btwdins C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
12:16:22.0218 0x034c btwdins - ok
12:16:22.0359 0x034c [ 80F61DE965C116051614AC2F04222FF7, 010201E19B96DA3937C168051205728AF47FA96C89D1553F1F67739227B086E5 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
12:16:22.0375 0x034c BTWDNDIS - ok
12:16:22.0453 0x034c [ E48668B4A6A5CF68B33AECAD18EE8E1E, CC190DCED4B71FDCC113E90B4FCAC4975830C6C86C04F9CDDF2C4E9F2661AA30 ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
12:16:22.0468 0x034c btwhid - ok
12:16:22.0546 0x034c [ 8BCD7BFE9C70A8FF7444263435B18AA1, CD260090E88D75C5F277403075FA43BA71166E9C65B9ECD3E2D767E67D92374D ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
12:16:22.0546 0x034c btwmodem - ok
12:16:22.0656 0x034c [ 053DC5BE74621B63BB48C2B86BAFC7B0, 0BF9810CBB7D94DE00A2153DCF0649BC0A27CDBAF76412E61696083C54189778 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
12:16:22.0656 0x034c BTWUSB - ok
12:16:22.0718 0x034c [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:16:22.0718 0x034c cbidf2k - ok
12:16:22.0781 0x034c [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:16:22.0781 0x034c CCDECODE - ok
12:16:22.0812 0x034c cd20xrnt - ok
12:16:22.0875 0x034c [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:16:22.0875 0x034c Cdaudio - ok
12:16:22.0984 0x034c [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:16:22.0984 0x034c Cdfs - ok
12:16:23.0093 0x034c [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:16:23.0109 0x034c Cdrom - ok
12:16:23.0125 0x034c Changer - ok
12:16:23.0203 0x034c [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:16:23.0203 0x034c CiSvc - ok
12:16:23.0265 0x034c [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:16:23.0265 0x034c ClipSrv - ok
12:16:23.0328 0x034c [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:16:23.0343 0x034c CmBatt - ok
12:16:23.0359 0x034c CmdIde - ok
12:16:23.0406 0x034c [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:16:23.0406 0x034c Compbatt - ok
12:16:23.0437 0x034c COMSysApp - ok
12:16:23.0500 0x034c Cpqarray - ok
12:16:23.0625 0x034c [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:16:23.0640 0x034c CryptSvc - ok
12:16:23.0656 0x034c dac2w2k - ok
12:16:23.0687 0x034c dac960nt - ok
12:16:24.0031 0x034c [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:16:24.0062 0x034c DcomLaunch - ok
12:16:24.0171 0x034c [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:16:24.0187 0x034c Dhcp - ok
12:16:24.0281 0x034c [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:16:24.0281 0x034c Disk - ok
12:16:24.0296 0x034c dmadmin - ok
12:16:24.0906 0x034c [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:16:24.0968 0x034c dmboot - ok
12:16:25.0156 0x034c [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:16:25.0156 0x034c dmio - ok
12:16:25.0203 0x034c [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:16:25.0203 0x034c dmload - ok
12:16:25.0250 0x034c [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:16:25.0250 0x034c dmserver - ok
12:16:25.0343 0x034c [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:16:25.0359 0x034c DMusic - ok
12:16:25.0453 0x034c [ 407F3227AC618FD1CA54B335B083DE07, 96B8E734648FE9A4EBA59C096C8779BD1A11A93A6303AFD438A406C8122D36C6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:16:25.0468 0x034c Dnscache - ok
12:16:25.0593 0x034c [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:16:25.0609 0x034c Dot3svc - ok
12:16:25.0640 0x034c dpti2o - ok
12:16:25.0703 0x034c [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:16:25.0703 0x034c drmkaud - ok
12:16:25.0765 0x034c [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:16:25.0781 0x034c EapHost - ok
12:16:25.0859 0x034c [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:16:25.0859 0x034c ERSvc - ok
12:16:26.0015 0x034c [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] Eventlog C:\WINDOWS\system32\services.exe
12:16:26.0015 0x034c Eventlog - ok
12:16:26.0250 0x034c [ AF4F6B5739D18CA7972AB53E091CBC74, A399E2CC026730D3A429727AAB48093B9F1E5DD8EB6336519C7F16182FDB3905 ] EventSystem C:\WINDOWS\system32\es.dll
12:16:26.0265 0x034c EventSystem - ok
12:16:26.0421 0x034c [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:16:26.0437 0x034c Fastfat - ok
12:16:26.0578 0x034c [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:16:26.0593 0x034c FastUserSwitchingCompatibility - ok
12:16:26.0671 0x034c [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:16:26.0687 0x034c Fdc - ok
12:16:26.0734 0x034c [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:16:26.0750 0x034c Fips - ok
12:16:26.0812 0x034c [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:16:26.0812 0x034c Flpydisk - ok
12:16:26.0953 0x034c [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:16:26.0953 0x034c FltMgr - ok
12:16:27.0000 0x034c [ 1F943241F4963CD51E5F61C93D3F45C7, 79762E040ABB6D22921150F9987F9FD999EE2CAA7D1BFB2EC6482A1BFE1F907E ] FsVga C:\WINDOWS\system32\DRIVERS\fsvga.sys
12:16:27.0000 0x034c FsVga - ok
12:16:27.0031 0x034c [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:16:27.0031 0x034c Fs_Rec - ok
12:16:27.0140 0x034c [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:16:27.0140 0x034c Ftdisk - ok
12:16:27.0234 0x034c [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:16:27.0234 0x034c Gpc - ok
12:16:27.0390 0x034c [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:16:27.0406 0x034c HDAudBus - ok
12:16:27.0625 0x034c [ 9AE4747663A6C62F6FFE0B991A0F531A, 1D92011CDD97AB6DFDB71F72FB79A6332B4F2BFDE92AAC874982E6B33F557CBE ] HDD & SSD access service C:\Programme\Gemeinsame Dateien\BinarySense\disksvc.exe
12:16:27.0640 0x034c HDD & SSD access service - ok
12:16:27.0765 0x034c [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:16:27.0765 0x034c helpsvc - ok
12:16:27.0843 0x034c [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:16:27.0843 0x034c HidServ - ok
12:16:27.0875 0x034c [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:16:27.0890 0x034c HidUsb - ok
12:16:27.0968 0x034c [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:16:27.0968 0x034c hkmsvc - ok
12:16:28.0000 0x034c hpn - ok
12:16:28.0218 0x034c [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:16:28.0234 0x034c HTTP - ok
12:16:28.0328 0x034c [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:16:28.0328 0x034c HTTPFilter - ok
12:16:28.0343 0x034c i2omgmt - ok
12:16:28.0375 0x034c i2omp - ok
12:16:28.0500 0x034c [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:16:28.0500 0x034c i8042prt - ok
12:16:32.0484 0x034c [ 0F68E2EC713F132FFB19E45415B09679, B1439A5D157F9FF54E803581D2B86411DB079242D837617021A4A0BC195E67BB ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:16:32.0921 0x034c ialm - ok
12:16:33.0031 0x034c iked - ok
12:16:33.0093 0x034c [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:16:33.0093 0x034c Imapi - ok
12:16:33.0250 0x034c [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:16:33.0265 0x034c ImapiService - ok
12:16:33.0296 0x034c ini910u - ok
12:16:36.0515 0x034c [ 45FFC97A47248550E799DA5EB5DCA6A1, 7AB9D6CBB3C614F23B69031D500483450F3710FBB2C7C6FF62A6F492B7810235 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:16:36.0875 0x034c IntcAzAudAddService - ok
12:16:36.0921 0x034c IntelIde - ok
12:16:37.0031 0x034c [ 4C7D2750158ED6E7AD642D97BFFAE351, C05E4799752F090DCB632F07F62ADE38D31534621064D269AD535CA0BDFED448 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:16:37.0031 0x034c intelppm - ok
12:16:37.0078 0x034c [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:16:37.0078 0x034c Ip6Fw - ok
12:16:37.0156 0x034c [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:16:37.0156 0x034c IpFilterDriver - ok
12:16:37.0203 0x034c [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:16:37.0203 0x034c IpInIp - ok
12:16:37.0359 0x034c [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:16:37.0375 0x034c IpNat - ok
12:16:37.0484 0x034c [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:16:37.0484 0x034c IPSec - ok
12:16:37.0515 0x034c ipsecd - ok
12:16:37.0578 0x034c [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:16:37.0578 0x034c IRENUM - ok
12:16:37.0671 0x034c [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:16:37.0671 0x034c isapnp - ok
12:16:37.0968 0x034c [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
12:16:37.0968 0x034c JavaQuickStarterService - ok
12:16:38.0078 0x034c [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:16:38.0078 0x034c Kbdclass - ok
12:16:38.0140 0x034c [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:16:38.0156 0x034c kbdhid - ok
12:16:38.0296 0x034c [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:16:38.0296 0x034c kmixer - ok
12:16:38.0421 0x034c [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:16:38.0437 0x034c KSecDD - ok
12:16:38.0562 0x034c [ 85B6D85C044E3DF77E92B5A7B265008F, 1068FE42D23BA26DAF73EF2BAAD19ED9B3781F7BB89799C28EEE2F13A766807B ] Ktp C:\WINDOWS\system32\DRIVERS\ETD.sys
12:16:38.0578 0x034c Ktp - ok
12:16:38.0671 0x034c [ 303627228DD739D98289679901A38C8F, 2E2C249CDD0C1D04EF4EC03DD5EF1984DD74FC66253BBDA553FB30FAA8173F60 ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
12:16:38.0671 0x034c L1e - ok
12:16:38.0812 0x034c [ 2BBDCB79900990F0716DFCB714E72DE7, 6283789201164A9254632D9A3C8A54FE697717D5F8D5A37804D924DC2B70C8E3 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:16:38.0812 0x034c LanmanServer - ok
12:16:38.0968 0x034c [ 1869B14B06B44B44AF70548E1EA3303F, 4D63B4DAF580C86F86837C7D1753E2105B4C52E26D4CA0CAAFE83755EFF7AFBE ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:16:38.0984 0x034c lanmanworkstation - ok
12:16:39.0015 0x034c lbrtfdc - ok
12:16:39.0156 0x034c [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:16:39.0156 0x034c LmHosts - ok
12:16:39.0218 0x034c [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:16:39.0218 0x034c Messenger - ok
12:16:39.0281 0x034c [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:16:39.0281 0x034c mnmdd - ok
12:16:39.0359 0x034c [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:16:39.0359 0x034c mnmsrvc - ok
12:16:39.0406 0x034c [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:16:39.0406 0x034c Modem - ok
12:16:39.0453 0x034c [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:16:39.0453 0x034c Mouclass - ok
12:16:39.0515 0x034c [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:16:39.0515 0x034c mouhid - ok
12:16:39.0593 0x034c [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:16:39.0593 0x034c MountMgr - ok
12:16:39.0625 0x034c mraid35x - ok
12:16:39.0796 0x034c [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:16:39.0812 0x034c MRxDAV - ok
12:16:40.0156 0x034c [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:16:40.0203 0x034c MRxSmb - ok
12:16:40.0265 0x034c [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:16:40.0265 0x034c MSDTC - ok
12:16:40.0328 0x034c [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:16:40.0328 0x034c Msfs - ok
12:16:40.0343 0x034c MSIServer - ok
12:16:40.0406 0x034c [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:16:40.0406 0x034c MSKSSRV - ok
12:16:40.0453 0x034c [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:16:40.0453 0x034c MSPCLOCK - ok
12:16:40.0484 0x034c [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:16:40.0500 0x034c MSPQM - ok
12:16:40.0562 0x034c [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:16:40.0562 0x034c mssmbios - ok
12:16:40.0609 0x034c [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:16:40.0609 0x034c MSTEE - ok
12:16:40.0750 0x034c [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:16:40.0750 0x034c Mup - ok
12:16:40.0859 0x034c [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:16:40.0859 0x034c NABTSFEC - ok
12:16:41.0125 0x034c [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:16:41.0140 0x034c napagent - ok
12:16:41.0296 0x034c [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:16:41.0312 0x034c NDIS - ok
12:16:41.0359 0x034c [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:16:41.0359 0x034c NdisIP - ok
12:16:41.0421 0x034c [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:16:41.0421 0x034c NdisTapi - ok
12:16:41.0484 0x034c [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:16:41.0500 0x034c Ndisuio - ok
12:16:41.0578 0x034c [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:16:41.0578 0x034c NdisWan - ok
12:16:41.0656 0x034c [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:16:41.0656 0x034c NDProxy - ok
12:16:41.0718 0x034c [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:16:41.0718 0x034c NetBIOS - ok
12:16:41.0859 0x034c [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:16:41.0859 0x034c NetBT - ok
12:16:42.0000 0x034c [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE C:\WINDOWS\system32\netdde.exe
12:16:42.0015 0x034c NetDDE - ok
12:16:42.0109 0x034c [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:16:42.0125 0x034c NetDDEdsdm - ok
12:16:42.0187 0x034c [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:16:42.0187 0x034c Netlogon - ok
12:16:42.0359 0x034c [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman C:\WINDOWS\System32\netman.dll
12:16:42.0375 0x034c Netman - ok
12:16:42.0609 0x034c [ F1B67B6B0751AE0E6E964B02821206A3, 3D5A7593ABDEE2047C5738671C85DC8B95A4ECF58D5D7B04EEE13A689839A540 ] Nla C:\WINDOWS\System32\mswsock.dll
12:16:42.0625 0x034c Nla - ok
12:16:42.0703 0x034c [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:16:42.0703 0x034c Npfs - ok
12:16:43.0125 0x034c [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:16:43.0171 0x034c Ntfs - ok
12:16:43.0250 0x034c [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:16:43.0250 0x034c NtLmSsp - ok
12:16:43.0578 0x034c [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:16:43.0609 0x034c NtmsSvc - ok
12:16:43.0656 0x034c [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
12:16:43.0656 0x034c Null - ok
12:16:43.0718 0x034c [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:16:43.0718 0x034c NwlnkFlt - ok
12:16:43.0765 0x034c [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:16:43.0765 0x034c NwlnkFwd - ok
12:16:43.0875 0x034c [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:16:43.0875 0x034c Parport - ok
12:16:43.0937 0x034c [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:16:43.0937 0x034c PartMgr - ok
12:16:43.0984 0x034c [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:16:43.0984 0x034c ParVdm - ok
12:16:44.0062 0x034c [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:16:44.0062 0x034c PCI - ok
12:16:44.0093 0x034c PCIDump - ok
12:16:44.0125 0x034c [ 59BA86D9A61CBCF4DF8E598C331F5B82, 822D11C5CE77BFD7B2F25350CCBF92B0B9388EEA6D86ED220B768C720976D839 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:16:44.0125 0x034c PCIIde - ok
12:16:44.0265 0x034c [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:16:44.0281 0x034c Pcmcia - ok
12:16:44.0296 0x034c PDCOMP - ok
12:16:44.0328 0x034c PDFRAME - ok
12:16:44.0359 0x034c PDRELI - ok
12:16:44.0390 0x034c PDRFRAME - ok
12:16:44.0421 0x034c perc2 - ok
12:16:44.0453 0x034c perc2hib - ok
12:16:44.0625 0x034c [ F5ED2F15364B1F58C8B392F43167058F, 62B6DD86708AA2A9FC183C3493C93AAC024E58C36837D095E18DD871F0291079 ] pflt C:\WINDOWS\system32\DRIVERS\vfilter.sys
12:16:44.0625 0x034c pflt - ok
12:16:44.0734 0x034c [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] PlugPlay C:\WINDOWS\system32\services.exe
12:16:44.0750 0x034c PlugPlay - ok
12:16:44.0781 0x034c [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:16:44.0781 0x034c PolicyAgent - ok
12:16:44.0843 0x034c [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:16:44.0843 0x034c PptpMiniport - ok
12:16:44.0890 0x034c [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:16:44.0890 0x034c ProtectedStorage - ok
12:16:44.0968 0x034c [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:16:44.0968 0x034c PSched - ok
12:16:45.0000 0x034c [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:16:45.0000 0x034c Ptilink - ok
12:16:45.0031 0x034c ql1080 - ok
12:16:45.0062 0x034c Ql10wnt - ok
12:16:45.0093 0x034c ql12160 - ok
12:16:45.0125 0x034c ql1240 - ok
12:16:45.0156 0x034c ql1280 - ok
12:16:45.0390 0x034c [ 720FEA3AAA15FE7E0BEAB10AC2E6D2B0, E1E6A79751B7CAA86F4C7F9DD2A835D5C30FBD433644F916B8E54CD8105D00D2 ] RalinkRegistryWriter C:\Programme\RALINK\Common\RaRegistry.exe
12:16:45.0406 0x034c RalinkRegistryWriter - ok
12:16:45.0453 0x034c [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:16:45.0453 0x034c RasAcd - ok
12:16:45.0562 0x034c [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:16:45.0578 0x034c RasAuto - ok
12:16:45.0656 0x034c [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:16:45.0656 0x034c Rasl2tp - ok
12:16:45.0828 0x034c [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:16:45.0843 0x034c RasMan - ok
12:16:45.0890 0x034c [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:16:45.0906 0x034c RasPppoe - ok
12:16:45.0937 0x034c [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:16:45.0953 0x034c Raspti - ok
12:16:46.0109 0x034c [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:16:46.0125 0x034c Rdbss - ok
12:16:46.0156 0x034c [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:16:46.0156 0x034c RDPCDD - ok
12:16:46.0359 0x034c [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:16:46.0375 0x034c rdpdr - ok
12:16:46.0531 0x034c [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:16:46.0546 0x034c RDPWD - ok
12:16:46.0703 0x034c [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:16:46.0718 0x034c RDSessMgr - ok
12:16:46.0812 0x034c [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:16:46.0828 0x034c redbook - ok
12:16:46.0906 0x034c [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:16:46.0921 0x034c RemoteAccess - ok
12:16:47.0015 0x034c [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:16:47.0031 0x034c RemoteRegistry - ok
12:16:47.0125 0x034c [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator C:\WINDOWS\system32\locator.exe
12:16:47.0140 0x034c RpcLocator - ok
12:16:47.0437 0x034c [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:16:47.0468 0x034c RpcSs - ok
12:16:47.0609 0x034c [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:16:47.0625 0x034c RSVP - ok
12:16:48.0562 0x034c [ 7DCC219C0D5634F87CE4D33EB1F6DADA, 9B58B4B19C3237E927DF24287CCBBA33ED1B7E895B8874964A49CA1F18CB190A ] RT80x86 C:\WINDOWS\system32\DRIVERS\RT2860.sys
12:16:48.0656 0x034c RT80x86 - ok
12:16:48.0734 0x034c [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs C:\WINDOWS\system32\lsass.exe
12:16:48.0734 0x034c SamSs - ok
12:16:48.0859 0x034c [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:16:48.0875 0x034c SCardSvr - ok
12:16:49.0062 0x034c [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:16:49.0078 0x034c Schedule - ok
12:16:49.0156 0x034c [ F34C06D1C706A6D9433570B087A18B02, 5A1B059458CD71FA9883C8E92F9300B86B79A6E6FBBC87431630DA43D1508319 ] Scutum50 C:\WINDOWS\system32\Drivers\Scutum50.sys
12:16:49.0156 0x034c Scutum50 - ok
12:16:49.0218 0x034c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:16:49.0218 0x034c Secdrv - ok
12:16:49.0296 0x034c [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon C:\WINDOWS\System32\seclogon.dll
12:16:49.0296 0x034c seclogon - ok
12:16:49.0359 0x034c [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS C:\WINDOWS\system32\sens.dll
12:16:49.0359 0x034c SENS - ok
12:16:49.0406 0x034c [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:16:49.0406 0x034c serenum - ok
12:16:49.0500 0x034c [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
12:16:49.0500 0x034c Serial - ok
12:16:49.0531 0x034c [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:16:49.0531 0x034c Sfloppy - ok
12:16:49.0781 0x034c [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:16:49.0812 0x034c SharedAccess - ok
12:16:49.0937 0x034c [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:16:49.0953 0x034c ShellHWDetection - ok
12:16:49.0968 0x034c Simbad - ok
12:16:50.0031 0x034c [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:16:50.0031 0x034c SLIP - ok
12:16:50.0062 0x034c Sparrow - ok
12:16:50.0109 0x034c [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:16:50.0109 0x034c splitter - ok
12:16:50.0218 0x034c [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:16:50.0218 0x034c Spooler - ok
12:16:50.0734 0x034c [ CDDDEC541BC3C96F91ECB48759673505, B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
12:16:50.0796 0x034c sptd - ok
12:16:50.0937 0x034c [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:16:50.0953 0x034c sr - ok
12:16:51.0109 0x034c [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice C:\WINDOWS\system32\srsvc.dll
12:16:51.0125 0x034c srservice - ok
12:16:51.0406 0x034c [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:16:51.0421 0x034c Srv - ok
12:16:51.0546 0x034c [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:16:51.0546 0x034c SSDPSRV - ok
12:16:51.0796 0x034c [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:16:51.0828 0x034c stisvc - ok
12:16:51.0890 0x034c [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:16:51.0890 0x034c streamip - ok
12:16:51.0953 0x034c [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:16:51.0953 0x034c swenum - ok
12:16:52.0046 0x034c [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:16:52.0046 0x034c swmidi - ok
12:16:52.0078 0x034c SwPrv - ok
12:16:52.0125 0x034c symc810 - ok
12:16:52.0140 0x034c symc8xx - ok
12:16:52.0171 0x034c sym_hi - ok
12:16:52.0203 0x034c sym_u3 - ok
12:16:52.0312 0x034c [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:16:52.0312 0x034c sysaudio - ok
12:16:52.0421 0x034c syshost32 - ok
12:16:52.0531 0x034c [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:16:52.0546 0x034c SysmonLog - ok
12:16:52.0609 0x034c [ E930A912C441B14E12DD744E726ED4CE, CB2501082EDD19EF07B6EE6D8F00DFD2D42A2286CFC18CEA986E19A40CDF98A5 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
12:16:52.0625 0x034c tap0901 - ok
12:16:52.0828 0x034c [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:16:52.0843 0x034c TapiSrv - ok
12:16:53.0156 0x034c [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:16:53.0187 0x034c Tcpip - ok
12:16:53.0234 0x034c [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:16:53.0250 0x034c TDPIPE - ok
12:16:53.0281 0x034c [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:16:53.0296 0x034c TDTCP - ok
12:16:53.0359 0x034c [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:16:53.0359 0x034c TermDD - ok
12:16:53.0593 0x034c [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService C:\WINDOWS\System32\termsrv.dll
12:16:53.0609 0x034c TermService - ok
12:16:53.0734 0x034c [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:16:53.0750 0x034c Themes - ok
12:16:53.0843 0x034c [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:16:53.0859 0x034c TlntSvr - ok
12:16:53.0875 0x034c TosIde - ok
12:16:53.0984 0x034c [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:16:54.0000 0x034c TrkWks - ok
12:16:54.0109 0x034c [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:16:54.0109 0x034c Udfs - ok
12:16:54.0125 0x034c ultra - ok
12:16:54.0421 0x034c [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:16:54.0453 0x034c Update - ok
12:16:54.0625 0x034c [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:16:54.0640 0x034c upnphost - ok
12:16:54.0687 0x034c [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS C:\WINDOWS\System32\ups.exe
12:16:54.0703 0x034c UPS - ok
12:16:54.0750 0x034c [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:16:54.0750 0x034c usbccgp - ok
12:16:54.0843 0x034c [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:16:54.0875 0x034c usbehci - ok
12:16:54.0984 0x034c [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:16:55.0000 0x034c usbhub - ok
12:16:55.0062 0x034c [ 84C44D720655A8AA475E57A9E764D675, 2D450199338A217FBD951317812A74223E8B477974C7634667E8896316C3FEA0 ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys
12:16:55.0062 0x034c usbser - ok
12:16:55.0125 0x034c [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:16:55.0125 0x034c usbstor - ok
12:16:55.0187 0x034c [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:16:55.0187 0x034c usbuhci - ok
12:16:55.0328 0x034c [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
12:16:55.0328 0x034c usbvideo - ok
12:16:55.0390 0x034c [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:16:55.0390 0x034c VgaSave - ok
12:16:55.0421 0x034c ViaIde - ok
12:16:55.0500 0x034c [ A8087593A397B43BE57F4CD3AA11E81F, 6AF0EBFD9291B24975B7E2BD6C16EA2276D9495C7742243344797BB17683719B ] vnet C:\WINDOWS\system32\DRIVERS\virtualnet.sys
12:16:55.0500 0x034c vnet - ok
12:16:55.0562 0x034c [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:16:55.0578 0x034c VolSnap - ok
12:16:55.0593 0x034c vpnva - ok
12:16:55.0859 0x034c [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS C:\WINDOWS\System32\vssvc.exe
12:16:55.0875 0x034c VSS - ok
12:16:56.0062 0x034c [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time C:\WINDOWS\system32\w32time.dll
12:16:56.0078 0x034c W32Time - ok
12:16:56.0140 0x034c [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:16:56.0140 0x034c Wanarp - ok
12:16:56.0265 0x034c [ DC7F91B2ED24A738C807EA07F298928C, A4DCE890B7CC550B0DD3D7D4CDE01623B64C5688953CE386D9602CD542B261C9 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
12:16:56.0281 0x034c wceusbsh - ok
12:16:56.0296 0x034c WDICA - ok
12:16:56.0406 0x034c [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:16:56.0406 0x034c wdmaud - ok
12:16:56.0484 0x034c [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient C:\WINDOWS\System32\webclnt.dll
12:16:56.0500 0x034c WebClient - ok
12:16:56.0718 0x034c [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:16:56.0734 0x034c winmgmt - ok
12:16:56.0875 0x034c [ 6E18978B749F0696A774DE3F2CB142DD, 4BBE31A78F6CF474A4CFDBB7C365DE058247F8BFA21F7E563111E84D8937BC26 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
12:16:56.0937 0x034c WmdmPmSN - ok
12:16:57.0453 0x034c [ FFA4D901D46D07A5BAB2D8307FBB51A6, 53C6D04D111EDF774C7F7EEB8D032B372E6244774D56B1B34CF1236027EC9450 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:16:57.0500 0x034c Wmi - ok
12:16:57.0703 0x034c [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:16:57.0718 0x034c WmiApSrv - ok
12:16:57.0843 0x034c [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:16:57.0859 0x034c wscsvc - ok
12:16:57.0906 0x034c [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:16:57.0921 0x034c WSTCODEC - ok
12:16:57.0968 0x034c [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:16:57.0984 0x034c wuauserv - ok
12:16:58.0328 0x034c [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:16:58.0359 0x034c WZCSVC - ok
12:16:58.0484 0x034c [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:16:58.0500 0x034c xmlprov - ok
12:16:58.0578 0x034c ================ Scan global ===============================
12:16:58.0687 0x034c [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] C:\WINDOWS\system32\basesrv.dll
12:16:58.0906 0x034c [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
12:16:59.0140 0x034c [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
12:16:59.0250 0x034c [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] C:\WINDOWS\system32\services.exe
12:16:59.0265 0x034c [ Global ] - ok
12:16:59.0265 0x034c ================ Scan MBR ==================================
12:16:59.0328 0x034c [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
12:16:59.0718 0x034c \Device\Harddisk0\DR0 - ok
12:16:59.0718 0x034c ================ Scan VBR ==================================
12:16:59.0750 0x034c [ 4245CEA1EB3D659C1B14657ADD2B60D1 ] \Device\Harddisk0\DR0\Partition1
12:16:59.0765 0x034c \Device\Harddisk0\DR0\Partition1 - ok
12:16:59.0765 0x034c ================ Scan generic autorun ======================
12:17:10.0890 0x034c [ 61176ADAE8FD9DF0A8F1BF88D046CB93, 45AA62402B314CEF6481CFB713616127E3F68250E6A86BBA76EE942B8828E5AD ] C:\WINDOWS\RTHDCPL.EXE
12:17:12.0125 0x034c RTHDCPL - ok
12:17:12.0250 0x034c [ 0D034E8C4F88C5B2B0C1AF3CF438CC4F, F44F9A6BBA0AE6D350F98CDBF2D5B09D56D9B1CF46F4CB9F50566232B32F8BAE ] C:\WINDOWS\SOUNDMAN.EXE
12:17:12.0265 0x034c SoundMan - ok
12:17:14.0187 0x034c [ EC05E964058693D1F71D1B5506B5CF09, B1E126AA040800FEC99CAE2C675A225183D50A6F3D24262051A5FB5D96E61012 ] C:\WINDOWS\ALCWZRD.EXE
12:17:14.0390 0x034c AlcWzrd - ok
12:17:14.0500 0x034c [ 5490BD0896299C6FCB1AC0040742B2A7, 12938ACC18B257C9293FA278A59E5DEF56021F29A93D700B38DEEF92EC2D3B68 ] C:\Programme\EeePC\ACPI\AsTray.exe
12:17:14.0500 0x034c AsusTray - ok
12:17:14.0921 0x034c [ 25BB2C4C7D4709855BF8BB66E499941B, 003E2496D5C14469650CFA75F84B9394E2B34C2E3DD7E3F7E6B1E8C4079BD91C ] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe
12:17:14.0968 0x034c AsusACPIServer - ok
12:17:15.0062 0x034c [ 2D3A4F1B70420B367763AB14F9E9510F, 6301BC932A12403AC64ADB3C0A45A492499AD3AD12729329891BD4BA3E322518 ] C:\Programme\EeePC\ACPI\AsEPCMon.exe
12:17:15.0062 0x034c AsusEPCMonitor - ok
12:17:15.0375 0x034c [ DD3F9185387C4392D59A11673B84A67B, C1B85748C8286488887261D2F2523392DDFCE31C4D8788B15473E973B1959987 ] C:\Programme\Elantech\ETDCtrl.exe
12:17:15.0406 0x034c ETDWare - ok
12:17:15.0656 0x034c [ 7BBE4CF421AECC7F0226EDD75F12079F, 8E78FC5E0657DB066F9EBAADEA9AFECB1AAA570DD9C08C7ED42116704D2E379D ] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
12:17:15.0671 0x034c IMJPMIG8.1 - ok
12:17:15.0765 0x034c [ 1B17E09C1223F6D17336D2DD7A1AF4F4, 06DFAD95007532CCF46D593EEDC2474936614AEDCEA7BF983E36DAD22F850B08 ] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
12:17:15.0781 0x034c MSPY2002 - ok
12:17:16.0109 0x034c [ 024DC0F68DF5FD6AE9DD82DFBAF479D6, FDBF0FD05CFB757C704B22703DF23E05207F14877A4EF52E3032012B6FD0C4E0 ] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
12:17:16.0156 0x034c PHIME2002ASync - ok
12:17:16.0468 0x034c [ 024DC0F68DF5FD6AE9DD82DFBAF479D6, FDBF0FD05CFB757C704B22703DF23E05207F14877A4EF52E3032012B6FD0C4E0 ] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
12:17:16.0515 0x034c PHIME2002A - ok
12:17:16.0625 0x034c [ 4F0BED169FAB31EA094A649B0473B5C6, 492516BEA51D0A793F055EB789DC0A07477A78FAC6321C0AAB9BEF72EE7FCC80 ] C:\WINDOWS\system32\igfxtray.exe
12:17:16.0640 0x034c IgfxTray - ok
12:17:16.0781 0x034c [ 8B0DE4B972DB725FB9D591E69CD236FB, DF84C7DAE087772C4AAF8D13B48F9BE1E6BC31869DE6BD9642B598C0DF660F12 ] C:\WINDOWS\system32\hkcmd.exe
12:17:16.0781 0x034c HotKeysCmds - ok
12:17:16.0906 0x034c [ CC632EB3A7D106464E933E7D53883550, F1378C5AD859296A73BF23F3AB1765D5BD4EFB856E011A7A8676BE793BBC29B5 ] C:\WINDOWS\system32\igfxpers.exe
12:17:16.0921 0x034c Persistence - ok
12:17:17.0171 0x034c [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
12:17:17.0187 0x034c SunJavaUpdateSched - ok
12:17:17.0359 0x034c [ 4DA2F2DA54A92850F56C0DB712058188, 9FB9BD1D9874DD64A627FFBE7B54B753D5496425BB595A112D0E17601A5E86A0 ] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe
12:17:17.0359 0x034c Malwarebytes Anti-Malware (cleanup) - ok
12:17:17.0359 0x034c {F79B4AEA-120D-4808-9376-FB23F64217F1} - ok
12:17:17.0421 0x034c [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
12:17:17.0421 0x034c CTFMON.EXE - ok
12:17:17.0453 0x034c [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
12:17:17.0468 0x034c CTFMON.EXE - ok
12:17:17.0500 0x034c [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\ctfmon.exe
12:17:17.0500 0x034c CTFMON.EXE - ok
12:17:17.0796 0x034c [ F34E7705751BB413283434697BF8E55D, BDF8B29A56C51439BEB9B4C3576341BBE3EE80582063AD602AB77D19A0630C35 ] C:\Programme\DAEMON Tools Lite\DTLite.exe
12:17:17.0828 0x034c DAEMON Tools Lite - ok
12:17:18.0484 0x034c [ 98EBAF30AE3B607B916F0773456B075A, 7A7FF445E6075999BCEAA6B045435D5318C02E27BF2BEBBFE966E7A5451FAAB8 ] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe
12:17:18.0546 0x034c FlashPlayerUpdate - ok
12:17:18.0625 0x034c ============================================================
12:17:18.0625 0x034c Scan finished
12:17:18.0625 0x034c ============================================================
12:17:18.0656 0x022c Detected object count: 1
12:17:18.0656 0x022c Actual detected object count: 1
12:17:52.0015 0x022c C:\WINDOWS\System32\Drivers\6cb4f0b1c715c25e.sys - copied to quarantine
12:17:52.0015 0x022c HKLM\SYSTEM\ControlSet001\services\6cb4f0b1c715c25e - will be deleted on reboot
12:17:52.0046 0x022c C:\WINDOWS\System32\Drivers\6cb4f0b1c715c25e.sys - will be deleted on reboot
12:17:52.0046 0x022c 6cb4f0b1c715c25e ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
12:17:53.0671 0x022c KLMD registered as C:\WINDOWS\system32\drivers\56335391.sys
12:18:33.0484 0x0168 Deinitialize success
|
|
21.09.2014, 12:01
| #8 |
| | syshost.exe trojaner/rootkit und nochmal im normalen Code:
ATTFilter 12:20:11.0000 0x0944 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
12:20:11.0015 0x0944 ============================================================
12:20:11.0015 0x0944 Current date / time: 2014/09/21 12:20:11.0015
12:20:11.0015 0x0944 SystemInfo:
12:20:11.0015 0x0944
12:20:11.0015 0x0944 OS Version: 5.1.2600 ServicePack: 3.0
12:20:11.0015 0x0944 Product type: Workstation
12:20:11.0015 0x0944 ComputerName: EEE-PC
12:20:11.0031 0x0944 UserName: Administrator
12:20:11.0031 0x0944 Windows directory: C:\WINDOWS
12:20:11.0031 0x0944 System windows directory: C:\WINDOWS
12:20:11.0031 0x0944 Processor architecture: Intel x86
12:20:11.0031 0x0944 Number of processors: 2
12:20:11.0031 0x0944 Page size: 0x1000
12:20:11.0031 0x0944 Boot type: Normal boot
12:20:11.0031 0x0944 ============================================================
12:20:11.0031 0x0944 BG loaded
12:20:17.0578 0x0944 System UUID: {86D107B0-7E38-3615-BAD1-DDFD9EE692D5}
12:20:21.0718 0x0944 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
12:20:21.0750 0x0944 ============================================================
12:20:21.0750 0x0944 \Device\Harddisk0\DR0:
12:20:21.0750 0x0944 MBR partitions:
12:20:21.0750 0x0944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
12:20:21.0750 0x0944 ============================================================
12:20:21.0796 0x0944 C: <-> \Device\Harddisk0\DR0\Partition1
12:20:21.0812 0x0944 ============================================================
12:20:21.0812 0x0944 Initialize success
12:20:21.0812 0x0944 ============================================================
12:20:42.0046 0x0ab4 ============================================================
12:20:42.0046 0x0ab4 Scan started
12:20:42.0046 0x0ab4 Mode: Manual;
12:20:42.0046 0x0ab4 ============================================================
12:20:42.0046 0x0ab4 KSN ping started
12:20:42.0500 0x0ab4 KSN ping finished: false
12:20:43.0500 0x0ab4 ================ Scan system memory ========================
12:20:47.0203 0x0ab4 System memory - ok
12:20:47.0203 0x0ab4 ================ Scan services =============================
12:20:47.0484 0x0ab4 Abiosdsk - ok
12:20:47.0500 0x0ab4 abp480n5 - ok
12:20:47.0578 0x0ab4 [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:20:47.0609 0x0ab4 ACPI - ok
12:20:47.0890 0x0ab4 [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:20:47.0890 0x0ab4 ACPIEC - ok
12:20:47.0921 0x0ab4 adpu160m - ok
12:20:48.0000 0x0ab4 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:20:48.0015 0x0ab4 aec - ok
12:20:48.0078 0x0ab4 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:20:48.0093 0x0ab4 AFD - ok
12:20:48.0109 0x0ab4 Aha154x - ok
12:20:48.0125 0x0ab4 aic78u2 - ok
12:20:48.0140 0x0ab4 aic78xx - ok
12:20:48.0187 0x0ab4 [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:20:48.0203 0x0ab4 Alerter - ok
12:20:48.0234 0x0ab4 [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG C:\WINDOWS\System32\alg.exe
12:20:48.0234 0x0ab4 ALG - ok
12:20:48.0250 0x0ab4 AliIde - ok
12:20:48.0265 0x0ab4 amsint - ok
12:20:48.0343 0x0ab4 [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:20:48.0359 0x0ab4 AppMgmt - ok
12:20:48.0375 0x0ab4 asc - ok
12:20:48.0390 0x0ab4 asc3350p - ok
12:20:48.0406 0x0ab4 asc3550 - ok
12:20:48.0515 0x0ab4 aspnet_state - ok
12:20:48.0562 0x0ab4 [ 12415A4B61DED200FE9932B47A35FA42, EA9D32CCD98990F6F20412F919B0477D63771E631755CC593E2CD9B8D70A8E25 ] AsusACPI C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
12:20:48.0562 0x0ab4 AsusACPI - ok
12:20:48.0609 0x0ab4 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:20:48.0609 0x0ab4 AsyncMac - ok
12:20:48.0656 0x0ab4 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:20:48.0656 0x0ab4 atapi - ok
12:20:48.0671 0x0ab4 Atdisk - ok
12:20:48.0703 0x0ab4 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:20:48.0718 0x0ab4 Atmarpc - ok
12:20:48.0765 0x0ab4 [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:20:48.0765 0x0ab4 AudioSrv - ok
12:20:48.0812 0x0ab4 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:20:48.0812 0x0ab4 audstub - ok
12:20:48.0875 0x0ab4 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:20:48.0875 0x0ab4 Beep - ok
12:20:48.0984 0x0ab4 [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS C:\WINDOWS\system32\qmgr.dll
12:20:49.0203 0x0ab4 BITS - ok
12:20:49.0265 0x0ab4 [ F934D1B230F84E1D19DD00AC5A7A83ED, 32CD3A7A1F06DCCE2A4D9FA6E2AE7B3E2B57FA2D5F1C74EA79D72E5E0E352E60 ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
12:20:49.0296 0x0ab4 Bridge - ok
12:20:49.0312 0x0ab4 [ F934D1B230F84E1D19DD00AC5A7A83ED, 32CD3A7A1F06DCCE2A4D9FA6E2AE7B3E2B57FA2D5F1C74EA79D72E5E0E352E60 ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
12:20:49.0312 0x0ab4 BridgeMP - ok
12:20:49.0375 0x0ab4 [ B71549F23736ADF83A571061C47777FD, A1D0320736EE777030A543DCA086367EB5A5B6F95088B9C22D8E09326C3A39A9 ] Browser C:\WINDOWS\System32\browser.dll
12:20:49.0375 0x0ab4 Browser - ok
12:20:49.0546 0x0ab4 [ B6E16DA77EAFE84A8C5BC44784FEEAEA, 5E891966A09ACFB6DAA5E9468F8FEA9814F921FA1C15CF9F5487D730295BDA5D ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
12:20:49.0796 0x0ab4 btaudio - ok
12:20:49.0921 0x0ab4 [ 58A49BD10E08D3D4333A60DEDCB1CED8, 2110462BDD51BCEB661C089376E60E5ECE5F5908CF80A09035190529C9F306A4 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
12:20:49.0921 0x0ab4 BTDriver - ok
12:20:50.0093 0x0ab4 [ EF5E0DE0A7CA2977A9255F36F4D915AB, ECF2445200CDF6379ABE0BDA0CDDC4D9FF94CC34D652AD536E34C1AEB576B710 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
12:20:50.0140 0x0ab4 BTKRNL - ok
12:20:50.0468 0x0ab4 [ FAC8968CE8EFBC0E418FC978A1F174D9, EAA53AA5C5CCF4DC0A84CBADE48F7732C8682F2B374A4ADCD97766AC54AF2D14 ] btwdins C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
12:20:50.0484 0x0ab4 btwdins - ok
12:20:50.0546 0x0ab4 [ 80F61DE965C116051614AC2F04222FF7, 010201E19B96DA3937C168051205728AF47FA96C89D1553F1F67739227B086E5 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
12:20:50.0562 0x0ab4 BTWDNDIS - ok
12:20:50.0593 0x0ab4 [ E48668B4A6A5CF68B33AECAD18EE8E1E, CC190DCED4B71FDCC113E90B4FCAC4975830C6C86C04F9CDDF2C4E9F2661AA30 ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
12:20:50.0609 0x0ab4 btwhid - ok
12:20:50.0640 0x0ab4 [ 8BCD7BFE9C70A8FF7444263435B18AA1, CD260090E88D75C5F277403075FA43BA71166E9C65B9ECD3E2D767E67D92374D ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
12:20:50.0656 0x0ab4 btwmodem - ok
12:20:50.0718 0x0ab4 [ 053DC5BE74621B63BB48C2B86BAFC7B0, 0BF9810CBB7D94DE00A2153DCF0649BC0A27CDBAF76412E61696083C54189778 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
12:20:50.0750 0x0ab4 BTWUSB - ok
12:20:50.0812 0x0ab4 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:20:50.0812 0x0ab4 cbidf2k - ok
12:20:50.0906 0x0ab4 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:20:50.0921 0x0ab4 CCDECODE - ok
12:20:50.0937 0x0ab4 cd20xrnt - ok
12:20:50.0968 0x0ab4 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:20:50.0968 0x0ab4 Cdaudio - ok
12:20:51.0046 0x0ab4 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:20:51.0062 0x0ab4 Cdfs - ok
12:20:51.0109 0x0ab4 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:20:51.0125 0x0ab4 Cdrom - ok
12:20:51.0125 0x0ab4 Changer - ok
12:20:51.0156 0x0ab4 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:20:51.0156 0x0ab4 CiSvc - ok
12:20:51.0234 0x0ab4 [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:20:51.0250 0x0ab4 ClipSrv - ok
12:20:51.0296 0x0ab4 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:20:51.0296 0x0ab4 CmBatt - ok
12:20:51.0312 0x0ab4 CmdIde - ok
12:20:51.0343 0x0ab4 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:20:51.0375 0x0ab4 Compbatt - ok
12:20:51.0390 0x0ab4 COMSysApp - ok
12:20:51.0421 0x0ab4 Cpqarray - ok
12:20:51.0484 0x0ab4 [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:20:51.0500 0x0ab4 CryptSvc - ok
12:20:51.0500 0x0ab4 dac2w2k - ok
12:20:51.0515 0x0ab4 dac960nt - ok
12:20:51.0687 0x0ab4 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:20:51.0718 0x0ab4 DcomLaunch - ok
12:20:51.0796 0x0ab4 [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:20:51.0812 0x0ab4 Dhcp - ok
12:20:51.0875 0x0ab4 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:20:51.0890 0x0ab4 Disk - ok
12:20:51.0906 0x0ab4 dmadmin - ok
12:20:52.0156 0x0ab4 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:20:52.0562 0x0ab4 dmboot - ok
12:20:52.0656 0x0ab4 [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:20:52.0781 0x0ab4 dmio - ok
12:20:52.0843 0x0ab4 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:20:52.0843 0x0ab4 dmload - ok
12:20:52.0875 0x0ab4 [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:20:52.0890 0x0ab4 dmserver - ok
12:20:52.0968 0x0ab4 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:20:52.0984 0x0ab4 DMusic - ok
12:20:53.0046 0x0ab4 [ 407F3227AC618FD1CA54B335B083DE07, 96B8E734648FE9A4EBA59C096C8779BD1A11A93A6303AFD438A406C8122D36C6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:20:53.0046 0x0ab4 Dnscache - ok
12:20:53.0109 0x0ab4 [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:20:53.0156 0x0ab4 Dot3svc - ok
12:20:53.0156 0x0ab4 dpti2o - ok
12:20:53.0218 0x0ab4 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:20:53.0218 0x0ab4 drmkaud - ok
12:20:53.0265 0x0ab4 [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:20:53.0296 0x0ab4 EapHost - ok
12:20:53.0343 0x0ab4 [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:20:53.0359 0x0ab4 ERSvc - ok
12:20:53.0421 0x0ab4 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] Eventlog C:\WINDOWS\system32\services.exe
12:20:53.0421 0x0ab4 Eventlog - ok
12:20:53.0562 0x0ab4 [ AF4F6B5739D18CA7972AB53E091CBC74, A399E2CC026730D3A429727AAB48093B9F1E5DD8EB6336519C7F16182FDB3905 ] EventSystem C:\WINDOWS\system32\es.dll
12:20:53.0593 0x0ab4 EventSystem - ok
12:20:53.0703 0x0ab4 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:20:53.0734 0x0ab4 Fastfat - ok
12:20:53.0843 0x0ab4 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:20:53.0859 0x0ab4 FastUserSwitchingCompatibility - ok
12:20:53.0968 0x0ab4 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:20:53.0984 0x0ab4 Fdc - ok
12:20:54.0046 0x0ab4 [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:20:54.0046 0x0ab4 Fips - ok
12:20:54.0078 0x0ab4 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:20:54.0093 0x0ab4 Flpydisk - ok
12:20:54.0187 0x0ab4 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:20:54.0250 0x0ab4 FltMgr - ok
12:20:54.0328 0x0ab4 [ 1F943241F4963CD51E5F61C93D3F45C7, 79762E040ABB6D22921150F9987F9FD999EE2CAA7D1BFB2EC6482A1BFE1F907E ] FsVga C:\WINDOWS\system32\DRIVERS\fsvga.sys
12:20:54.0328 0x0ab4 FsVga - ok
12:20:54.0359 0x0ab4 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:20:54.0359 0x0ab4 Fs_Rec - ok
12:20:54.0406 0x0ab4 [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:20:54.0437 0x0ab4 Ftdisk - ok
12:20:54.0500 0x0ab4 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:20:54.0500 0x0ab4 Gpc - ok
12:20:54.0578 0x0ab4 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:20:54.0593 0x0ab4 HDAudBus - ok
12:20:54.0781 0x0ab4 [ 9AE4747663A6C62F6FFE0B991A0F531A, 1D92011CDD97AB6DFDB71F72FB79A6332B4F2BFDE92AAC874982E6B33F557CBE ] HDD & SSD access service C:\Programme\Gemeinsame Dateien\BinarySense\disksvc.exe
12:20:54.0796 0x0ab4 HDD & SSD access service - ok
12:20:54.0937 0x0ab4 [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:20:54.0937 0x0ab4 helpsvc - ok
12:20:55.0015 0x0ab4 [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:20:55.0015 0x0ab4 HidServ - ok
12:20:55.0078 0x0ab4 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:20:55.0093 0x0ab4 HidUsb - ok
12:20:55.0140 0x0ab4 [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:20:55.0156 0x0ab4 hkmsvc - ok
12:20:55.0171 0x0ab4 hpn - ok
12:20:55.0281 0x0ab4 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:20:55.0312 0x0ab4 HTTP - ok
12:20:55.0359 0x0ab4 [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:20:55.0375 0x0ab4 HTTPFilter - ok
12:20:55.0390 0x0ab4 i2omgmt - ok
12:20:55.0406 0x0ab4 i2omp - ok
12:20:55.0468 0x0ab4 [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:20:55.0468 0x0ab4 i8042prt - ok
12:20:57.0562 0x0ab4 [ 0F68E2EC713F132FFB19E45415B09679, B1439A5D157F9FF54E803581D2B86411DB079242D837617021A4A0BC195E67BB ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:20:57.0843 0x0ab4 ialm - ok
12:20:58.0203 0x0ab4 iked - ok
12:20:58.0250 0x0ab4 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:20:58.0250 0x0ab4 Imapi - ok
12:20:58.0343 0x0ab4 [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:20:58.0453 0x0ab4 ImapiService - ok
12:20:58.0468 0x0ab4 ini910u - ok
12:20:59.0781 0x0ab4 [ 45FFC97A47248550E799DA5EB5DCA6A1, 7AB9D6CBB3C614F23B69031D500483450F3710FBB2C7C6FF62A6F492B7810235 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:21:00.0109 0x0ab4 IntcAzAudAddService - ok
12:21:00.0140 0x0ab4 IntelIde - ok
12:21:00.0203 0x0ab4 [ 4C7D2750158ED6E7AD642D97BFFAE351, C05E4799752F090DCB632F07F62ADE38D31534621064D269AD535CA0BDFED448 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:21:00.0203 0x0ab4 intelppm - ok
12:21:00.0234 0x0ab4 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:21:00.0250 0x0ab4 Ip6Fw - ok
12:21:00.0296 0x0ab4 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:21:00.0312 0x0ab4 IpFilterDriver - ok
12:21:00.0343 0x0ab4 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:21:00.0359 0x0ab4 IpInIp - ok
12:21:00.0421 0x0ab4 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:21:00.0437 0x0ab4 IpNat - ok
12:21:00.0531 0x0ab4 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:21:00.0531 0x0ab4 IPSec - ok
12:21:00.0546 0x0ab4 ipsecd - ok
12:21:00.0625 0x0ab4 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:21:00.0625 0x0ab4 IRENUM - ok
12:21:00.0687 0x0ab4 [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:21:00.0718 0x0ab4 isapnp - ok
12:21:01.0203 0x0ab4 [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
12:21:01.0218 0x0ab4 JavaQuickStarterService - ok
12:21:01.0312 0x0ab4 [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:21:01.0312 0x0ab4 Kbdclass - ok
12:21:01.0390 0x0ab4 [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:21:01.0390 0x0ab4 kbdhid - ok
12:21:01.0437 0x0ab4 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:21:01.0468 0x0ab4 kmixer - ok
12:21:01.0531 0x0ab4 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:21:01.0546 0x0ab4 KSecDD - ok
12:21:01.0625 0x0ab4 [ 85B6D85C044E3DF77E92B5A7B265008F, 1068FE42D23BA26DAF73EF2BAAD19ED9B3781F7BB89799C28EEE2F13A766807B ] Ktp C:\WINDOWS\system32\DRIVERS\ETD.sys
12:21:01.0625 0x0ab4 Ktp - ok
12:21:01.0671 0x0ab4 [ 303627228DD739D98289679901A38C8F, 2E2C249CDD0C1D04EF4EC03DD5EF1984DD74FC66253BBDA553FB30FAA8173F60 ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
12:21:01.0687 0x0ab4 L1e - ok
12:21:01.0765 0x0ab4 [ 2BBDCB79900990F0716DFCB714E72DE7, 6283789201164A9254632D9A3C8A54FE697717D5F8D5A37804D924DC2B70C8E3 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:21:01.0765 0x0ab4 LanmanServer - ok
12:21:01.0921 0x0ab4 [ 1869B14B06B44B44AF70548E1EA3303F, 4D63B4DAF580C86F86837C7D1753E2105B4C52E26D4CA0CAAFE83755EFF7AFBE ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:21:01.0937 0x0ab4 lanmanworkstation - ok
12:21:01.0953 0x0ab4 lbrtfdc - ok
12:21:02.0078 0x0ab4 [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:21:02.0078 0x0ab4 LmHosts - ok
12:21:02.0125 0x0ab4 [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:21:02.0140 0x0ab4 Messenger - ok
12:21:02.0328 0x0ab4 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:21:02.0328 0x0ab4 mnmdd - ok
12:21:02.0406 0x0ab4 [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:21:02.0453 0x0ab4 mnmsrvc - ok
12:21:02.0484 0x0ab4 [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:21:02.0515 0x0ab4 Modem - ok
12:21:02.0562 0x0ab4 [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:21:02.0562 0x0ab4 Mouclass - ok
12:21:02.0625 0x0ab4 [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:21:02.0656 0x0ab4 mouhid - ok
12:21:02.0703 0x0ab4 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:21:02.0750 0x0ab4 MountMgr - ok
12:21:02.0765 0x0ab4 mraid35x - ok
12:21:02.0890 0x0ab4 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:21:02.0906 0x0ab4 MRxDAV - ok
12:21:03.0218 0x0ab4 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:21:03.0265 0x0ab4 MRxSmb - ok
12:21:03.0312 0x0ab4 [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:21:03.0343 0x0ab4 MSDTC - ok
12:21:03.0390 0x0ab4 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:21:03.0390 0x0ab4 Msfs - ok
12:21:03.0406 0x0ab4 MSIServer - ok
12:21:03.0437 0x0ab4 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:21:03.0437 0x0ab4 MSKSSRV - ok
12:21:03.0515 0x0ab4 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:21:03.0562 0x0ab4 MSPCLOCK - ok
12:21:03.0625 0x0ab4 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:21:03.0640 0x0ab4 MSPQM - ok
12:21:03.0703 0x0ab4 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:21:03.0703 0x0ab4 mssmbios - ok
12:21:03.0781 0x0ab4 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:21:03.0812 0x0ab4 MSTEE - ok
12:21:03.0890 0x0ab4 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:21:03.0906 0x0ab4 Mup - ok
12:21:04.0000 0x0ab4 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:21:04.0015 0x0ab4 NABTSFEC - ok
12:21:04.0187 0x0ab4 [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:21:04.0234 0x0ab4 napagent - ok
12:21:04.0281 0x0ab4 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:21:04.0296 0x0ab4 NDIS - ok
12:21:04.0343 0x0ab4 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:21:04.0359 0x0ab4 NdisIP - ok
12:21:04.0453 0x0ab4 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:21:04.0453 0x0ab4 NdisTapi - ok
12:21:04.0656 0x0ab4 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:21:04.0687 0x0ab4 Ndisuio - ok
12:21:04.0750 0x0ab4 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:21:04.0765 0x0ab4 NdisWan - ok
12:21:04.0812 0x0ab4 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:21:04.0828 0x0ab4 NDProxy - ok
12:21:04.0859 0x0ab4 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:21:04.0875 0x0ab4 NetBIOS - ok
12:21:04.0921 0x0ab4 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:21:04.0937 0x0ab4 NetBT - ok
12:21:05.0000 0x0ab4 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE C:\WINDOWS\system32\netdde.exe
12:21:05.0015 0x0ab4 NetDDE - ok
12:21:05.0031 0x0ab4 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:21:05.0046 0x0ab4 NetDDEdsdm - ok
12:21:05.0125 0x0ab4 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:21:05.0125 0x0ab4 Netlogon - ok
12:21:05.0171 0x0ab4 [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman C:\WINDOWS\System32\netman.dll
12:21:05.0187 0x0ab4 Netman - ok
12:21:05.0281 0x0ab4 [ F1B67B6B0751AE0E6E964B02821206A3, 3D5A7593ABDEE2047C5738671C85DC8B95A4ECF58D5D7B04EEE13A689839A540 ] Nla C:\WINDOWS\System32\mswsock.dll
12:21:05.0296 0x0ab4 Nla - ok
12:21:05.0328 0x0ab4 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:21:05.0328 0x0ab4 Npfs - ok
12:21:05.0453 0x0ab4 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:21:05.0531 0x0ab4 Ntfs - ok
12:21:05.0562 0x0ab4 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:21:05.0562 0x0ab4 NtLmSsp - ok
12:21:05.0625 0x0ab4 [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:21:05.0656 0x0ab4 NtmsSvc - ok
12:21:05.0687 0x0ab4 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
12:21:05.0687 0x0ab4 Null - ok
12:21:05.0734 0x0ab4 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:21:05.0734 0x0ab4 NwlnkFlt - ok
12:21:05.0765 0x0ab4 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:21:05.0781 0x0ab4 NwlnkFwd - ok
12:21:05.0828 0x0ab4 [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:21:05.0828 0x0ab4 Parport - ok
12:21:05.0875 0x0ab4 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:21:05.0875 0x0ab4 PartMgr - ok
12:21:05.0921 0x0ab4 [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:21:05.0921 0x0ab4 ParVdm - ok
12:21:05.0968 0x0ab4 [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:21:05.0984 0x0ab4 PCI - ok
12:21:06.0000 0x0ab4 PCIDump - ok
12:21:06.0015 0x0ab4 [ 59BA86D9A61CBCF4DF8E598C331F5B82, 822D11C5CE77BFD7B2F25350CCBF92B0B9388EEA6D86ED220B768C720976D839 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:21:06.0015 0x0ab4 PCIIde - ok
12:21:06.0062 0x0ab4 [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:21:06.0078 0x0ab4 Pcmcia - ok
12:21:06.0093 0x0ab4 PDCOMP - ok
12:21:06.0109 0x0ab4 PDFRAME - ok
12:21:06.0109 0x0ab4 PDRELI - ok
12:21:06.0125 0x0ab4 PDRFRAME - ok
12:21:06.0140 0x0ab4 perc2 - ok
12:21:06.0156 0x0ab4 perc2hib - ok
12:21:06.0250 0x0ab4 [ F5ED2F15364B1F58C8B392F43167058F, 62B6DD86708AA2A9FC183C3493C93AAC024E58C36837D095E18DD871F0291079 ] pflt C:\WINDOWS\system32\DRIVERS\vfilter.sys
12:21:06.0250 0x0ab4 pflt - ok
12:21:06.0281 0x0ab4 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] PlugPlay C:\WINDOWS\system32\services.exe
12:21:06.0281 0x0ab4 PlugPlay - ok
12:21:06.0296 0x0ab4 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:21:06.0296 0x0ab4 PolicyAgent - ok
12:21:06.0312 0x0ab4 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:21:06.0328 0x0ab4 PptpMiniport - ok
12:21:06.0343 0x0ab4 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:21:06.0343 0x0ab4 ProtectedStorage - ok
12:21:06.0359 0x0ab4 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:21:06.0359 0x0ab4 PSched - ok
12:21:06.0375 0x0ab4 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:21:06.0375 0x0ab4 Ptilink - ok
12:21:06.0390 0x0ab4 ql1080 - ok
12:21:06.0406 0x0ab4 Ql10wnt - ok
12:21:06.0421 0x0ab4 ql12160 - ok
12:21:06.0437 0x0ab4 ql1240 - ok
12:21:06.0453 0x0ab4 ql1280 - ok
12:21:06.0578 0x0ab4 [ 720FEA3AAA15FE7E0BEAB10AC2E6D2B0, E1E6A79751B7CAA86F4C7F9DD2A835D5C30FBD433644F916B8E54CD8105D00D2 ] RalinkRegistryWriter C:\Programme\RALINK\Common\RaRegistry.exe
12:21:06.0593 0x0ab4 RalinkRegistryWriter - ok
12:21:06.0609 0x0ab4 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:21:06.0609 0x0ab4 RasAcd - ok
12:21:06.0656 0x0ab4 [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:21:06.0671 0x0ab4 RasAuto - ok
12:21:06.0703 0x0ab4 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:21:06.0703 0x0ab4 Rasl2tp - ok
12:21:06.0750 0x0ab4 [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:21:06.0765 0x0ab4 RasMan - ok
12:21:06.0781 0x0ab4 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:21:06.0781 0x0ab4 RasPppoe - ok
12:21:06.0796 0x0ab4 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:21:06.0796 0x0ab4 Raspti - ok
12:21:06.0828 0x0ab4 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:21:06.0843 0x0ab4 Rdbss - ok
12:21:06.0859 0x0ab4 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:21:06.0859 0x0ab4 RDPCDD - ok
12:21:06.0906 0x0ab4 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:21:06.0921 0x0ab4 rdpdr - ok
12:21:06.0984 0x0ab4 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:21:07.0000 0x0ab4 RDPWD - ok
12:21:07.0046 0x0ab4 [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:21:07.0078 0x0ab4 RDSessMgr - ok
12:21:07.0140 0x0ab4 [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:21:07.0140 0x0ab4 redbook - ok
12:21:07.0203 0x0ab4 [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:21:07.0218 0x0ab4 RemoteAccess - ok
12:21:07.0265 0x0ab4 [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:21:07.0281 0x0ab4 RemoteRegistry - ok
12:21:07.0312 0x0ab4 [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator C:\WINDOWS\system32\locator.exe
12:21:07.0328 0x0ab4 RpcLocator - ok
12:21:07.0390 0x0ab4 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:21:07.0437 0x0ab4 RpcSs - ok
12:21:07.0484 0x0ab4 [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:21:07.0500 0x0ab4 RSVP - ok
12:21:07.0640 0x0ab4 [ 7DCC219C0D5634F87CE4D33EB1F6DADA, 9B58B4B19C3237E927DF24287CCBBA33ED1B7E895B8874964A49CA1F18CB190A ] RT80x86 C:\WINDOWS\system32\DRIVERS\RT2860.sys
12:21:07.0750 0x0ab4 RT80x86 - ok
12:21:07.0781 0x0ab4 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs C:\WINDOWS\system32\lsass.exe
12:21:07.0781 0x0ab4 SamSs - ok
12:21:07.0843 0x0ab4 [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:21:07.0843 0x0ab4 SCardSvr - ok
12:21:07.0921 0x0ab4 [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:21:07.0937 0x0ab4 Schedule - ok
12:21:08.0000 0x0ab4 [ F34C06D1C706A6D9433570B087A18B02, 5A1B059458CD71FA9883C8E92F9300B86B79A6E6FBBC87431630DA43D1508319 ] Scutum50 C:\WINDOWS\system32\Drivers\Scutum50.sys
12:21:08.0000 0x0ab4 Scutum50 - ok
12:21:08.0046 0x0ab4 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:21:08.0046 0x0ab4 Secdrv - ok
12:21:08.0093 0x0ab4 [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon C:\WINDOWS\System32\seclogon.dll
12:21:08.0093 0x0ab4 seclogon - ok
12:21:08.0109 0x0ab4 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS C:\WINDOWS\system32\sens.dll
12:21:08.0125 0x0ab4 SENS - ok
12:21:08.0156 0x0ab4 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:21:08.0156 0x0ab4 serenum - ok
12:21:08.0203 0x0ab4 [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
12:21:08.0203 0x0ab4 Serial - ok
12:21:08.0218 0x0ab4 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:21:08.0218 0x0ab4 Sfloppy - ok
12:21:08.0265 0x0ab4 [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:21:08.0281 0x0ab4 SharedAccess - ok
12:21:08.0312 0x0ab4 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:21:08.0312 0x0ab4 ShellHWDetection - ok
12:21:08.0328 0x0ab4 Simbad - ok
12:21:08.0375 0x0ab4 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:21:08.0375 0x0ab4 SLIP - ok
12:21:08.0375 0x0ab4 Sparrow - ok
12:21:08.0421 0x0ab4 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:21:08.0421 0x0ab4 splitter - ok
12:21:08.0468 0x0ab4 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:21:08.0484 0x0ab4 Spooler - ok
12:21:08.0593 0x0ab4 [ CDDDEC541BC3C96F91ECB48759673505, B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
12:21:08.0593 0x0ab4 Suspicious file ( NoAccess ): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505, sha256: B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB
12:21:08.0593 0x0ab4 sptd - detected LockedFile.Multi.Generic ( 1 )
12:21:08.0781 0x0ab4 sptd ( LockedFile.Multi.Generic ) - warning
12:21:08.0812 0x0ab4 [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:21:08.0828 0x0ab4 sr - ok
12:21:08.0875 0x0ab4 [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice C:\WINDOWS\system32\srsvc.dll
12:21:08.0890 0x0ab4 srservice - ok
12:21:09.0000 0x0ab4 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:21:09.0031 0x0ab4 Srv - ok
12:21:09.0078 0x0ab4 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:21:09.0078 0x0ab4 SSDPSRV - ok
12:21:09.0156 0x0ab4 [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:21:09.0171 0x0ab4 stisvc - ok
12:21:09.0203 0x0ab4 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:21:09.0218 0x0ab4 streamip - ok
12:21:09.0234 0x0ab4 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:21:09.0234 0x0ab4 swenum - ok
12:21:09.0265 0x0ab4 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:21:09.0265 0x0ab4 swmidi - ok
12:21:09.0265 0x0ab4 SwPrv - ok
12:21:09.0296 0x0ab4 symc810 - ok
12:21:09.0312 0x0ab4 symc8xx - ok
12:21:09.0312 0x0ab4 sym_hi - ok
12:21:09.0328 0x0ab4 sym_u3 - ok
12:21:09.0390 0x0ab4 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:21:09.0390 0x0ab4 sysaudio - ok
12:21:09.0468 0x0ab4 syshost32 - ok
12:21:09.0515 0x0ab4 [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:21:09.0515 0x0ab4 SysmonLog - ok
12:21:09.0562 0x0ab4 [ E930A912C441B14E12DD744E726ED4CE, CB2501082EDD19EF07B6EE6D8F00DFD2D42A2286CFC18CEA986E19A40CDF98A5 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
12:21:09.0562 0x0ab4 tap0901 - ok
12:21:09.0625 0x0ab4 [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:21:09.0640 0x0ab4 TapiSrv - ok
12:21:09.0734 0x0ab4 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:21:09.0750 0x0ab4 Tcpip - ok
12:21:09.0828 0x0ab4 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:21:09.0843 0x0ab4 TDPIPE - ok
12:21:09.0875 0x0ab4 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:21:09.0875 0x0ab4 TDTCP - ok
12:21:09.0921 0x0ab4 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:21:09.0921 0x0ab4 TermDD - ok
12:21:09.0984 0x0ab4 [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService C:\WINDOWS\System32\termsrv.dll
12:21:10.0031 0x0ab4 TermService - ok
12:21:10.0062 0x0ab4 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:21:10.0093 0x0ab4 Themes - ok
12:21:10.0140 0x0ab4 [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:21:10.0156 0x0ab4 TlntSvr - ok
12:21:10.0171 0x0ab4 TosIde - ok
12:21:10.0203 0x0ab4 [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:21:10.0218 0x0ab4 TrkWks - ok
12:21:10.0250 0x0ab4 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:21:10.0281 0x0ab4 Udfs - ok
12:21:10.0296 0x0ab4 ultra - ok
12:21:10.0437 0x0ab4 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:21:10.0453 0x0ab4 Update - ok
12:21:10.0500 0x0ab4 [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:21:10.0515 0x0ab4 upnphost - ok
12:21:10.0546 0x0ab4 [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS C:\WINDOWS\System32\ups.exe
12:21:10.0546 0x0ab4 UPS - ok
12:21:10.0578 0x0ab4 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:21:10.0578 0x0ab4 usbccgp - ok
12:21:10.0640 0x0ab4 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:21:10.0640 0x0ab4 usbehci - ok
12:21:10.0703 0x0ab4 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:21:10.0703 0x0ab4 usbhub - ok
12:21:10.0796 0x0ab4 [ 84C44D720655A8AA475E57A9E764D675, 2D450199338A217FBD951317812A74223E8B477974C7634667E8896316C3FEA0 ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys
12:21:10.0796 0x0ab4 usbser - ok
12:21:10.0828 0x0ab4 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:21:10.0828 0x0ab4 usbstor - ok
12:21:10.0843 0x0ab4 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:21:10.0843 0x0ab4 usbuhci - ok
12:21:10.0953 0x0ab4 [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
12:21:10.0968 0x0ab4 usbvideo - ok
12:21:11.0015 0x0ab4 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:21:11.0015 0x0ab4 VgaSave - ok
12:21:11.0046 0x0ab4 ViaIde - ok
12:21:11.0093 0x0ab4 [ A8087593A397B43BE57F4CD3AA11E81F, 6AF0EBFD9291B24975B7E2BD6C16EA2276D9495C7742243344797BB17683719B ] vnet C:\WINDOWS\system32\DRIVERS\virtualnet.sys
12:21:11.0125 0x0ab4 vnet - ok
12:21:11.0156 0x0ab4 [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:21:11.0156 0x0ab4 VolSnap - ok
12:21:11.0171 0x0ab4 vpnva - ok
12:21:11.0250 0x0ab4 [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS C:\WINDOWS\System32\vssvc.exe
12:21:11.0281 0x0ab4 VSS - ok
12:21:11.0375 0x0ab4 [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time C:\WINDOWS\system32\w32time.dll
12:21:11.0390 0x0ab4 W32Time - ok
12:21:11.0421 0x0ab4 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:21:11.0421 0x0ab4 Wanarp - ok
12:21:11.0468 0x0ab4 [ DC7F91B2ED24A738C807EA07F298928C, A4DCE890B7CC550B0DD3D7D4CDE01623B64C5688953CE386D9602CD542B261C9 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
12:21:11.0468 0x0ab4 wceusbsh - ok
12:21:11.0484 0x0ab4 WDICA - ok
12:21:11.0515 0x0ab4 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:21:11.0531 0x0ab4 wdmaud - ok
12:21:11.0546 0x0ab4 [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient C:\WINDOWS\System32\webclnt.dll
12:21:11.0562 0x0ab4 WebClient - ok
12:21:11.0656 0x0ab4 [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:21:11.0671 0x0ab4 winmgmt - ok
12:21:11.0734 0x0ab4 [ 6E18978B749F0696A774DE3F2CB142DD, 4BBE31A78F6CF474A4CFDBB7C365DE058247F8BFA21F7E563111E84D8937BC26 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
12:21:11.0734 0x0ab4 WmdmPmSN - ok
12:21:11.0828 0x0ab4 [ FFA4D901D46D07A5BAB2D8307FBB51A6, 53C6D04D111EDF774C7F7EEB8D032B372E6244774D56B1B34CF1236027EC9450 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:21:11.0890 0x0ab4 Wmi - ok
12:21:11.0968 0x0ab4 [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:21:11.0984 0x0ab4 WmiApSrv - ok
12:21:12.0015 0x0ab4 [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:21:12.0031 0x0ab4 wscsvc - ok
12:21:12.0046 0x0ab4 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:21:12.0046 0x0ab4 WSTCODEC - ok
12:21:12.0109 0x0ab4 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:21:12.0109 0x0ab4 wuauserv - ok
12:21:12.0187 0x0ab4 [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:21:12.0218 0x0ab4 WZCSVC - ok
12:21:12.0265 0x0ab4 [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:21:12.0281 0x0ab4 xmlprov - ok
12:21:12.0312 0x0ab4 ================ Scan global ===============================
12:21:12.0375 0x0ab4 [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] C:\WINDOWS\system32\basesrv.dll
12:21:12.0421 0x0ab4 [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
12:21:12.0484 0x0ab4 [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
12:21:12.0515 0x0ab4 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] C:\WINDOWS\system32\services.exe
12:21:12.0515 0x0ab4 [ Global ] - ok
12:21:12.0515 0x0ab4 ================ Scan MBR ==================================
12:21:12.0546 0x0ab4 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
12:21:12.0781 0x0ab4 \Device\Harddisk0\DR0 - ok
12:21:12.0781 0x0ab4 ================ Scan VBR ==================================
12:21:12.0796 0x0ab4 [ 4245CEA1EB3D659C1B14657ADD2B60D1 ] \Device\Harddisk0\DR0\Partition1
12:21:12.0796 0x0ab4 \Device\Harddisk0\DR0\Partition1 - ok
12:21:12.0796 0x0ab4 ================ Scan generic autorun ======================
12:21:14.0203 0x0ab4 [ 61176ADAE8FD9DF0A8F1BF88D046CB93, 45AA62402B314CEF6481CFB713616127E3F68250E6A86BBA76EE942B8828E5AD ] C:\WINDOWS\RTHDCPL.EXE
12:21:16.0718 0x0ab4 RTHDCPL - ok
12:21:16.0781 0x0ab4 [ 0D034E8C4F88C5B2B0C1AF3CF438CC4F, F44F9A6BBA0AE6D350F98CDBF2D5B09D56D9B1CF46F4CB9F50566232B32F8BAE ] C:\WINDOWS\SOUNDMAN.EXE
12:21:16.0796 0x0ab4 SoundMan - ok
12:21:17.0046 0x0ab4 [ EC05E964058693D1F71D1B5506B5CF09, B1E126AA040800FEC99CAE2C675A225183D50A6F3D24262051A5FB5D96E61012 ] C:\WINDOWS\ALCWZRD.EXE
12:21:17.0171 0x0ab4 AlcWzrd - ok
12:21:17.0203 0x0ab4 [ 5490BD0896299C6FCB1AC0040742B2A7, 12938ACC18B257C9293FA278A59E5DEF56021F29A93D700B38DEEF92EC2D3B68 ] C:\Programme\EeePC\ACPI\AsTray.exe
12:21:17.0203 0x0ab4 AsusTray - ok
12:21:17.0296 0x0ab4 [ 25BB2C4C7D4709855BF8BB66E499941B, 003E2496D5C14469650CFA75F84B9394E2B34C2E3DD7E3F7E6B1E8C4079BD91C ] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe
12:21:17.0328 0x0ab4 AsusACPIServer - ok
12:21:17.0343 0x0ab4 [ 2D3A4F1B70420B367763AB14F9E9510F, 6301BC932A12403AC64ADB3C0A45A492499AD3AD12729329891BD4BA3E322518 ] C:\Programme\EeePC\ACPI\AsEPCMon.exe
12:21:17.0343 0x0ab4 AsusEPCMonitor - ok
12:21:17.0406 0x0ab4 [ DD3F9185387C4392D59A11673B84A67B, C1B85748C8286488887261D2F2523392DDFCE31C4D8788B15473E973B1959987 ] C:\Programme\Elantech\ETDCtrl.exe
12:21:17.0437 0x0ab4 ETDWare - ok
12:21:17.0515 0x0ab4 [ 7BBE4CF421AECC7F0226EDD75F12079F, 8E78FC5E0657DB066F9EBAADEA9AFECB1AAA570DD9C08C7ED42116704D2E379D ] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
12:21:17.0531 0x0ab4 IMJPMIG8.1 - ok
12:21:17.0546 0x0ab4 [ 1B17E09C1223F6D17336D2DD7A1AF4F4, 06DFAD95007532CCF46D593EEDC2474936614AEDCEA7BF983E36DAD22F850B08 ] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
12:21:17.0546 0x0ab4 MSPY2002 - ok
12:21:17.0609 0x0ab4 [ 024DC0F68DF5FD6AE9DD82DFBAF479D6, FDBF0FD05CFB757C704B22703DF23E05207F14877A4EF52E3032012B6FD0C4E0 ] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
12:21:17.0625 0x0ab4 PHIME2002ASync - ok
12:21:17.0671 0x0ab4 [ 024DC0F68DF5FD6AE9DD82DFBAF479D6, FDBF0FD05CFB757C704B22703DF23E05207F14877A4EF52E3032012B6FD0C4E0 ] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
12:21:17.0703 0x0ab4 PHIME2002A - ok
12:21:17.0734 0x0ab4 [ 4F0BED169FAB31EA094A649B0473B5C6, 492516BEA51D0A793F055EB789DC0A07477A78FAC6321C0AAB9BEF72EE7FCC80 ] C:\WINDOWS\system32\igfxtray.exe
12:21:17.0734 0x0ab4 IgfxTray - ok
12:21:17.0781 0x0ab4 [ 8B0DE4B972DB725FB9D591E69CD236FB, DF84C7DAE087772C4AAF8D13B48F9BE1E6BC31869DE6BD9642B598C0DF660F12 ] C:\WINDOWS\system32\hkcmd.exe
12:21:17.0781 0x0ab4 HotKeysCmds - ok
12:21:17.0796 0x0ab4 [ CC632EB3A7D106464E933E7D53883550, F1378C5AD859296A73BF23F3AB1765D5BD4EFB856E011A7A8676BE793BBC29B5 ] C:\WINDOWS\system32\igfxpers.exe
12:21:17.0812 0x0ab4 Persistence - ok
12:21:17.0890 0x0ab4 [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
12:21:17.0906 0x0ab4 SunJavaUpdateSched - ok
12:21:17.0921 0x0ab4 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
12:21:17.0937 0x0ab4 CTFMON.EXE - ok
12:21:17.0968 0x0ab4 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
12:21:17.0968 0x0ab4 CTFMON.EXE - ok
12:21:17.0984 0x0ab4 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\ctfmon.exe
12:21:17.0984 0x0ab4 CTFMON.EXE - ok
12:21:18.0046 0x0ab4 [ F34E7705751BB413283434697BF8E55D, BDF8B29A56C51439BEB9B4C3576341BBE3EE80582063AD602AB77D19A0630C35 ] C:\Programme\DAEMON Tools Lite\DTLite.exe
12:21:18.0062 0x0ab4 DAEMON Tools Lite - ok
12:21:18.0140 0x0ab4 Win FW state via NFM: disabled
12:21:18.0140 0x0ab4 ============================================================
12:21:18.0140 0x0ab4 Scan finished
12:21:18.0140 0x0ab4 ============================================================
12:21:18.0171 0x0aac Detected object count: 1
12:21:18.0171 0x0aac Actual detected object count: 1
12:21:47.0781 0x0aac sptd ( LockedFile.Multi.Generic ) - skipped by user
12:21:47.0781 0x0aac sptd ( LockedFile.Multi.Generic ) - User select action: Skip
12:26:19.0671 0x0378 Deinitialize success
Combofix Logfile: Code:
ATTFilter ComboFix 14-09-18.01 - Administrator 21.09.2014 12:32:15.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1015.694 [GMT 2:00] ausgeführt von:: F:\ComboFix.exe . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokumente und einstellungen\Administrator\WINDOWS c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP c:\programme\xp-AntiSpy c:\programme\xp-AntiSpy\Uninstall.exe c:\programme\xp-AntiSpy\xp-AntiSpy.chm c:\programme\xp-AntiSpy\xp-AntiSpy.exe c:\programme\xp-AntiSpy\xp-AntiSpy.url . c:\windows\system32\grpconv.exe . . . fehlt!! . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SYSHOST32 -------\Service_syshost32 . . ((((((((((((((((((((((( Dateien erstellt von 2014-08-21 bis 2014-09-21 )))))))))))))))))))))))))))))) . . 2014-09-21 10:17 . 2014-09-21 10:17 -------- d-----w- C:\TDSSKiller_Quarantine 2014-09-20 11:30 . 2014-09-20 11:36 -------- d-----w- C:\FRST 2014-09-19 17:54 . 2014-09-19 17:54 -------- d-----w- c:\programme\ Malwarebytes Anti-Malware 2014-09-19 17:54 . 2014-05-12 05:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-08-23 18:31 . 2013-08-29 00:56 26240 -c----w- c:\windows\system32\dllcache\usbser.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-09-19 18:06 . 2010-07-09 17:18 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-04-28 16861696] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832] "AsusTray"="c:\programme\EeePC\ACPI\AsTray.exe" [2008-12-04 114688] "AsusACPIServer"="c:\programme\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592] "AsusEPCMonitor"="c:\programme\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208] "ETDWare"="c:\programme\Elantech\ETDCtrl.exe" [2009-01-23 416768] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2013-07-02 254336] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-29 576104] Ralink Wireless Utility.lnk - c:\programme\RALINK\Common\RaUI.exe -s [2010-5-20 1672480] SuperHybridEngine.lnk - c:\programme\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2010-5-10 294912] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDtemp4] c:\programme\BinarySense\HDDTemp4\\hddtemp4 [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-04 00:43 69632 ----a-r- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2013-07-02 08:16 254336 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Opera\\opera.exe"= "c:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"= "c:\\Programme\\uTorrent\\uTorrent.exe"= "c:\\Programme\\Naver\\LINE\\Line.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.05.2010 20:16 691696] R2 HDD & SSD access service;HDD & SSD access service;c:\programme\Gemeinsame Dateien\BinarySense\disksvc.exe [22.06.2010 18:40 165888] R2 iked;ShrewSoft IKE Daemon;c:\programme\ShrewSoft\VPN Client\iked.exe -service --> c:\programme\ShrewSoft\VPN Client\iked.exe -service [?] R2 ipsecd;ShrewSoft IPSEC Daemon;c:\programme\ShrewSoft\VPN Client\ipsecd.exe -service --> c:\programme\ShrewSoft\VPN Client\ipsecd.exe -service [?] R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [20.05.2010 10:45 19072] R3 pflt;Shrew Soft Miniport Filter;c:\windows\system32\drivers\vfilter.sys [01.07.2013 01:07 24192] S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [10.05.2010 21:27 1323040] S3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\drivers\virtualnet.sys [01.07.2013 01:07 11904] . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Senden an Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: Interfaces\{A10F0BB1-078C-41C7-B039-FBDBBE111E5E}: NameServer = 134.130.4.1,134.130.5.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . SafeBoot-70193867.sys SafeBoot-90251800.sys MSConfigStartUp-Microsoft(R) System Manager - c:\windows\system32\bc17f9.exe AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2014-09-21 12:42 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'explorer.exe'(144) c:\windows\system32\btmmhook.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\programme\ShrewSoft\VPN Client\iked.exe c:\programme\ShrewSoft\VPN Client\ipsecd.exe c:\programme\Java\jre7\bin\jqs.exe c:\programme\RALINK\Common\RaRegistry.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\RTHDCPL.EXE c:\windows\SOUNDMAN.EXE c:\windows\system32\igfxsrvc.exe c:\windows\system32\igfxext.exe . ************************************************************************** . Zeit der Fertigstellung: 2014-09-21 12:45:35 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2014-09-21 10:45 . Vor Suchlauf: 12 Verzeichnis(se), 64.322.203.648 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 64.593.539.072 Bytes frei . WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe [Boot Loader] timeout=2 Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [Operating Systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="USB Repair NOT to Start Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - DA8F20B28645A8CDAAAFAC25479E4BF8 72B8CE41AF0DE751C946802B3ED844B4 |
|
21.09.2014, 12:03
| #9 |
| /// TB-Ausbilder | syshost.exe trojaner/rootkit Sieht schon besser aus.  Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Schritt 5
Bitte poste mit deiner nächsten Antwort
|
|
21.09.2014, 13:40
| #10 |
| | syshost.exe trojaner/rootkit So einfach ist das heutzutage wenn man die richtige Software kennt?  Auch der hoster von JRT ist gesperrt gewesen -.- ADW (ich dachte ich wäre frei, aber da war tatsächlich ein yahoo toolbar registryeintrag  )AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 21/09/2014 um 13:40:45
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : Administrator - EEE-PC
# Gestartet von : C:\Dokumente und Einstellungen\Administrator\Desktop\AdwCleaner_3.310.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\dt soft\daemon tools toolbar
***** [ Browser ] *****
-\\ Internet Explorer v6.0.2900.5512
*************************
AdwCleaner[R0].txt - [1233 octets] - [21/09/2014 13:37:13]
AdwCleaner[S0].txt - [1154 octets] - [21/09/2014 13:40:45]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1214 octets] ##########
MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 21.09.2014 Scan Time: 13:43:56 Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.09.21.03 Rootkit Database: v2014.09.19.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: Administrator Scan Type: Threat Scan Result: Completed Objects Scanned: 271800 Time Elapsed: 9 min, 49 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.9 (09.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on 21.09.2014 at 13:59:23,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.09.2014 at 14:15:21,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Administrator (administrator) on EEE-PC on 21-09-2014 14:25:54
Running from C:\Dokumente und Einstellungen\Administrator\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Broadcom Corporation.) C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(BinarySense Ltd.) C:\Programme\Gemeinsame Dateien\BinarySense\disksvc.exe
() C:\Programme\ShrewSoft\VPN Client\iked.exe
() C:\Programme\ShrewSoft\VPN Client\ipsecd.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
(Ralink Technology, Corp.) C:\Programme\RALINK\Common\RaRegistry.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SoundMan.exe
(ASUSTeK Computer Inc.) C:\Programme\EeePC\ACPI\AsTray.exe
(ASUSTeK Computer Inc.) C:\Programme\EeePC\ACPI\AsAcpiSvr.exe
(ASUSTeK Computer Inc.) C:\Programme\EeePC\ACPI\AsEPCMon.exe
(ELANTECH Devices Corp.) C:\Programme\Elantech\ETDCtrl.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Broadcom Corporation.) C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(ASUSTeK Computer Inc.) C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16861696 2008-04-28] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [86016 2006-07-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2808832 2006-05-05] (RealTek Semicoductor Corp.)
HKLM\...\Run: [AsusTray] => C:\Programme\EeePC\ACPI\AsTray.exe [114688 2008-12-04] (ASUSTeK Computer Inc.)
HKLM\...\Run: [AsusACPIServer] => C:\Programme\EeePC\ACPI\AsAcpiSvr.exe [622592 2008-12-17] (ASUSTeK Computer Inc.)
HKLM\...\Run: [AsusEPCMonitor] => C:\Programme\EeePC\ACPI\AsEPCMon.exe [94208 2008-05-21] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ETDWare] => C:\Programme\Elantech\ETDCtrl.exe [416768 2009-01-23] (ELANTECH Devices Corp.)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\S-1-5-21-507921405-1708537768-515967899-500\...\Run: [DAEMON Tools Lite] => C:\Programme\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Programme\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk
ShortcutTarget: SuperHybridEngine.lnk -> C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Programme\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{A10F0BB1-078C-41C7-B039-FBDBBE111E5E}: [NameServer] 134.130.4.1,134.130.5.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 btwdins; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [264800 2008-01-29] (Broadcom Corporation.)
R2 HDD & SSD access service; C:\Programme\Gemeinsame Dateien\BinarySense\disksvc.exe [165888 2010-06-22] (BinarySense Ltd.) [File not signed]
R2 iked; C:\Programme\ShrewSoft\VPN Client\iked.exe [772408 2013-07-01] ()
R2 ipsecd; C:\Programme\ShrewSoft\VPN Client\ipsecd.exe [544400 2013-07-01] ()
R2 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182696 2013-10-29] (Oracle Corporation)
R2 RalinkRegistryWriter; C:\Programme\RALINK\Common\RaRegistry.exe [185632 2009-12-15] (Ralink Technology, Corp.)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AsusACPI; C:\WINDOWS\System32\DRIVERS\ASUSACPI.sys [10752 2008-04-08] (ASUSTeK Computer Inc.)
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539640 2007-12-10] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [879624 2007-11-21] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156392 2007-06-29] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [55352 2007-03-31] (Broadcom Corporation.)
S3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37280 2007-03-23] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [74688 2007-11-27] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [12288 2008-04-14] (Microsoft Corporation)
R3 Ktp; C:\WINDOWS\System32\DRIVERS\ETD.sys [93696 2009-02-12] (ELANTECH Devices Corp.)
R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [36864 2008-03-12] (Atheros Communications, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 pflt; C:\WINDOWS\System32\DRIVERS\vfilter.sys [24192 2013-07-01] (Shrew Soft Inc)
S3 RT80x86; C:\WINDOWS\System32\DRIVERS\RT2860.sys [1323040 2010-02-04] (Ralink Technology, Corp.)
R2 Scutum50; C:\WINDOWS\System32\Drivers\Scutum50.sys [19072 2009-04-21] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2010-05-12] () [File not signed]
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [25984 2009-07-16] (The OpenVPN Project) [File not signed]
S3 vnet; C:\WINDOWS\System32\DRIVERS\virtualnet.sys [11904 2013-07-01] (Shrew Soft Inc)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [104064 2004-12-06] (Microsoft Corporation)
U3 aw2nbugk; C:\WINDOWS\system32\Drivers\aw2nbugk.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
S3 vpnva; system32\DRIVERS\vpnva.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-21 14:25 - 2014-09-21 14:26 - 00009723 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\FRST.txt
2014-09-21 14:15 - 2014-09-21 14:15 - 00000589 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.txt
2014-09-21 13:59 - 2014-09-21 13:59 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-21 13:40 - 2014-09-21 13:36 - 01027006 _____ (Thisisu) C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.exe
2014-09-21 13:37 - 2014-09-21 13:40 - 00000000 ____D () C:\AdwCleaner
2014-09-21 13:37 - 2014-09-21 13:34 - 01373475 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\AdwCleaner_3.310.exe
2014-09-21 12:45 - 2014-09-21 14:26 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp
2014-09-21 12:45 - 2014-09-21 12:45 - 00008473 _____ () C:\ComboFix.txt
2014-09-21 12:45 - 2014-09-21 12:45 - 00000000 ____D () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp
2014-09-21 12:45 - 2014-09-21 12:45 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\temp
2014-09-21 12:40 - 2014-09-21 12:40 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-09-21 12:40 - 2014-09-21 12:40 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-09-21 12:40 - 2014-09-21 12:40 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-09-21 12:40 - 2014-09-21 12:40 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-09-21 12:40 - 2014-09-21 12:40 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-09-21 12:29 - 2014-09-21 12:29 - 00000000 _RSHD () C:\cmdcons
2014-09-21 12:29 - 2013-12-11 17:36 - 00000344 _____ () C:\Boot.bak
2014-09-21 12:29 - 2004-08-03 23:00 - 00262448 __RSH () C:\cmldr
2014-09-21 12:27 - 2014-09-21 12:45 - 00000000 ____D () C:\Qoobox
2014-09-21 12:27 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-09-21 12:27 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-09-21 12:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-09-21 12:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-09-21 12:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-09-21 12:27 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-09-21 12:27 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-09-21 12:27 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-09-21 12:27 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-09-21 12:26 - 2014-09-21 12:44 - 00000000 ____D () C:\WINDOWS\erdnt
2014-09-21 12:17 - 2014-09-21 12:17 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-20 13:31 - 2014-09-19 20:19 - 01097728 _____ (Farbar) C:\Dokumente und Einstellungen\Administrator\Desktop\FRST.exe
2014-09-20 13:30 - 2014-09-21 14:25 - 00000000 ____D () C:\FRST
2014-09-19 19:54 - 2014-09-19 19:54 - 00000000 ____D () C:\Programme\ Malwarebytes Anti-Malware
2014-09-19 19:54 - 2014-09-19 19:54 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ Malwarebytes Anti-Malware
2014-09-19 19:54 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-23 20:33 - 2014-08-23 20:33 - 00005309 _____ () C:\WINDOWS\KB2964358.log
2014-08-23 20:33 - 2014-08-23 20:33 - 00004952 _____ () C:\WINDOWS\KB2884256.log
2014-08-23 20:33 - 2014-08-23 20:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2964358$
2014-08-23 20:33 - 2014-08-23 20:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2936068$
2014-08-23 20:33 - 2014-08-23 20:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-08-23 20:33 - 2014-08-23 20:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2884256$
2014-08-23 20:32 - 2014-08-23 20:33 - 00012178 _____ () C:\WINDOWS\KB2922229.log
2014-08-23 20:31 - 2014-08-23 20:33 - 00013728 _____ () C:\WINDOWS\KB2936068.log
2014-08-23 20:31 - 2013-08-29 02:56 - 00026240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbser.sys
2014-08-23 20:18 - 2014-08-23 20:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-08-23 20:16 - 2014-08-23 20:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-21 14:26 - 2014-09-21 14:25 - 00009723 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\FRST.txt
2014-09-21 14:26 - 2014-09-21 12:45 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp
2014-09-21 14:25 - 2014-09-20 13:30 - 00000000 ____D () C:\FRST
2014-09-21 14:25 - 2010-06-15 07:15 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Desktop\Software
2014-09-21 14:15 - 2014-09-21 14:15 - 00000589 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.txt
2014-09-21 13:59 - 2014-09-21 13:59 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-21 13:43 - 2010-07-09 19:18 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-09-21 13:43 - 2010-05-09 23:20 - 01962949 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-21 13:42 - 2010-05-10 00:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-21 13:42 - 2010-05-10 00:05 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-09-21 13:42 - 2010-05-09 23:33 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-21 13:42 - 2010-05-09 23:02 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-21 13:41 - 2010-05-10 09:40 - 00000190 ___SH () C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2014-09-21 13:41 - 2010-05-09 23:33 - 00032628 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-21 13:40 - 2014-09-21 13:37 - 00000000 ____D () C:\AdwCleaner
2014-09-21 13:36 - 2014-09-21 13:40 - 01027006 _____ (Thisisu) C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.exe
2014-09-21 13:34 - 2014-09-21 13:37 - 01373475 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\AdwCleaner_3.310.exe
2014-09-21 13:08 - 2010-05-09 23:27 - 00000000 __SHD () C:\Dokumente und Einstellungen\NetworkService
2014-09-21 12:45 - 2014-09-21 12:45 - 00008473 _____ () C:\ComboFix.txt
2014-09-21 12:45 - 2014-09-21 12:45 - 00000000 ____D () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp
2014-09-21 12:45 - 2014-09-21 12:45 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\temp
2014-09-21 12:45 - 2014-09-21 12:27 - 00000000 ____D () C:\Qoobox
2014-09-21 12:44 - 2014-09-21 12:26 - 00000000 ____D () C:\WINDOWS\erdnt
2014-09-21 12:42 - 2010-05-09 23:04 - 00000227 _____ () C:\WINDOWS\system.ini
2014-09-21 12:41 - 2010-05-09 23:20 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-09-21 12:40 - 2014-09-21 12:40 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-09-21 12:40 - 2014-09-21 12:40 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-09-21 12:40 - 2014-09-21 12:40 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-09-21 12:40 - 2014-09-21 12:40 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-09-21 12:40 - 2014-09-21 12:40 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-09-21 12:40 - 2010-05-10 00:57 - 20447232 _____ () C:\WINDOWS\system32\config\software.bak
2014-09-21 12:40 - 2010-05-10 00:57 - 05242880 _____ () C:\WINDOWS\system32\config\system.bak
2014-09-21 12:40 - 2010-05-10 00:57 - 00262144 _____ () C:\WINDOWS\system32\config\default.bak
2014-09-21 12:40 - 2010-05-10 00:02 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-09-21 12:40 - 2010-05-10 00:02 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-09-21 12:39 - 2010-05-10 09:40 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator
2014-09-21 12:39 - 2010-05-10 00:02 - 00000000 ___RD () C:\Programme
2014-09-21 12:29 - 2014-09-21 12:29 - 00000000 _RSHD () C:\cmdcons
2014-09-21 12:29 - 2010-05-10 00:57 - 00000461 __RSH () C:\boot.ini
2014-09-21 12:23 - 2010-05-10 00:03 - 00819552 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-21 12:17 - 2014-09-21 12:17 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-20 17:51 - 2011-01-09 23:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2443685$
2014-09-19 20:19 - 2014-09-20 13:31 - 01097728 _____ (Farbar) C:\Dokumente und Einstellungen\Administrator\Desktop\FRST.exe
2014-09-19 19:54 - 2014-09-19 19:54 - 00000000 ____D () C:\Programme\ Malwarebytes Anti-Malware
2014-09-19 19:54 - 2014-09-19 19:54 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ Malwarebytes Anti-Malware
2014-09-19 19:54 - 2010-07-09 19:18 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2014-09-19 19:54 - 2010-05-10 00:02 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-09-19 18:38 - 2013-07-20 22:28 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
2014-09-19 18:34 - 2010-06-13 13:09 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\uTorrent
2014-09-19 17:44 - 2010-12-30 23:05 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Desktop\TMP
2014-09-19 14:45 - 2010-10-17 22:04 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype
2014-09-10 20:18 - 2012-12-22 08:11 - 00640698 _____ () C:\WINDOWS\setupapi.log
2014-08-31 15:32 - 2013-02-01 23:23 - 00000682 _____ () C:\Dokumente und Einstellungen\All Users\Startmenü\LINE.lnk
2014-08-31 15:32 - 2013-02-01 23:23 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\LINE
2014-08-30 15:21 - 2010-05-09 23:18 - 00089915 _____ () C:\WINDOWS\wmsetup.log
2014-08-23 20:33 - 2014-08-23 20:33 - 00005309 _____ () C:\WINDOWS\KB2964358.log
2014-08-23 20:33 - 2014-08-23 20:33 - 00004952 _____ () C:\WINDOWS\KB2884256.log
2014-08-23 20:33 - 2014-08-23 20:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2964358$
2014-08-23 20:33 - 2014-08-23 20:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2936068$
2014-08-23 20:33 - 2014-08-23 20:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-08-23 20:33 - 2014-08-23 20:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2884256$
2014-08-23 20:33 - 2014-08-23 20:32 - 00012178 _____ () C:\WINDOWS\KB2922229.log
2014-08-23 20:33 - 2014-08-23 20:31 - 00013728 _____ () C:\WINDOWS\KB2936068.log
2014-08-23 20:33 - 2010-05-12 10:56 - 00051435 _____ () C:\WINDOWS\updspapi.log
2014-08-23 20:33 - 2010-05-10 00:03 - 01854099 _____ () C:\WINDOWS\iis6.log
2014-08-23 20:33 - 2010-05-10 00:03 - 01583073 _____ () C:\WINDOWS\FaxSetup.log
2014-08-23 20:33 - 2010-05-10 00:03 - 00805480 _____ () C:\WINDOWS\ocgen.log
2014-08-23 20:33 - 2010-05-10 00:03 - 00742311 _____ () C:\WINDOWS\tsoc.log
2014-08-23 20:33 - 2010-05-10 00:03 - 00540321 _____ () C:\WINDOWS\comsetup.log
2014-08-23 20:33 - 2010-05-10 00:03 - 00513740 _____ () C:\WINDOWS\msmqinst.log
2014-08-23 20:33 - 2010-05-10 00:03 - 00329785 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-23 20:33 - 2010-05-10 00:03 - 00279660 _____ () C:\WINDOWS\netfxocm.log
2014-08-23 20:33 - 2010-05-10 00:03 - 00111731 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-23 20:33 - 2010-05-10 00:03 - 00089210 _____ () C:\WINDOWS\ocmsn.log
2014-08-23 20:33 - 2010-05-10 00:03 - 00079601 _____ () C:\WINDOWS\msgsocm.log
2014-08-23 20:33 - 2010-05-10 00:03 - 00079313 _____ () C:\WINDOWS\tabletoc.log
2014-08-23 20:33 - 2010-05-10 00:03 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-08-23 20:33 - 2010-05-10 00:03 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-08-23 20:25 - 2010-05-10 00:02 - 00277240 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-23 20:21 - 2014-03-12 22:36 - 00009026 _____ () C:\WINDOWS\KB2929961.log
2014-08-23 20:18 - 2014-08-23 20:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-08-23 20:17 - 2014-03-12 22:36 - 00010349 _____ () C:\WINDOWS\KB2930275.log
2014-08-23 20:16 - 2014-08-23 20:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
--- --- --- addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Administrator at 2014-09-21 14:27:13
Running from C:\Dokumente und Einstellungen\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\ShockwaveFlash) (Version: 9 - Adobe Systems)
Asus ACPI Driver (HKLM\...\{19F5658D-92E8-4A08-8657-D38ABB1574B2}) (Version: 4.00.0010 - ASUSTek Computer)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Continuum 0.40 (HKLM\...\Continuum_is1) (Version: - )
Dymola 7.0 (HKLM\...\{460F13C2-D782-4C15-A88E-88FCD50CC4C7}) (Version: 7.0.219 - Dynasim AB)
ECAP (HKLM\...\{85E3CFBC-9B1B-470C-AF72-54EACA0F1322}) (Version: 1.0.1.4 - ECAP)
Eee Instant Key (HKLM\...\{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}) (Version: 1.06 - ASUS)
ETDWare PS/2-x86 7.0.4.3 WHQL (HKLM\...\Elantech) (Version: - )
Foxit Reader (HKLM\...\Foxit Reader) (Version: 3.3.0.430 - Foxit Software Company)
GOM Player (HKLM\...\GOM Player) (Version: 2.1.25.5015 - Gretech Corporation)
HDD Temperature v.4 (HKLM\...\{72B6A1F0-EEB1-4E53-87C7-2E3C8A103473}) (Version: 4.0.24 - BinarySense Inc.)
Hotfix für Windows XP (KB2158563) (HKLM\...\KB2158563) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB2443685) (HKLM\...\KB2443685) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB2570791) (HKLM\...\KB2570791) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB2633952) (HKLM\...\KB2633952) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB2756822) (HKLM\...\KB2756822) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB2779562) (HKLM\...\KB2779562) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB979306) (HKLM\...\KB979306) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB981793) (HKLM\...\KB981793) (Version: 1 - Microsoft Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Katawa Shoujo (HKLM\...\Katawa Shoujo) (Version: - )
KeyHoleTV (HKLM\...\KeyHoleTV) (Version: - )
LCARS Terminal 3.0.1 (HKLM\...\LCARS Terminal) (Version: - Nicolas Reimann)
LINE (HKLM\...\LINE) (Version: 3.7.5.98 - LINE Corporation)
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft ActiveSync 3.8 (HKLM\...\Windows CE Services) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MPEG2 Codec(libmpeg2/mad) (HKLM\...\MPEG2 Codec(libmpeg2/mad)) (Version: - )
Notepad++ (HKLM\...\Notepad++) (Version: 5.6.8 - )
OpenOffice.org 3.2 (HKLM\...\{8D1E61D1-1395-4E97-997F-D002DB3A5074}) (Version: 3.2.9502 - OpenOffice.org)
Opera 11.52 (HKLM\...\Opera 11.52.1100) (Version: 11.52.1100 - Opera Software ASA)
Orca (HKLM\...\{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}) (Version: 3.1.3790.0000 - Microsoft Corporation)
Parmen (HKLM\...\Parmen) (Version: - )
PicoZip Recovery Tool 1.02 (HKLM\...\PicoZip Recovery Tool 1.02) (Version: 1.02 - Softchitect)
Pro/ENGINEER Mechanica Release Wildfire 3.0 Datecode M240 (HKLM\...\Pro/ENGINEER Mechanica Release Wildfire 3.0 Datecode M240) (Version: Wildfire 3.0 - PTC)
Pro/ENGINEER Release Wildfire 3.0 Datecode M240 (HKLM\...\Pro/ENGINEER Release Wildfire 3.0 Datecode M240) (Version: Wildfire 3.0 - PTC)
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.7.0 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5612 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.38 - Piriform)
Secure Download Manager (HKLM\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Security Task Manager 1.7 (HKLM\...\Security Task Manager) (Version: 1.7 - Neuber GmbH)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - )
Sicherheitsupdate f・ Windows XP (KB2544893-v2) (HKLM\...\KB2544893-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Microsoft Windows (KB2564958) (HKLM\...\KB2564958) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2378111) (HKLM\...\KB2378111_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2803821) (HKLM\...\KB2803821_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2803821-v2) (HKLM\...\KB2803821-v2_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB952069) (HKLM\...\KB952069_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB954155) (HKLM\...\KB954155_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB968816) (HKLM\...\KB968816_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB973540) (HKLM\...\KB973540_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB975558) (HKLM\...\KB975558_WM8) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB978695) (HKLM\...\KB978695_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB979402) (HKLM\...\KB979402_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2079403) (HKLM\...\KB2079403) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2115168) (HKLM\...\KB2115168) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2121546) (HKLM\...\KB2121546) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2160329) (HKLM\...\KB2160329) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2229593) (HKLM\...\KB2229593) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2259922) (HKLM\...\KB2259922) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2279986) (HKLM\...\KB2279986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2286198) (HKLM\...\KB2286198) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2296011) (HKLM\...\KB2296011) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2296199) (HKLM\...\KB2296199) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2347290) (HKLM\...\KB2347290) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2360937) (HKLM\...\KB2360937) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2387149) (HKLM\...\KB2387149) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2393802) (HKLM\...\KB2393802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2412687) (HKLM\...\KB2412687) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2419632) (HKLM\...\KB2419632) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2423089) (HKLM\...\KB2423089) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2436673) (HKLM\...\KB2436673) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2440591) (HKLM\...\KB2440591) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2443105) (HKLM\...\KB2443105) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2476490) (HKLM\...\KB2476490) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2476687) (HKLM\...\KB2476687) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478960) (HKLM\...\KB2478960) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478971) (HKLM\...\KB2478971) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2479628) (HKLM\...\KB2479628) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2479943) (HKLM\...\KB2479943) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2481109) (HKLM\...\KB2481109) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2483185) (HKLM\...\KB2483185) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2485376) (HKLM\...\KB2485376) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2485663) (HKLM\...\KB2485663) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2503658) (HKLM\...\KB2503658) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2503665) (HKLM\...\KB2503665) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2506212) (HKLM\...\KB2506212) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2506223) (HKLM\...\KB2506223) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2507618) (HKLM\...\KB2507618) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2507938) (HKLM\...\KB2507938) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2508272) (HKLM\...\KB2508272) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2508429) (HKLM\...\KB2508429) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2509553) (HKLM\...\KB2509553) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2510581) (HKLM\...\KB2510581) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2511455) (HKLM\...\KB2511455) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2524375) (HKLM\...\KB2524375) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2535512) (HKLM\...\KB2535512) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2536276) (HKLM\...\KB2536276) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2536276-v2) (HKLM\...\KB2536276-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2544893) (HKLM\...\KB2544893) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2555917) (HKLM\...\KB2555917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2562937) (HKLM\...\KB2562937) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2566454) (HKLM\...\KB2566454) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2567053) (HKLM\...\KB2567053) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2567680) (HKLM\...\KB2567680) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2570222) (HKLM\...\KB2570222) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2570947) (HKLM\...\KB2570947) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2584146) (HKLM\...\KB2584146) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2585542) (HKLM\...\KB2585542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2592799) (HKLM\...\KB2592799) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2598479) (HKLM\...\KB2598479) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2603381) (HKLM\...\KB2603381) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2618451) (HKLM\...\KB2618451) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2619339) (HKLM\...\KB2619339) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2620712) (HKLM\...\KB2620712) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2621440) (HKLM\...\KB2621440) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2624667) (HKLM\...\KB2624667) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2631813) (HKLM\...\KB2631813) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2633171) (HKLM\...\KB2633171) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2639417) (HKLM\...\KB2639417) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2646524) (HKLM\...\KB2646524) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2653956) (HKLM\...\KB2653956) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2655992) (HKLM\...\KB2655992) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2659262) (HKLM\...\KB2659262) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2660465) (HKLM\...\KB2660465) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2661637) (HKLM\...\KB2661637) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2676562) (HKLM\...\KB2676562) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2686509) (HKLM\...\KB2686509) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2691442) (HKLM\...\KB2691442) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2698365) (HKLM\...\KB2698365) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2705219-v2) (HKLM\...\KB2705219-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2712808) (HKLM\...\KB2712808) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2719985) (HKLM\...\KB2719985) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2723135-v2) (HKLM\...\KB2723135-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2724197) (HKLM\...\KB2724197) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2727528) (HKLM\...\KB2727528) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2731847-v2) (HKLM\...\KB2731847-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2753842-v2) (HKLM\...\KB2753842-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2757638) (HKLM\...\KB2757638) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2758857) (HKLM\...\KB2758857) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2770660) (HKLM\...\KB2770660) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2778344) (HKLM\...\KB2778344) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2779030) (HKLM\...\KB2779030) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2780091) (HKLM\...\KB2780091) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2799494) (HKLM\...\KB2799494) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2802968) (HKLM\...\KB2802968) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2808735) (HKLM\...\KB2808735) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813170) (HKLM\...\KB2813170) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820197) (HKLM\...\KB2820197) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2829361) (HKLM\...\KB2829361) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2839229) (HKLM\...\KB2839229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2845187) (HKLM\...\KB2845187) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2849470) (HKLM\...\KB2849470) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850851) (HKLM\...\KB2850851) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868038) (HKLM\...\KB2868038) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876315) (HKLM\...\KB2876315) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2879017) (HKLM\...\KB2879017) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2883150) (HKLM\...\KB2883150) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2884256) (HKLM\...\KB2884256) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893984) (HKLM\...\KB2893984) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898785) (HKLM\...\KB2898785) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2909212) (HKLM\...\KB2909212) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2909921) (HKLM\...\KB2909921) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2936068) (HKLM\...\KB2936068) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2964358) (HKLM\...\KB2964358) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923561) (HKLM\...\KB923561) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923789) (HKLM\...\KB923789) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB946648) (HKLM\...\KB946648) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950760) (HKLM\...\KB950760) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950762) (HKLM\...\KB950762) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950974) (HKLM\...\KB950974) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB951376-v2) (HKLM\...\KB951376-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB951748) (HKLM\...\KB951748) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952004) (HKLM\...\KB952004) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952954) (HKLM\...\KB952954) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB955069) (HKLM\...\KB955069) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956572) (HKLM\...\KB956572) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956744) (HKLM\...\KB956744) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956802) (HKLM\...\KB956802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956803) (HKLM\...\KB956803) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956844) (HKLM\...\KB956844) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB958644) (HKLM\...\KB958644) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB958869) (HKLM\...\KB958869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB959426) (HKLM\...\KB959426) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960225) (HKLM\...\KB960225) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960803) (HKLM\...\KB960803) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960859) (HKLM\...\KB960859) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB961501) (HKLM\...\KB961501) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB969059) (HKLM\...\KB969059) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB969947) (HKLM\...\KB969947) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB970238) (HKLM\...\KB970238) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB971468) (HKLM\...\KB971468) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB971657) (HKLM\...\KB971657) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB971961) (HKLM\...\KB971961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB972270) (HKLM\...\KB972270) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973507) (HKLM\...\KB973507) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973869) (HKLM\...\KB973869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973904) (HKLM\...\KB973904) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974112) (HKLM\...\KB974112) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974318) (HKLM\...\KB974318) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974392) (HKLM\...\KB974392) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974571) (HKLM\...\KB974571) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975025) (HKLM\...\KB975025) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975467) (HKLM\...\KB975467) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975560) (HKLM\...\KB975560) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975561) (HKLM\...\KB975561) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975562) (HKLM\...\KB975562) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975713) (HKLM\...\KB975713) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977816) (HKLM\...\KB977816) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977914) (HKLM\...\KB977914) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978037) (HKLM\...\KB978037) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978262) (HKLM\...\KB978262) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978338) (HKLM\...\KB978338) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978542) (HKLM\...\KB978542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978601) (HKLM\...\KB978601) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978706) (HKLM\...\KB978706) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979309) (HKLM\...\KB979309) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979482) (HKLM\...\KB979482) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979559) (HKLM\...\KB979559) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979683) (HKLM\...\KB979683) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979687) (HKLM\...\KB979687) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB980195) (HKLM\...\KB980195) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB980218) (HKLM\...\KB980218) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB980232) (HKLM\...\KB980232) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB980436) (HKLM\...\KB980436) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981322) (HKLM\...\KB981322) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981349) (HKLM\...\KB981349) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981852) (HKLM\...\KB981852) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981957) (HKLM\...\KB981957) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981997) (HKLM\...\KB981997) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982132) (HKLM\...\KB982132) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982214) (HKLM\...\KB982214) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982665) (HKLM\...\KB982665) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982802) (HKLM\...\KB982802) (Version: 1 - Microsoft Corporation)
Skype™ 3.8 (HKLM\...\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}) (Version: 3.8.188 - Skype Technologies S.A.)
Super Hybrid Engine (HKLM\...\{0990B5DF-92C3-4AD6-A18D-BF3ADF311240}) (Version: 1.03 - ASUS)
Update f・ Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update für Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update für Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB980182) (HKLM\...\KB980182) (Version: 1 - Microsoft Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.5500 - WIDCOMM, Inc.)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - )
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
ZBar Bar Code Reader (HKLM\...\ZBar) (Version: 0.10 - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-507921405-1708537768-515967899-500_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Programme\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-507921405-1708537768-515967899-500_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Programme\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-507921405-1708537768-515967899-500_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Programme\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-507921405-1708537768-515967899-500_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Programme\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-507921405-1708537768-515967899-500_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Programme\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-507921405-1708537768-515967899-500_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Programme\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
==================== Restore Points =========================
21-09-2014 10:41:51 Systemprüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2010-05-09 23:02 - 2014-09-21 12:42 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) =============
2013-07-01 10:21 - 2013-07-01 10:21 - 00772408 _____ () C:\Programme\ShrewSoft\VPN Client\iked.exe
2013-07-01 01:16 - 2013-07-01 01:16 - 00438272 _____ () C:\Programme\ShrewSoft\VPN Client\libike.dll
2013-07-01 01:15 - 2013-07-01 01:15 - 00016384 _____ () C:\Programme\ShrewSoft\VPN Client\libidb.dll
2013-07-01 01:15 - 2013-07-01 01:15 - 00014848 _____ () C:\Programme\ShrewSoft\VPN Client\libith.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00030208 _____ () C:\Programme\ShrewSoft\VPN Client\libvnet.dll
2013-07-01 01:16 - 2013-07-01 01:16 - 00010752 _____ () C:\Programme\ShrewSoft\VPN Client\liblog.dll
2013-07-01 01:16 - 2013-07-01 01:16 - 00102400 _____ () C:\Programme\ShrewSoft\VPN Client\libip.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00024576 _____ () C:\Programme\ShrewSoft\VPN Client\libpfk.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00014848 _____ () C:\Programme\ShrewSoft\VPN Client\libdtp.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00026624 _____ () C:\Programme\ShrewSoft\VPN Client\libvflt.dll
2013-07-01 10:21 - 2013-07-01 10:21 - 00544400 _____ () C:\Programme\ShrewSoft\VPN Client\ipsecd.exe
2008-01-29 15:03 - 2008-01-29 15:03 - 00040960 _____ () C:\Programme\WIDCOMM\Bluetooth Software\btkeyind.dll
2008-01-29 15:05 - 2008-01-29 15:05 - 02842624 _____ () C:\WINDOWS\system32\btwicons.dll
2010-05-12 20:28 - 2010-03-15 11:28 - 00141824 _____ () C:\Programme\WinRAR\rarext.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: HDDtemp4 => C:\Programme\BinarySense\HDDTemp4\\hddtemp4 /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/20/2014 05:56:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
.
Error: (09/20/2014 05:55:15 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error: (09/20/2014 05:55:14 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error: (09/20/2014 05:55:14 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error: (09/20/2014 05:55:14 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error: (09/20/2014 05:55:14 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error: (09/20/2014 05:55:13 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error: (09/20/2014 05:55:11 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error: (09/20/2014 05:55:11 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
.
Error: (09/20/2014 02:14:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung procexp.exe, Version 12.3.0.0, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000127d9.
Das medienspezifische Ereignis für [procexp.exe!ws!] wird verarbeitet.
System errors:
=============
Error: (09/21/2014 00:18:41 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (09/20/2014 06:14:55 PM) (Source: DCOM) (EventID: 10005) (User: EEE-PC)
Description: Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error: (09/20/2014 06:04:49 PM) (Source: DCOM) (EventID: 10005) (User: EEE-PC)
Description: Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error: (09/20/2014 05:59:22 PM) (Source: DCOM) (EventID: 10005) (User: EEE-PC)
Description: Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error: (09/20/2014 05:54:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
sptd
Tcpip
Error: (09/20/2014 05:54:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31
Error: (09/20/2014 05:54:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31
Error: (09/20/2014 05:54:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31
Error: (09/20/2014 05:54:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31
Error: (09/20/2014 05:53:45 PM) (Source: DCOM) (EventID: 10005) (User: EEE-PC)
Description: Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Microsoft Office Sessions:
=========================
Error: (09/20/2014 05:56:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtDer Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error: (09/20/2014 05:55:15 PM) (Source: crypt32) (EventID: 8) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtDiese Netzwerkverbindung ist nicht vorhanden.
Error: (09/20/2014 05:55:14 PM) (Source: crypt32) (EventID: 8) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtDiese Netzwerkverbindung ist nicht vorhanden.
Error: (09/20/2014 05:55:14 PM) (Source: crypt32) (EventID: 8) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtDiese Netzwerkverbindung ist nicht vorhanden.
Error: (09/20/2014 05:55:14 PM) (Source: crypt32) (EventID: 8) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtDiese Netzwerkverbindung ist nicht vorhanden.
Error: (09/20/2014 05:55:14 PM) (Source: crypt32) (EventID: 8) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtDiese Netzwerkverbindung ist nicht vorhanden.
Error: (09/20/2014 05:55:13 PM) (Source: crypt32) (EventID: 8) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtDiese Netzwerkverbindung ist nicht vorhanden.
Error: (09/20/2014 05:55:11 PM) (Source: crypt32) (EventID: 8) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtDiese Netzwerkverbindung ist nicht vorhanden.
Error: (09/20/2014 05:55:11 PM) (Source: crypt32) (EventID: 8) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtDer Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error: (09/20/2014 02:14:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: procexp.exe12.3.0.0ntdll.dll5.1.2600.6055000127d9
==================== Memory info ===========================
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Percentage of memory in use: 33%
Total physical RAM: 1015.17 MB
Available physical RAM: 674.75 MB
Total Pagefile: 2441.95 MB
Available Pagefile: 2205.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.54 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:149.04 GB) (Free:60.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: () (Removable) (Total:0.48 GB) (Free:0.31 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: D300DA08)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8 MB) - (Type=EF)
========================================================
Disk: 1 (Size: 488.5 MB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Administrator at 2014-09-21 14:27:48
Running from C:\Dokumente und Einstellungen\Administrator\Desktop
Boot Mode: Normal
================== Search: "grpconv.exe" ===================
=== End Of Search ===
|
|
22.09.2014, 07:56
| #11 |
| /// TB-Ausbilder | syshost.exe trojaner/rootkit Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
C:\WINDOWS\Installer\{B2383C33-D063-4B80-83DA-6A48639A34A9}
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
22.09.2014, 13:51
| #12 |
| | syshost.exe trojaner/rootkit FRST Fix Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Administrator at 2014-09-22 10:34:52 Run:1
Running from C:\Dokumente und Einstellungen\Administrator\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
C:\WINDOWS\Installer\{B2383C33-D063-4B80-83DA-6A48639A34A9}
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
EmptyTemp:
end
*****************
Processes closed successfully.
C:\WINDOWS\Installer\{B2383C33-D063-4B80-83DA-6A48639A34A9} => Moved successfully.
HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
EmptyTemp: => Removed 108.1 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=91a0320c88d78c429f2cdbea6214e826
# engine=20244
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-22 12:41:57
# local_time=2014-09-22 02:41:57 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# scanned=231294
# found=1
# cleaned=0
# scan_time=6558
sh=DB97AEDAC707E6FBFC2D7D69D18A8135FD786AB4 ft=1 fh=d71fcb223b173b4f vn="Variante von Win32/Rootkit.Kryptik.ZI Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\21.09.2014_12.16.02\necurs0000\svc0000\tsk0000.dta"
SC Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 45
Java SE Development Kit 7 Update 45
Java version out of Date!
Adobe Flash Player 9 Flash Player out of Date!
Adobe Flash Player 11.9.900.117 Flash Player out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
IE nutze ich nicht. Nur Opera und Firefox als Portable. Flash und Java sollte ich wohl mal aktualisieren.  Was ist mit der fehlenden Datei? Oder ist die nicht so wichtig? Und um welche Art von Rootkit/Trojaner handelt es sich denn? Nur irgend ein Botnetz Kram oder muss ich mir um die Integrität meiner Daten gedanken machen? |
|
23.09.2014, 08:31
| #13 | |||
| /// TB-Ausbilder | syshost.exe trojaner/rootkit Servus, Zitat:
Klar, kein Tool erkennt 100%, aber man ist doch sicherer unterwegs. Der IE sollte trotzdem aktuell sein, da sich andere Programme über den IE aktualisieren.  Grundsätzlich solltest du dich mit XP langsam vom Internet verabschieden: Lesestoff:Windows XP Auf deinem Rechner läuft noch Windows XP. Microsoft hat dieses Betriebssystem bereits 2001 veröffentlicht und stellt den Support endgültig ab April 2014 ein, d.h. ab Mai 2014 gibt es keine weiteren Updates mehr und danach gefundene Lücken werden nicht mehr durch Updates/Hotfixes geschlossen werden können. Mit Windows XP nach April 2014 zu surfen wird damit ein großes Sicherheitsrisiko. Du solltest dir jetzt unbedingt Gedanken machen, möglichst schnell auf ein aktuelleres Betriebssystem umzusteigen. Zitat:
Ist nicht so wichtig. Ersetzen könnte man sie am Einfachsten, wenn man SP 3 deinstalliert und wieder neu installiert. Zitat:
Passwörter ändern solltes du auf jeden Fall tun (mehr dazu weiter unten). Der Fund von ESET zeigt nur auf die Qurantäne von TDSS-Killer, diese Dateien werden mit DelFix (siehe weiter unten) automatisch entfernt. Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Ändere regelmäßig alle deine Passwörter, jetzt nach der Bereinigung ist ein idealer Zeitpunkt dafür!
Schritt 1 Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren. Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren. Deinstalliere die folgenden Programme von deinem Rechner:
Downloade und installiere dir bitte nun:Starte deinen Rechner nach der Installation neu auf. Schritt 2 Die Reihenfolge ist hier entscheidend.
Schritt 3 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
23.09.2014, 22:03
| #14 | ||||
| | syshost.exe trojaner/rootkitZitat:
Diese ließt sich aber nur mit Ok quittieren. Danach lief die Deinstallation aber normal weiter... Zitat:
Zitat:
Zitat:
Ansonsten gibt es nichtsmehr was ich sagen könnte ausser: Vielen Dank für die gute Arbeit. Hoffentlich auf nimmer Wiedersehen |
|
24.09.2014, 13:19
| #15 |
| /// TB-Ausbilder | syshost.exe trojaner/rootkit Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu syshost.exe trojaner/rootkit |
| 0xc0000001, 4d36e972-e325-11ce-bfc1-08002be10318, adobe, adware, auslastung, computer, cpu, desktop, eeepc, einstellungen, explorer, flash player, helper, logfile, neustart, nicht genug speicherplatz, realtek, rootkit, scan, security, services.exe, speicherplatz, super, svchost, svchost.exe, systemprozess, trojaner, virus, warnung |
Linear-Darstellung
