Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TDSSKiller: MEM:Backdoor.Win32.Sinowal.d (https://www.trojaner-board.de/142369-tdsskiller-mem-backdoor-win32-sinowal-d.html)

pummelfee 01.10.2013 10:17
TDSSKiller: MEM:Backdoor.Win32.Sinowal.d
 
Hallo zusammen,

nachdem meine Eltern einen netten Brief von ihrem Internetanbieter bekommen haben mit der Bitte, doch mal ihren PC (uralt, XP SP2) unter die Lupe zu nehmen, habe ich das mal gemacht. Vermutlich haben sie sich über irgendeinen Anhang was eingefangen. Ich habe bereits u.a. folgende Software genutzt, ohne jedoch irgendetwas zu löschen oder einen Versuch unternommen zu haben, etwas auszumerzen:

1. Avast: kein Fund.

2. MBAM: kein Fund.

3. aswMBR: 2 rote Zeilen bei 17:11:46.093

Code:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-28 17:04:02
-----------------------------
17:04:02.640    OS Version: Windows 5.1.2600 Service Pack 2
17:04:02.640    Number of processors: 1 586 0x204
17:04:02.843    ComputerName: ASGARD  UserName: winnie
17:04:09.859    Initialize success
17:04:20.234    AVAST engine defs: 13092800
17:10:07.359    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:10:07.375    Disk 0 Vendor: Maxtor_4D040H2 DAH017K0 Size: 39083MB BusType: 3
17:10:07.546    Disk 0 MBR read successfully
17:10:07.546    Disk 0 MBR scan
17:10:07.593    Disk 0 Windows XP default MBR code
17:10:07.593    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        20002 MB offset 63
17:10:07.640    Disk 0 Partition - 00    0F Extended LBA            19069 MB offset 40965750
17:10:07.750    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        14998 MB offset 40965813
17:10:07.750    Disk 0 Partition - 00    05    Extended              4071 MB offset 71682030
17:10:07.781    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        4071 MB offset 71682093
17:10:07.796    Disk 0 scanning sectors +80019765
17:10:08.140    Disk 0 scanning C:\WINDOWS\system32\drivers
17:10:31.859    Service scanning
17:10:42.953    Service Kbardsentca C:\WINDOWS\C:\WINDOWS\system32\drivers\MSPQM.sys **LOCKED** 123
17:10:56.500    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
17:11:01.859    Service vaxscsi C:\WINDOWS\System32\Drivers\vaxscsi.sys **LOCKED** 32
17:11:05.281    Modules scanning
17:11:46.031    Disk 0 trace - called modules:
17:11:46.093    ntoskrnl.exe >>UNKNOWN [0x8239feb0]<<
17:11:46.093    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82350ab8]
17:11:46.093    \Driver\Disk[0x82374a08] -> IRP_MJ_CREATE -> 0x8239feb0
17:11:46.796    AVAST engine scan C:\WINDOWS
17:11:54.765    AVAST engine scan C:\WINDOWS\system32
17:15:40.203    AVAST engine scan C:\WINDOWS\system32\drivers
17:16:02.281    AVAST engine scan C:\Dokumente und Einstellungen\winnie
17:51:34.296    AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:52:59.765    Scan finished successfully
17:58:02.968    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner\MBR.dat"
17:58:03.109    The log file has been saved successfully to "C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner\aswMBR.txt"
4. TDSSKiller: Fund wie im topic.

Code:
10:43:25.0000 1684  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:43:26.0296 1684  ============================================================
10:43:26.0328 1684  Current date / time: 2013/10/01 10:43:26.0296
10:43:26.0328 1684  SystemInfo:
10:43:26.0328 1684 
10:43:26.0328 1684  OS Version: 5.1.2600 ServicePack: 2.0
10:43:26.0328 1684  Product type: Workstation
10:43:26.0328 1684  ComputerName: ASGARD
10:43:26.0406 1684  UserName: winnie
10:43:26.0406 1684  Windows directory: C:\WINDOWS
10:43:26.0406 1684  System windows directory: C:\WINDOWS
10:43:26.0406 1684  Processor architecture: Intel x86
10:43:26.0406 1684  Number of processors: 1
10:43:26.0406 1684  Page size: 0x1000
10:43:26.0406 1684  Boot type: Normal boot
10:43:26.0406 1684  ============================================================
10:43:28.0984 1684  Drive \Device\Harddisk0\DR0 - Size: 0x98ABA0000 (38.17 Gb), SectorSize: 0x200, Cylinders: 0x1376, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:43:29.0031 1684  ============================================================
10:43:29.0031 1684  \Device\Harddisk0\DR0:
10:43:29.0031 1684  MBR partitions:
10:43:29.0046 1684  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
10:43:29.0062 1684  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x1D4B139
10:43:29.0156 1684  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x445C82D, BlocksNum 0x7F3908
10:43:29.0156 1684  ============================================================
10:43:29.0218 1684  C: <-> \Device\Harddisk0\DR0\Partition1
10:43:29.0250 1684  D: <-> \Device\Harddisk0\DR0\Partition2
10:43:29.0281 1684  E: <-> \Device\Harddisk0\DR0\Partition3
10:43:29.0281 1684  ============================================================
10:43:29.0281 1684  Initialize success
10:43:29.0281 1684  ============================================================
10:43:42.0140 1936  ============================================================
10:43:42.0140 1936  Scan started
10:43:42.0140 1936  Mode: Manual; SigCheck; TDLFS;
10:43:42.0140 1936  ============================================================
10:43:42.0671 1936  ================ Scan system memory ========================
10:43:50.0765 1936  System memory ( MEM:Backdoor.Win32.Sinowal.d ) - infected
10:43:50.0765 1936  System memory - detected MEM:Backdoor.Win32.Sinowal.d (0)
10:43:50.0765 1936  ================ Scan services =============================
10:43:51.0203 1936  Abiosdsk - ok
10:43:51.0218 1936  abp480n5 - ok
10:43:51.0359 1936  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
10:43:52.0265 1936  ACDaemon - ok
10:43:52.0359 1936  [ 94B4741D2CF9ED38140B831293D1601A ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:44:01.0000 1936  ACPI - ok
10:44:01.0156 1936  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
10:44:01.0656 1936  ACPIEC - ok
10:44:01.0765 1936  [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
10:44:01.0921 1936  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
10:44:01.0921 1936  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
10:44:01.0953 1936  adpu160m - ok
10:44:02.0046 1936  [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec            C:\WINDOWS\system32\drivers\aec.sys
10:44:02.0671 1936  aec - ok
10:44:02.0703 1936  [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc            C:\WINDOWS\system32\drivers\Afc.sys
10:44:02.0812 1936  Afc - ok
10:44:02.0890 1936  [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD            C:\WINDOWS\System32\drivers\afd.sys
10:44:03.0609 1936  AFD - ok
10:44:03.0656 1936  [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
10:44:04.0234 1936  agp440 - ok
10:44:04.0250 1936  Aha154x - ok
10:44:04.0281 1936  aic78u2 - ok
10:44:04.0375 1936  aic78xx - ok
10:44:04.0453 1936  [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter        C:\WINDOWS\system32\alrsvc.dll
10:44:05.0187 1936  Alerter - ok
10:44:05.0203 1936  [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG            C:\WINDOWS\System32\alg.exe
10:44:05.0703 1936  ALG - ok
10:44:05.0781 1936  AliIde - ok
10:44:05.0796 1936  amsint - ok
10:44:05.0843 1936  [ BECD5328E7869807D6557BE4FE60C72F ] AppMgmt        C:\WINDOWS\System32\appmgmts.dll
10:44:06.0390 1936  AppMgmt - ok
10:44:06.0390 1936  asc - ok
10:44:06.0484 1936  asc3350p - ok
10:44:06.0500 1936  asc3550 - ok
10:44:06.0765 1936  [ D33C507942299753868204CC7642FA27 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:44:06.0843 1936  aspnet_state - ok
10:44:06.0890 1936  [ B9FE438B3CAD82B2014710349A2022F7 ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
10:44:06.0937 1936  aswFsBlk - ok
10:44:07.0046 1936  [ AE5549DD21F6DE06406031EF1D51ACC3 ] aswMonFlt      C:\WINDOWS\system32\drivers\aswMonFlt.sys
10:44:07.0171 1936  aswMonFlt - ok
10:44:07.0218 1936  [ D084D0A7A66619FC29776CBBB9D5FA55 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
10:44:07.0250 1936  AswRdr - ok
10:44:07.0343 1936  [ FA72FA503F580C3C628DD8C7D7622E37 ] aswRvrt        C:\WINDOWS\system32\drivers\aswRvrt.sys
10:44:07.0375 1936  aswRvrt - ok
10:44:07.0468 1936  [ 4D53349D848C6BADB3D4ACBE98C27676 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
10:44:07.0625 1936  aswSnx - ok
10:44:07.0687 1936  [ 813024DFD54A41B3AFAE2B1E2796CB80 ] aswSP          C:\WINDOWS\system32\drivers\aswSP.sys
10:44:07.0828 1936  aswSP - ok
10:44:07.0859 1936  [ 5E18413310134130D7772F0668698CB7 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
10:44:07.0890 1936  aswTdi - ok
10:44:07.0953 1936  [ A5F637D61719D37A5B4868C385E363C0 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
10:44:07.0984 1936  aswVmm - ok
10:44:08.0046 1936  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:44:08.0593 1936  AsyncMac - ok
10:44:08.0671 1936  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi          C:\WINDOWS\system32\DRIVERS\atapi.sys
10:44:09.0156 1936  atapi - ok
10:44:09.0171 1936  Atdisk - ok
10:44:09.0328 1936  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc        C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:44:10.0000 1936  Atmarpc - ok
10:44:10.0046 1936  [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
10:44:10.0656 1936  AudioSrv - ok
10:44:10.0718 1936  [ D9F724AA26C010A217C97606B160ED68 ] audstub        C:\WINDOWS\system32\DRIVERS\audstub.sys
10:44:11.0203 1936  audstub - ok
10:44:11.0343 1936  [ 9330941C8F6DF417F6DBBE998DB6687E ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
10:44:11.0359 1936  avast! Antivirus - ok
10:44:11.0453 1936  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:44:12.0015 1936  Beep - ok
10:44:12.0109 1936  [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS            C:\WINDOWS\system32\qmgr.dll
10:44:12.0953 1936  BITS - ok
10:44:13.0015 1936  [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser        C:\WINDOWS\System32\browser.dll
10:44:13.0484 1936  Browser - ok
10:44:13.0562 1936  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k        C:\WINDOWS\system32\drivers\cbidf2k.sys
10:44:14.0218 1936  cbidf2k - ok
10:44:14.0265 1936  [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8        C:\Programme\Canon\CAL\CALMAIN.exe
10:44:14.0453 1936  CCALib8 ( UnsignedFile.Multi.Generic ) - warning
10:44:14.0453 1936  CCALib8 - detected UnsignedFile.Multi.Generic (1)
10:44:14.0562 1936  [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:44:15.0109 1936  CCDECODE - ok
10:44:15.0109 1936  cd20xrnt - ok
10:44:15.0171 1936  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio        C:\WINDOWS\system32\drivers\Cdaudio.sys
10:44:15.0609 1936  Cdaudio - ok
10:44:15.0671 1936  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
10:44:16.0187 1936  Cdfs - ok
10:44:16.0218 1936  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom          C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:44:16.0875 1936  Cdrom - ok
10:44:16.0890 1936  Changer - ok
10:44:16.0968 1936  [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc          C:\WINDOWS\system32\cisvc.exe
10:44:17.0562 1936  CiSvc - ok
10:44:17.0593 1936  [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv        C:\WINDOWS\system32\clipsrv.exe
10:44:18.0281 1936  ClipSrv - ok
10:44:18.0343 1936  [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:44:18.0453 1936  clr_optimization_v2.0.50727_32 - ok
10:44:18.0515 1936  CmdIde - ok
10:44:18.0640 1936  [ 9120C9CAAC11A6149B6B1EB1598733B6 ] cmpci          C:\WINDOWS\system32\drivers\cmaudio.sys
10:44:19.0000 1936  cmpci - ok
10:44:19.0015 1936  COMSysApp - ok
10:44:19.0109 1936  Cpqarray - ok
10:44:19.0250 1936  [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
10:44:19.0812 1936  CryptSvc - ok
10:44:19.0828 1936  dac2w2k - ok
10:44:19.0906 1936  dac960nt - ok
10:44:20.0046 1936  [ 9F28FF58D6D67B123272869D89D14004 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:44:20.0843 1936  DcomLaunch - ok
10:44:20.0906 1936  [ 69F986B2688BA95A0D9362B0E233D5FF ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
10:44:21.0578 1936  Dhcp - ok
10:44:21.0656 1936  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
10:44:22.0218 1936  Disk - ok
10:44:22.0296 1936  dmadmin - ok
10:44:22.0390 1936  [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
10:44:23.0109 1936  dmboot - ok
10:44:23.0156 1936  [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
10:44:23.0796 1936  dmio - ok
10:44:23.0843 1936  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
10:44:24.0437 1936  dmload - ok
10:44:24.0468 1936  [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver        C:\WINDOWS\System32\dmserver.dll
10:44:25.0093 1936  dmserver - ok
10:44:25.0140 1936  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
10:44:25.0718 1936  DMusic - ok
10:44:25.0765 1936  [ D1F5B71BBAEEE07B78980DBD878C0BC7 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:44:26.0343 1936  Dnscache - ok
10:44:26.0359 1936  dpti2o - ok
10:44:26.0421 1936  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud        C:\WINDOWS\system32\drivers\drmkaud.sys
10:44:26.0968 1936  drmkaud - ok
10:44:27.0062 1936  [ 877A4512CC9074D6954776AF47021766 ] ERSvc          C:\WINDOWS\System32\ersvc.dll
10:44:27.0562 1936  ERSvc - ok
10:44:27.0625 1936  [ EDB6B81761BD60F32F740BBC40AFB676 ] Eventlog        C:\WINDOWS\system32\services.exe
10:44:28.0265 1936  Eventlog - ok
10:44:28.0296 1936  [ 4E1A8645EE77CB9454FFE53C59620A25 ] EventSystem    C:\WINDOWS\system32\es.dll
10:44:28.0906 1936  EventSystem - ok
10:44:28.0953 1936  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat        C:\WINDOWS\system32\drivers\Fastfat.sys
10:44:29.0406 1936  Fastfat - ok
10:44:29.0468 1936  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:44:29.0968 1936  FastUserSwitchingCompatibility - ok
10:44:30.0031 1936  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc            C:\WINDOWS\system32\drivers\Fdc.sys
10:44:30.0531 1936  Fdc - ok
10:44:30.0578 1936  [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
10:44:31.0156 1936  Fips - ok
10:44:31.0203 1936  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
10:44:31.0796 1936  Flpydisk - ok
10:44:31.0859 1936  [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:44:32.0296 1936  FltMgr - ok
10:44:32.0328 1936  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:44:32.0828 1936  Fs_Rec - ok
10:44:32.0890 1936  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:44:33.0546 1936  Ftdisk - ok
10:44:33.0562 1936  [ 5F92FD09E5610A5995DA7D775EADCD12 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
10:44:34.0187 1936  gameenum - ok
10:44:34.0218 1936  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc            C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:44:34.0609 1936  Gpc - ok
10:44:34.0703 1936  [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc        C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:44:35.0296 1936  helpsvc - ok
10:44:35.0406 1936  [ 923EE4EEF2582909A056904CA8026015 ] hidgame        C:\WINDOWS\system32\DRIVERS\hidgame.sys
10:44:35.0984 1936  hidgame - ok
10:44:36.0000 1936  HidServ - ok
10:44:36.0046 1936  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:44:36.0500 1936  HidUsb - ok
10:44:36.0515 1936  hpn - ok
10:44:36.0593 1936  [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
10:44:37.0125 1936  HTTP - ok
10:44:37.0203 1936  [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
10:44:37.0828 1936  HTTPFilter - ok
10:44:37.0843 1936  i2omgmt - ok
10:44:37.0859 1936  i2omp - ok
10:44:37.0906 1936  [ 7C575018D0413440D75432A78B88C899 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:44:38.0421 1936  i8042prt - ok
10:44:38.0609 1936  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
10:44:38.0765 1936  IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:44:38.0765 1936  IDriverT - detected UnsignedFile.Multi.Generic (1)
10:44:38.0828 1936  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi          C:\WINDOWS\system32\DRIVERS\imapi.sys
10:44:39.0359 1936  Imapi - ok
10:44:39.0500 1936  [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService    C:\WINDOWS\system32\imapi.exe
10:44:40.0031 1936  ImapiService - ok
10:44:40.0046 1936  InCDFs - ok
10:44:40.0109 1936  InCDPass - ok
10:44:40.0140 1936  InCDRm - ok
10:44:40.0281 1936  ini910u - ok
10:44:40.0421 1936  [ D63C33F65F6EBC732116403D88883B2D ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
10:44:40.0906 1936  IntelIde - ok
10:44:40.0968 1936  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw          C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:44:41.0609 1936  Ip6Fw - ok
10:44:41.0640 1936  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:44:42.0187 1936  IpFilterDriver - ok
10:44:42.0250 1936  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:44:42.0734 1936  IpInIp - ok
10:44:42.0765 1936  [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat          C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:44:43.0359 1936  IpNat - ok
10:44:43.0421 1936  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec          C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:44:43.0953 1936  IPSec - ok
10:44:44.0031 1936  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
10:44:44.0359 1936  IRENUM - ok
10:44:44.0437 1936  [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:44:44.0890 1936  isapnp - ok
10:44:44.0953 1936  [ 1988A33FF19242576C3D0EF9CE785DA7 ] Kbardsentca    C:\WINDOWS\system32\drivers\MSPQM.sys
10:44:45.0625 1936  Kbardsentca - ok
10:44:45.0671 1936  [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:44:46.0218 1936  Kbdclass - ok
10:44:46.0265 1936  [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
10:44:46.0781 1936  kmixer - ok
10:44:46.0828 1936  [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
10:44:47.0453 1936  KSecDD - ok
10:44:47.0515 1936  [ F8170AA51CD202BC062B8A0983F361B7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
10:44:48.0203 1936  lanmanserver - ok
10:44:48.0234 1936  [ 36D74668F5448D55887FA3958488DC06 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:44:48.0953 1936  lanmanworkstation - ok
10:44:49.0046 1936  lbrtfdc - ok
10:44:49.0109 1936  [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts        C:\WINDOWS\System32\lmhsvc.dll
10:44:49.0578 1936  LmHosts - ok
10:44:49.0656 1936  [ A8FE41A339CEB3B517321A7FF0ED67C5 ] LwAdiHid        C:\WINDOWS\system32\DRIVERS\LwAdiHid.sys
10:44:50.0250 1936  LwAdiHid - ok
10:44:50.0281 1936  [ B749B05D5A7AD704E47D4565B4894D99 ] mbamchameleon  C:\WINDOWS\system32\drivers\mbamchameleon.sys
10:44:50.0359 1936  mbamchameleon - ok
10:44:50.0390 1936  [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger      C:\WINDOWS\System32\msgsvc.dll
10:44:51.0093 1936  Messenger - ok
10:44:51.0140 1936  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd          C:\WINDOWS\system32\drivers\mnmdd.sys
10:44:51.0656 1936  mnmdd - ok
10:44:51.0718 1936  [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc        C:\WINDOWS\system32\mnmsrvc.exe
10:44:52.0421 1936  mnmsrvc - ok
10:44:52.0453 1936  [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem          C:\WINDOWS\system32\drivers\Modem.sys
10:44:52.0968 1936  Modem - ok
10:44:53.0015 1936  [ 71E15CA47FD947552054AFB28536268F ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:44:53.0468 1936  Mouclass - ok
10:44:53.0484 1936  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:44:54.0171 1936  mouhid - ok
10:44:54.0218 1936  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
10:44:54.0781 1936  MountMgr - ok
10:44:54.0875 1936  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
10:44:54.0968 1936  MozillaMaintenance - ok
10:44:54.0968 1936  mraid35x - ok
10:44:55.0062 1936  [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:44:55.0640 1936  MRxDAV - ok
10:44:55.0687 1936  [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:44:56.0234 1936  MRxSmb - ok
10:44:56.0312 1936  [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC          C:\WINDOWS\system32\msdtc.exe
10:44:56.0906 1936  MSDTC - ok
10:44:56.0968 1936  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:44:57.0609 1936  Msfs - ok
10:44:57.0625 1936  MSIServer - ok
10:44:57.0671 1936  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV        C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:44:58.0203 1936  MSKSSRV - ok
10:44:58.0234 1936  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:44:58.0875 1936  MSPCLOCK - ok
10:44:58.0906 1936  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM          C:\WINDOWS\system32\drivers\MSPQM.sys
10:44:59.0546 1936  MSPQM - ok
10:44:59.0609 1936  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:45:00.0234 1936  mssmbios - ok
10:45:00.0281 1936  [ BF13612142995096AB084F2DB7F40F77 ] MSTEE          C:\WINDOWS\system32\drivers\MSTEE.sys
10:45:00.0750 1936  MSTEE - ok
10:45:00.0781 1936  [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401      C:\WINDOWS\system32\drivers\msmpu401.sys
10:45:01.0453 1936  ms_mpu401 - ok
10:45:01.0500 1936  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup            C:\WINDOWS\system32\drivers\Mup.sys
10:45:02.0078 1936  Mup - ok
10:45:02.0140 1936  [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:45:02.0687 1936  NABTSFEC - ok
10:45:02.0750 1936  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
10:45:03.0343 1936  NDIS - ok
10:45:03.0390 1936  [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:45:03.0875 1936  NdisIP - ok
10:45:03.0906 1936  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:45:04.0421 1936  NdisTapi - ok
10:45:04.0453 1936  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio        C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:45:05.0203 1936  Ndisuio - ok
10:45:05.0234 1936  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan        C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:45:05.0687 1936  NdisWan - ok
10:45:05.0718 1936  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy        C:\WINDOWS\system32\drivers\NDProxy.sys
10:45:06.0359 1936  NDProxy - ok
10:45:06.0359 1936  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS        C:\WINDOWS\system32\DRIVERS\netbios.sys
10:45:06.0968 1936  NetBIOS - ok
10:45:07.0000 1936  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT          C:\WINDOWS\system32\DRIVERS\netbt.sys
10:45:07.0703 1936  NetBT - ok
10:45:07.0750 1936  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE          C:\WINDOWS\system32\netdde.exe
10:45:08.0406 1936  NetDDE - ok
10:45:08.0421 1936  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
10:45:09.0031 1936  NetDDEdsdm - ok
10:45:09.0078 1936  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon        C:\WINDOWS\system32\lsass.exe
10:45:09.0656 1936  Netlogon - ok
10:45:09.0687 1936  [ CDF4DA6B518105343FE9E8AFBBF8FBF4 ] Netman          C:\WINDOWS\System32\netman.dll
10:45:10.0296 1936  Netman - ok
10:45:10.0375 1936  [ B36E08F680BAE4DFC5C24D00A2DFC9E7 ] Nla            C:\WINDOWS\System32\mswsock.dll
10:45:10.0921 1936  Nla - ok
10:45:10.0968 1936  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:45:11.0453 1936  Npfs - ok
10:45:11.0625 1936  [ B78BE402C3F63DD55521F73876951CDD ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
10:45:12.0359 1936  Ntfs - ok
10:45:12.0390 1936  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp        C:\WINDOWS\system32\lsass.exe
10:45:12.0921 1936  NtLmSsp - ok
10:45:13.0000 1936  [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc        C:\WINDOWS\system32\ntmssvc.dll
10:45:13.0718 1936  NtmsSvc - ok
10:45:13.0765 1936  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:45:14.0328 1936  Null - ok
10:45:14.0484 1936  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:45:15.0375 1936  nv - ok
10:45:15.0406 1936  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:45:15.0937 1936  NwlnkFlt - ok
10:45:16.0031 1936  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:45:16.0734 1936  NwlnkFwd - ok
10:45:16.0765 1936  [ B2F17A2EDB5450E61973A037F63A595B ] Parport        C:\WINDOWS\system32\DRIVERS\parport.sys
10:45:17.0250 1936  Parport - ok
10:45:17.0312 1936  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr        C:\WINDOWS\system32\drivers\PartMgr.sys
10:45:17.0843 1936  PartMgr - ok
10:45:17.0953 1936  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
10:45:18.0546 1936  ParVdm - ok
10:45:18.0578 1936  [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI            C:\WINDOWS\system32\DRIVERS\pci.sys
10:45:19.0078 1936  PCI - ok
10:45:19.0078 1936  PCIDump - ok
10:45:19.0156 1936  PCIIde - ok
10:45:19.0281 1936  [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
10:45:19.0859 1936  Pcmcia - ok
10:45:19.0859 1936  PDCOMP - ok
10:45:19.0875 1936  PDFRAME - ok
10:45:19.0968 1936  PDRELI - ok
10:45:20.0062 1936  PDRFRAME - ok
10:45:20.0140 1936  perc2 - ok
10:45:20.0218 1936  perc2hib - ok
10:45:20.0359 1936  [ EDB6B81761BD60F32F740BBC40AFB676 ] PlugPlay        C:\WINDOWS\system32\services.exe
10:45:21.0062 1936  PlugPlay - ok
10:45:21.0140 1936  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent    C:\WINDOWS\system32\lsass.exe
10:45:21.0796 1936  PolicyAgent - ok
10:45:21.0843 1936  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:45:22.0421 1936  PptpMiniport - ok
10:45:22.0500 1936  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:45:22.0968 1936  ProtectedStorage - ok
10:45:23.0000 1936  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
10:45:23.0531 1936  PSched - ok
10:45:23.0750 1936  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink        C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:45:24.0328 1936  Ptilink - ok
10:45:24.0359 1936  ql1080 - ok
10:45:24.0375 1936  Ql10wnt - ok
10:45:24.0390 1936  ql12160 - ok
10:45:24.0421 1936  ql1240 - ok
10:45:24.0453 1936  ql1280 - ok
10:45:24.0515 1936  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:45:25.0015 1936  RasAcd - ok
10:45:25.0078 1936  [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto        C:\WINDOWS\System32\rasauto.dll
10:45:25.0859 1936  RasAuto - ok
10:45:25.0890 1936  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp        C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:45:26.0328 1936  Rasl2tp - ok
10:45:26.0390 1936  [ A5D2D745A2AEFA327DCA6DA317B5FD70 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:45:27.0062 1936  RasMan - ok
10:45:27.0109 1936  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:45:27.0718 1936  RasPppoe - ok
10:45:27.0781 1936  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
10:45:28.0359 1936  Raspti - ok
10:45:28.0406 1936  [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss          C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:45:29.0109 1936  Rdbss - ok
10:45:29.0125 1936  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:45:29.0734 1936  RDPCDD - ok
10:45:29.0812 1936  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr          C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:45:30.0437 1936  rdpdr - ok
10:45:30.0593 1936  [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD          C:\WINDOWS\system32\drivers\RDPWD.sys
10:45:31.0109 1936  RDPWD - ok
10:45:31.0140 1936  [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr      C:\WINDOWS\system32\sessmgr.exe
10:45:31.0875 1936  RDSessMgr - ok
10:45:31.0937 1936  [ AA56702E230860565CB8D43680F57F33 ] redbook        C:\WINDOWS\system32\DRIVERS\redbook.sys
10:45:32.0515 1936  redbook - ok
10:45:32.0546 1936  [ EBA80CDF25E02084857957E820004934 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:45:33.0265 1936  RemoteAccess - ok
10:45:33.0343 1936  [ AE81CF7D7CFA79CD03E8FB99788A7E09 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
10:45:34.0390 1936  RemoteRegistry - ok
10:45:34.0437 1936  [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator      C:\WINDOWS\system32\locator.exe
10:45:34.0968 1936  RpcLocator - ok
10:45:35.0046 1936  [ 9F28FF58D6D67B123272869D89D14004 ] RpcSs          C:\WINDOWS\system32\rpcss.dll
10:45:35.0875 1936  RpcSs - ok
10:45:35.0921 1936  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
10:45:36.0546 1936  RSVP - ok
10:45:36.0593 1936  [ D507C1400284176573224903819FFDA3 ] rtl8139        C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
10:45:37.0203 1936  rtl8139 - ok
10:45:37.0218 1936  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs          C:\WINDOWS\system32\lsass.exe
10:45:37.0859 1936  SamSs - ok
10:45:37.0906 1936  [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
10:45:38.0562 1936  SCardSvr - ok
10:45:38.0609 1936  [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:45:39.0125 1936  Schedule - ok
10:45:39.0156 1936  [ D26E26EA516450AF9D072635C60387F4 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:45:39.0468 1936  Secdrv - ok
10:45:39.0531 1936  [ FED544B43903FB801B106F062110358A ] seclogon        C:\WINDOWS\System32\seclogon.dll
10:45:40.0218 1936  seclogon - ok
10:45:40.0250 1936  [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS            C:\WINDOWS\system32\sens.dll
10:45:40.0937 1936  SENS - ok
10:45:40.0953 1936  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum        C:\WINDOWS\system32\DRIVERS\serenum.sys
10:45:41.0609 1936  serenum - ok
10:45:41.0640 1936  [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
10:45:42.0140 1936  Serial - ok
10:45:42.0156 1936  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy        C:\WINDOWS\system32\drivers\Sfloppy.sys
10:45:42.0640 1936  Sfloppy - ok
10:45:42.0703 1936  [ 9245420422E409A25C1410ACB4244060 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
10:45:43.0390 1936  SharedAccess - ok
10:45:43.0437 1936  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:45:44.0015 1936  ShellHWDetection - ok
10:45:44.0015 1936  Simbad - ok
10:45:44.0078 1936  [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:45:44.0562 1936  SLIP - ok
10:45:44.0828 1936  [ F3CC67EBBD33EC8D87BE51169B5ADD6D ] SmcService      C:\Programme\Sygate\SPF\smc.exe
10:45:45.0062 1936  SmcService - ok
10:45:45.0687 1936  [ 8C5AF605A85C5214D40542D933DA737C ] SNP2STD        C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
10:45:47.0406 1936  SNP2STD - ok
10:45:47.0484 1936  [ 8A12AB5DE877B8F97D5EE70E16A5C9B2 ] Sophos AutoUpdate Service c:\Programme\Sophos\AutoUpdate\ALsvc.exe
10:45:47.0656 1936  Sophos AutoUpdate Service - ok
10:45:47.0671 1936  Sparrow - ok
10:45:47.0750 1936  [ 8E186B8F23295D1E42C573B82B80D548 ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
10:45:48.0484 1936  splitter - ok
10:45:48.0531 1936  [ 54E7113A4BD696E430919BCAF5C65E06 ] Spooler        C:\WINDOWS\system32\spoolsv.exe
10:45:49.0203 1936  Spooler - ok
10:45:49.0296 1936  [ 87E7F21843FCDC6AF1967A928929CFF9 ] sptd            C:\WINDOWS\system32\Drivers\sptd.sys
10:45:49.0296 1936  Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 87E7F21843FCDC6AF1967A928929CFF9
10:45:49.0312 1936  sptd ( LockedFile.Multi.Generic ) - warning
10:45:49.0312 1936  sptd - detected LockedFile.Multi.Generic (1)
10:45:49.0375 1936  [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
10:45:49.0765 1936  sr - ok
10:45:49.0796 1936  [ 015F302C4CF961F20C3F98F3A7CA7917 ] srservice      C:\WINDOWS\system32\srsvc.dll
10:45:50.0765 1936  srservice - ok
10:45:50.0796 1936  [ 20B7E396720353E4117D64D9DCB926CA ] Srv            C:\WINDOWS\system32\DRIVERS\srv.sys
10:45:51.0453 1936  Srv - ok
10:45:51.0531 1936  [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV        C:\WINDOWS\System32\ssdpsrv.dll
10:45:52.0890 1936  SSDPSRV - ok
10:45:52.0937 1936  [ 71D609C5DFF067906D930BDE031C4CFE ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:45:53.0125 1936  ssmdrv ( UnsignedFile.Multi.Generic ) - warning
10:45:53.0125 1936  ssmdrv - detected UnsignedFile.Multi.Generic (1)
10:45:53.0234 1936  [ AB2B9349ADA4AC5EC74B622B8303FE23 ] StarWindService C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
10:45:53.0640 1936  StarWindService ( UnsignedFile.Multi.Generic ) - warning
10:45:53.0640 1936  StarWindService - detected UnsignedFile.Multi.Generic (1)
10:45:53.0718 1936  [ 7E751068ADA60FC77638622E86A7CD9E ] stisvc          C:\WINDOWS\system32\wiaservc.dll
10:45:54.0468 1936  stisvc - ok
10:45:54.0546 1936  [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:45:55.0031 1936  streamip - ok
10:45:55.0062 1936  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
10:45:55.0703 1936  swenum - ok
10:45:55.0750 1936  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
10:45:56.0312 1936  swmidi - ok
10:45:56.0328 1936  SwPrv - ok
10:45:56.0406 1936  symc810 - ok
10:45:56.0484 1936  symc8xx - ok
10:45:56.0562 1936  sym_hi - ok
10:45:56.0593 1936  sym_u3 - ok
10:45:56.0703 1936  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
10:45:57.0484 1936  sysaudio - ok
10:45:57.0546 1936  [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog      C:\WINDOWS\system32\smlogsvc.exe
10:45:58.0234 1936  SysmonLog - ok
10:45:58.0265 1936  [ 4584E2A5FE662AB3E7C32936E1449043 ] TapiSrv        C:\WINDOWS\System32\tapisrv.dll
10:45:58.0921 1936  TapiSrv - ok
10:45:59.0000 1936  [ 09EB23A4567BDD56D9580A059E616E23 ] Tcpip          C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:45:59.0171 1936  Tcpip ( UnsignedFile.Multi.Generic ) - warning
10:45:59.0171 1936  Tcpip - detected UnsignedFile.Multi.Generic (1)
10:45:59.0218 1936  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
10:45:59.0765 1936  TDPIPE - ok
10:45:59.0812 1936  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP          C:\WINDOWS\system32\drivers\TDTCP.sys
10:46:00.0921 1936  TDTCP - ok
10:46:01.0625 1936  [ 576918B02840A360702051BC4269B13F ] TeamViewer8    C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
10:46:02.0890 1936  TeamViewer8 - ok
10:46:02.0984 1936  [ 64E59FCF5F81F55442E8476CE8E54CA0 ] Teefer          C:\WINDOWS\system32\Drivers\Teefer.sys
10:46:03.0078 1936  Teefer ( UnsignedFile.Multi.Generic ) - warning
10:46:03.0078 1936  Teefer - detected UnsignedFile.Multi.Generic (1)
10:46:03.0125 1936  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
10:46:03.0625 1936  TermDD - ok
10:46:03.0687 1936  [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService    C:\WINDOWS\System32\termsrv.dll
10:46:04.0437 1936  TermService - ok
10:46:04.0468 1936  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] Themes          C:\WINDOWS\System32\shsvcs.dll
10:46:05.0187 1936  Themes - ok
10:46:05.0234 1936  [ 58708746B8267033E5CF2B29659E7F74 ] TlntSvr        C:\WINDOWS\system32\tlntsvr.exe
10:46:05.0750 1936  TlntSvr - ok
10:46:05.0765 1936  TosIde - ok
10:46:05.0875 1936  [ A34E894201D66E380E1FA96FE11B587E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
10:46:06.0531 1936  TrkWks - ok
10:46:06.0593 1936  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
10:46:07.0234 1936  Udfs - ok
10:46:07.0250 1936  ultra - ok
10:46:07.0281 1936  [ 1977313E362C8732C1AF4D1BCB9C06B7 ] UMWdf          C:\WINDOWS\system32\wdfmgr.exe
10:46:07.0765 1936  UMWdf - ok
10:46:07.0828 1936  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
10:46:08.0296 1936  Update - ok
10:46:08.0343 1936  [ 09D4A2D7C5A8ABEC227D118765FAADDF ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:46:08.0796 1936  upnphost - ok
10:46:08.0828 1936  [ A99F867E76CFDAA28EE305B93F70E84F ] UPS            C:\WINDOWS\System32\ups.exe
10:46:09.0453 1936  UPS - ok
10:46:09.0484 1936  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:46:10.0000 1936  usbhub - ok
10:46:10.0140 1936  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan        C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:46:10.0671 1936  usbscan - ok
10:46:10.0718 1936  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR        C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:46:11.0218 1936  USBSTOR - ok
10:46:11.0250 1936  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci        C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:46:11.0812 1936  usbuhci - ok
10:46:11.0859 1936  [ 92CEBC2BC7BE2C8D49391B365569F306 ] vaxscsi        C:\WINDOWS\System32\Drivers\vaxscsi.sys
10:46:11.0875 1936  Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92CEBC2BC7BE2C8D49391B365569F306
10:46:11.0890 1936  vaxscsi ( LockedFile.Multi.Generic ) - warning
10:46:11.0890 1936  vaxscsi - detected LockedFile.Multi.Generic (1)
10:46:11.0937 1936  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave        C:\WINDOWS\System32\drivers\vga.sys
10:46:12.0390 1936  VgaSave - ok
10:46:12.0406 1936  ViaIde - ok
10:46:12.0468 1936  [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap        C:\WINDOWS\system32\drivers\VolSnap.sys
10:46:13.0000 1936  VolSnap - ok
10:46:13.0046 1936  [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS            C:\WINDOWS\System32\vssvc.exe
10:46:13.0625 1936  VSS - ok
10:46:13.0703 1936  [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time        C:\WINDOWS\system32\w32time.dll
10:46:14.0375 1936  W32Time - ok
10:46:14.0406 1936  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:46:14.0890 1936  Wanarp - ok
10:46:14.0906 1936  WDICA - ok
10:46:14.0953 1936  [ 2797F33EBF50466020C430EE4F037933 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
10:46:15.0578 1936  wdmaud - ok
10:46:15.0609 1936  [ 1EB51FEEA9D3208EAE60604F4346C02E ] WebClient      C:\WINDOWS\System32\webclnt.dll
10:46:16.0296 1936  WebClient - ok
10:46:16.0328 1936  [ 8E95E30E9031C3AC25EC2455DA19831F ] wg3n            C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
10:46:16.0500 1936  wg3n ( UnsignedFile.Multi.Generic ) - warning
10:46:16.0500 1936  wg3n - detected UnsignedFile.Multi.Generic (1)
10:46:16.0640 1936  [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt        C:\WINDOWS\system32\wbem\WMIsvc.dll
10:46:17.0171 1936  winmgmt - ok
10:46:17.0296 1936  [ 5FDCCC838CD95F61097D8A637F842AA8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
10:46:17.0921 1936  WmdmPmSN - ok
10:46:17.0984 1936  [ 9CBB06E4438D6A0D52A46E0B44796D37 ] Wmi            C:\WINDOWS\System32\advapi32.dll
10:46:18.0687 1936  Wmi - ok
10:46:18.0859 1936  [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:46:19.0375 1936  WmiApSrv - ok
10:46:19.0390 1936  [ F62A090F00C5B4E597E8AA4B1048CE05 ] wpsdrvnt        C:\WINDOWS\system32\drivers\wpsdrvnt.sys
10:46:19.0562 1936  wpsdrvnt ( UnsignedFile.Multi.Generic ) - warning
10:46:19.0562 1936  wpsdrvnt - detected UnsignedFile.Multi.Generic (1)
10:46:19.0656 1936  [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
10:46:20.0375 1936  wscsvc - ok
10:46:20.0421 1936  [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:46:20.0921 1936  WSTCODEC - ok
10:46:20.0953 1936  [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
10:46:21.0687 1936  wuauserv - ok
10:46:21.0781 1936  [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
10:46:22.0578 1936  WZCSVC - ok
10:46:22.0640 1936  [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov        C:\WINDOWS\System32\xmlprov.dll
10:46:23.0296 1936  xmlprov - ok
10:46:23.0312 1936  ================ Scan global ===============================
10:46:23.0390 1936  [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
10:46:23.0468 1936  [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll
10:46:23.0640 1936  [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll
10:46:23.0828 1936  [ EDB6B81761BD60F32F740BBC40AFB676 ] C:\WINDOWS\system32\services.exe
10:46:23.0890 1936  [Global] - ok
10:46:23.0953 1936  ================ Scan MBR ==================================
10:46:23.0968 1936  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
10:46:25.0640 1936  \Device\Harddisk0\DR0 - ok
10:46:25.0656 1936  ================ Scan VBR ==================================
10:46:25.0687 1936  [ D7570C01026DEA662DA683AF40399D1A ] \Device\Harddisk0\DR0\Partition1
10:46:25.0687 1936  \Device\Harddisk0\DR0\Partition1 - ok
10:46:25.0734 1936  [ 3FF55E3A650A7955AB6B83B31FA29385 ] \Device\Harddisk0\DR0\Partition2
10:46:25.0734 1936  \Device\Harddisk0\DR0\Partition2 - ok
10:46:25.0796 1936  [ 87B48A5169851BA98B6AEB60CB5BF175 ] \Device\Harddisk0\DR0\Partition3
10:46:25.0796 1936  \Device\Harddisk0\DR0\Partition3 - ok
10:46:25.0796 1936  ============================================================
10:46:25.0796 1936  Scan finished
10:46:25.0796 1936  ============================================================
10:46:25.0984 1900  Detected object count: 12
10:46:25.0984 1900  Actual detected object count: 12
10:59:12.0218 1900  System memory ( MEM:Backdoor.Win32.Sinowal.d ) - skipped by user
10:59:12.0218 1900  System memory ( MEM:Backdoor.Win32.Sinowal.d ) - User select action: Skip
10:59:12.0218 1900  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0218 1900  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0250 1900  CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0250 1900  CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0250 1900  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0250 1900  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0281 1900  sptd ( LockedFile.Multi.Generic ) - skipped by user
10:59:12.0281 1900  sptd ( LockedFile.Multi.Generic ) - User select action: Skip
10:59:12.0312 1900  ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0312 1900  ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0312 1900  StarWindService ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0312 1900  StarWindService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0375 1900  Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0375 1900  Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0375 1900  Teefer ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0375 1900  Teefer ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0390 1900  vaxscsi ( LockedFile.Multi.Generic ) - skipped by user
10:59:12.0390 1900  vaxscsi ( LockedFile.Multi.Generic ) - User select action: Skip
10:59:12.0437 1900  wg3n ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0437 1900  wg3n ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:59:12.0437 1900  wpsdrvnt ( UnsignedFile.Multi.Generic ) - skipped by user
10:59:12.0437 1900  wpsdrvnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
Nun meine Frage: Ich nehme an, dass das eine ernstzunehmende Infektion ist. Besteht die Möglichkeit, das zum Einen zu lokalisieren und zum Anderen auch wieder loszuwerden, ohne den Rechner neu aufsetzen zu müssen?

Besten Dank schon mal!

pummel

schrauber 01.10.2013 10:46
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


pummelfee 01.10.2013 11:47
Hallo Schrauber,

Das ging ja fix :). Hier sind die log-Files.

1. FRST.txt

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by winnie (administrator) on ASGARD on 01-10-2013 12:19:41
Running from C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 6
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Sygate Technologies, Inc.) C:\Programme\Sygate\SPF\smc.exe
(AVAST Software) C:\Programme\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
(Sophos Limited) c:\Programme\Sophos\AutoUpdate\ALsvc.exe
(Rocket Division Software) C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
(Canon Inc.) C:\Programme\Canon\CAL\CALMAIN.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Desktop.exe
(TeamViewer GmbH) c:\programme\teamviewer\version8\TeamViewer.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
(shbox.de) C:\Programme\FreePDF_XP\fpassist.exe
(C-Media Electronic Inc. (www.cmedia.com.tw)) C:\WINDOWS\Mixer.exe
(Sonix) C:\WINDOWS\vsnp2std.exe
(ArcSoft Inc.) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\tv_w32.exe
(Sophos Limited) C:\Programme\Sophos\AutoUpdate\almon.exe
(AVAST Software) C:\Programme\AVAST Software\Avast\avastUI.exe
(Nero AG) C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
(ArcSoft Inc.) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SmcService] - C:\PROGRA~1\Sygate\SPF\smc.exe [2372760 2004-02-24] (Sygate Technologies, Inc.)
HKLM\...\Run: [NWEReboot] - [x]
HKLM\...\Run: [CorelDRAW Graphics Suite 11b] - C:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe [733184 2003-11-28] (Corel Corporation)
HKLM\...\Run: [EPSON Stylus C86 Series] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE [99840 2003-11-25] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FreePDF Assistant] - C:\Programme\FreePDF_XP\fpassist.exe [312320 2007-06-26] (shbox.de)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [C-Media Mixer] - Mixer.exe /startup
HKLM\...\Run: [snp2std] - C:\WINDOWS\vsnp2std.exe [675840 2006-09-15] (Sonix)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [ArcSoft Connection Service] - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Sophos AutoUpdate Monitor] - c:\Programme\Sophos\AutoUpdate\almon.exe [900160 2012-07-06] (Sophos Limited)
HKLM\...\Run: [avast] - C:\Programme\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [94208 2005-09-08] (Nero AG)
HKU\basti\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [ 2005-09-08] (Nero AG)
HKU\basti\...\Run: [mscj.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscj.exe
HKU\basti\...\Run: [mscjm.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscjm.exe
HKU\basti\...\Run: [WdHelpSnap] - rundll32.exe "C:\Dokumente und Einstellungen\basti\Lokale Einstellungen\Anwendungsdaten\isaUser32\WdHelpSnap.dll",Applemapdrv userMouseman
HKU\basti\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe [ 2010-12-30] (Adobe Systems, Inc.)
HKU\katharina\...\Run: [srvh] - "C:\WINDOWS\system32\srvh.exe" -autorun
HKU\margarete\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [ 2005-09-08] (Nero AG)
HKU\margarete\...\Run: [] - "srvh.exe" -autorun
HKU\margarete\...\Run: [srvh] - "C:\WINDOWS\system32\srvh.exe" -autorun
HKU\matthias\...\Run: [AdobeUpdater] - C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe [ 2009-01-12] (Adobe Systems Incorporated)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Dokumente und Einstellungen\margarete\Startmenü\Programme\Autostart\Monitor Apache Servers.lnk
ShortcutTarget: Monitor Apache Servers.lnk -> I:\mtpii\ws09\apache\bin\ApacheMonitor.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Mozilla\Firefox\Profiles\6lgj5dmp.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programme\Microsoft Silverlight\npctrl.1.0.20926.0.dll ( Microsoft Corporation)
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Mozilla\Firefox\Profiles\6lgj5dmp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype extension for Firefox - C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Programme\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Programme\AVAST Software\Avast\WebRep\FF

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2007-04-06] ()
R2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 CCALib8; C:\Programme\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117656 2013-09-03] (Mozilla Foundation)
R2 SmcService; C:\Programme\Sygate\SPF\smc.exe [2372760 2004-02-24] (Sygate Technologies, Inc.)
R2 Sophos AutoUpdate Service; c:\Programme\Sophos\AutoUpdate\ALsvc.exe [232512 2012-07-06] (Sophos Limited)
R2 StarWindService; C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [217600 2005-04-01] (Rocket Division Software)
R2 TeamViewer8; C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [5071712 2013-09-12] (TeamViewer GmbH)

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R3 cmpci; C:\Windows\System32\drivers\cmaudio.sys [374094 2002-03-26] (C-Media Inc)
S3 hidgame; C:\Windows\System32\DRIVERS\hidgame.sys [8576 2001-08-17] (Microsoft Corporation)
S3 Kbardsentca; C:\WINDOWS\system32\drivers\MSPQM.sys [4992 2004-08-03] (Microsoft Corporation)
S3 LwAdiHid; C:\Windows\System32\DRIVERS\LwAdiHid.sys [20864 2004-08-03] (Logitech Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [48728 2013-09-27] (MalwareBytes)
R3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation)
R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2004-11-11] ()
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12039552 2007-04-09] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [642560 2007-04-06] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [21248 2008-04-14] (AVIRA GmbH)
R0 Teefer; C:\Windows\System32\Drivers\Teefer.sys [55891 2004-02-02] (Sygate Technologies, Inc.)
R3 vaxscsi; C:\Windows\System32\Drivers\vaxscsi.sys [223128 2007-04-06] ()
R2 wg3n; C:\Windows\SYSTEM32\Drivers\wg3n.sys [11914 2004-02-02] (Sygate Technologies, Inc.)
R1 wpsdrvnt; C:\WINDOWS\system32\drivers\wpsdrvnt.sys [18518 2004-02-02] (Sygate Technologies, Inc.)
S4 InCDFs; system32\drivers\InCDFs.sys [x]
S1 InCDPass; system32\drivers\InCDPass.sys [x]
S1 InCDRm; system32\drivers\InCDRm.sys [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-30 16:14 - 2013-09-30 16:14 - 00000000 ____D C:\Programme\ESET
2013-09-28 16:42 - 2013-09-28 16:42 - 00000582 _____ C:\Dokumente und Einstellungen\winnie\Desktop\JRT.txt
2013-09-28 13:45 - 2013-10-01 12:19 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
2013-09-28 13:45 - 2013-09-28 13:45 - 00000000 ___DC C:\FRST
2013-09-27 20:48 - 2013-09-27 20:50 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-09-27 20:48 - 2013-09-27 20:48 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-27 12:16 - 2013-10-01 12:16 - 00000308 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-09-27 12:16 - 2013-09-27 12:16 - 00001653 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
2013-09-27 12:16 - 2013-09-27 12:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
2013-09-27 12:16 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00177864 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00049760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-09-27 12:16 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-09-27 12:12 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-09-27 12:10 - 2013-09-27 12:10 - 00000000 ____D C:\Programme\AVAST Software
2013-09-27 12:08 - 2013-09-27 12:10 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
2013-09-27 09:18 - 2013-09-26 18:08 - 131918888 _____ C:\Dokumente und Einstellungen\winnie\Desktop\avast_free_antivirus_setup.exe
2013-09-27 09:10 - 2013-09-27 09:10 - 00045082 _____ C:\Dokumente und Einstellungen\winnie\Desktop\OTL.Txt
2013-09-27 09:10 - 2013-09-27 09:10 - 00030338 _____ C:\Dokumente und Einstellungen\winnie\Desktop\Extras.Txt
2013-09-26 20:18 - 2013-09-26 20:18 - 00000756 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Malwarebytes
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
2013-09-26 20:17 - 2013-09-26 20:18 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-09-26 20:17 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-09-26 19:00 - 2013-09-26 19:00 - 00001998 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\AdwCleaner[S0].txt
2013-09-26 18:34 - 2013-09-28 16:49 - 00000000 ___DC C:\AdwCleaner
2013-09-26 18:33 - 2013-09-26 18:33 - 00000660 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\JRT.txt
2013-09-26 18:20 - 2013-09-26 18:20 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-26 18:19 - 2013-09-26 18:15 - 01030038 _____ (Thisisu) C:\Dokumente und Einstellungen\winnie\Desktop\JRT.exe
2013-09-26 18:17 - 2013-09-26 18:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Dokumente und Einstellungen\winnie\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-26 18:17 - 2013-09-26 18:14 - 00602112 _____ (OldTimer Tools) C:\Dokumente und Einstellungen\winnie\Desktop\OTL.exe
2013-09-26 18:15 - 2013-09-26 18:15 - 00002450 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\aswMBR.txt
2013-09-26 18:15 - 2013-09-26 18:15 - 00000512 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\MBR.dat
2013-09-26 13:02 - 2013-09-26 13:02 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-09-26 12:59 - 2013-09-27 20:48 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\mbar
2013-09-26 12:55 - 2013-09-26 12:54 - 02237968 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\winnie\Desktop\tdsskiller.exe
2013-09-26 12:22 - 2013-09-26 12:58 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\sophos
2013-09-26 12:10 - 2013-09-26 12:10 - 00001108 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\connections.reg
2013-09-26 09:57 - 2013-09-26 09:57 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Lokale Einstellungen\Anwendungsdaten\Sophos
2013-09-26 09:43 - 2013-09-27 18:59 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos
2013-09-26 09:43 - 2013-09-27 11:48 - 00000000 ____D C:\Programme\Sophos
2013-09-26 09:34 - 2013-09-26 09:34 - 00000000 ____D C:\Programme\MSXML 4.0
2013-09-25 16:21 - 2013-09-26 09:29 - 00000000 ___DC C:\savw_100_sa
2013-09-25 14:15 - 2013-09-25 14:15 - 00000787 _____ C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 8.lnk
2013-09-25 14:15 - 2013-09-25 14:15 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8
2013-09-25 14:14 - 2013-09-25 14:14 - 00000000 ____D C:\Programme\TeamViewer
2013-09-03 17:39 - 2013-09-12 20:55 - 00000000 ____D C:\Programme\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-01 12:19 - 2013-09-28 13:45 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
2013-10-01 12:16 - 2013-09-27 12:16 - 00000308 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-10-01 10:28 - 2007-04-02 09:13 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-01 10:28 - 2007-04-02 09:13 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-01 10:28 - 2007-04-02 08:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-01 10:27 - 2007-04-02 08:31 - 00032618 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-01 10:27 - 2007-04-02 08:24 - 00390151 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-01 08:05 - 2007-04-06 14:17 - 00000190 ___SH C:\Dokumente und Einstellungen\winnie\ntuser.ini
2013-09-30 16:14 - 2013-09-30 16:14 - 00000000 ____D C:\Programme\ESET
2013-09-30 16:14 - 2007-04-02 09:10 - 00000000 ___RD C:\Programme
2013-09-30 10:45 - 2004-11-11 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-09-30 09:17 - 2007-04-06 14:17 - 00000000 ____D C:\Dokumente und Einstellungen\winnie
2013-09-28 16:49 - 2013-09-26 18:34 - 00000000 ___DC C:\AdwCleaner
2013-09-28 16:42 - 2013-09-28 16:42 - 00000582 _____ C:\Dokumente und Einstellungen\winnie\Desktop\JRT.txt
2013-09-28 13:45 - 2013-09-28 13:45 - 00000000 ___DC C:\FRST
2013-09-27 20:50 - 2013-09-27 20:48 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-09-27 20:48 - 2013-09-27 20:48 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-27 20:48 - 2013-09-26 12:59 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\mbar
2013-09-27 18:59 - 2013-09-26 09:43 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos
2013-09-27 12:16 - 2013-09-27 12:16 - 00001653 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
2013-09-27 12:16 - 2013-09-27 12:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
2013-09-27 12:16 - 2007-04-02 09:09 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2013-09-27 12:16 - 2007-04-02 08:26 - 00002951 ____C C:\WINDOWS\system32\CONFIG.NT
2013-09-27 12:10 - 2013-09-27 12:10 - 00000000 ____D C:\Programme\AVAST Software
2013-09-27 12:10 - 2013-09-27 12:08 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
2013-09-27 11:48 - 2013-09-26 09:43 - 00000000 ____D C:\Programme\Sophos
2013-09-27 09:10 - 2013-09-27 09:10 - 00045082 _____ C:\Dokumente und Einstellungen\winnie\Desktop\OTL.Txt
2013-09-27 09:10 - 2013-09-27 09:10 - 00030338 _____ C:\Dokumente und Einstellungen\winnie\Desktop\Extras.Txt
2013-09-27 07:56 - 2007-04-02 10:02 - 00000000 ____D C:\WINDOWS\twain_32
2013-09-26 20:18 - 2013-09-26 20:18 - 00000756 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Malwarebytes
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
2013-09-26 20:18 - 2013-09-26 20:17 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-09-26 19:00 - 2013-09-26 19:00 - 00001998 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\AdwCleaner[S0].txt
2013-09-26 18:33 - 2013-09-26 18:33 - 00000660 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\JRT.txt
2013-09-26 18:20 - 2013-09-26 18:20 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-26 18:16 - 2007-04-06 11:05 - 00000190 __SHC C:\Dokumente und Einstellungen\matthias\ntuser.ini
2013-09-26 18:15 - 2013-09-26 18:19 - 01030038 _____ (Thisisu) C:\Dokumente und Einstellungen\winnie\Desktop\JRT.exe
2013-09-26 18:15 - 2013-09-26 18:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Dokumente und Einstellungen\winnie\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-26 18:15 - 2013-09-26 18:15 - 00002450 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\aswMBR.txt
2013-09-26 18:15 - 2013-09-26 18:15 - 00000512 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\MBR.dat
2013-09-26 18:14 - 2013-09-26 18:17 - 00602112 _____ (OldTimer Tools) C:\Dokumente und Einstellungen\winnie\Desktop\OTL.exe
2013-09-26 18:08 - 2013-09-27 09:18 - 131918888 _____ C:\Dokumente und Einstellungen\winnie\Desktop\avast_free_antivirus_setup.exe
2013-09-26 15:59 - 2007-04-02 08:23 - 00000000 ____D C:\WINDOWS\srchasst
2013-09-26 13:02 - 2013-09-26 13:02 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-09-26 12:58 - 2013-09-26 12:22 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\sophos
2013-09-26 12:54 - 2013-09-26 12:55 - 02237968 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\winnie\Desktop\tdsskiller.exe
2013-09-26 12:32 - 2013-05-27 11:14 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Siblhzisnrb
2013-09-26 12:10 - 2013-09-26 12:10 - 00001108 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\connections.reg
2013-09-26 09:57 - 2013-09-26 09:57 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Lokale Einstellungen\Anwendungsdaten\Sophos
2013-09-26 09:34 - 2013-09-26 09:34 - 00000000 ____D C:\Programme\MSXML 4.0
2013-09-26 09:29 - 2013-09-25 16:21 - 00000000 ___DC C:\savw_100_sa
2013-09-26 09:27 - 2007-04-02 09:09 - 00796344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-25 15:03 - 2010-12-25 19:09 - 00000000 ____D C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744
2013-09-25 14:15 - 2013-09-25 14:15 - 00000787 _____ C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 8.lnk
2013-09-25 14:15 - 2013-09-25 14:15 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8
2013-09-25 14:14 - 2013-09-25 14:14 - 00000000 ____D C:\Programme\TeamViewer
2013-09-25 13:08 - 2007-04-06 14:21 - 00002495 _____ C:\Dokumente und Einstellungen\winnie\Desktop\Microsoft Word.lnk
2013-09-24 21:47 - 2007-08-22 15:04 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\e5
2013-09-22 11:55 - 2007-07-21 17:22 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\Ku5
2013-09-22 11:49 - 2007-04-15 20:26 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\d6
2013-09-22 11:47 - 2007-11-06 22:02 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\d5
2013-09-19 10:23 - 2007-04-10 12:30 - 00000190 ___SH C:\Dokumente und Einstellungen\margarete\ntuser.ini
2013-09-18 15:40 - 2007-07-21 17:39 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\formulare
2013-09-13 19:07 - 2012-07-09 17:53 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-09-12 20:55 - 2013-09-03 17:39 - 00000000 ____D C:\Programme\Mozilla Firefox

Files to move or delete:
====================
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\dm.ini


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 1035264 ____A (Microsoft Corporation) 22fe1be02eadde1632e478e4125639e0

C:\Windows\System32\winlogon.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0507392 ____A (Microsoft Corporation) 2b6a0baf33a9918f09442d873848ff72

C:\Windows\System32\svchost.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0014336 ____A (Microsoft Corporation) 65a819b121eb6fdab4400ea42bdffe64

C:\Windows\System32\services.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0108544 ____A (Microsoft Corporation) edb6b81761bd60f32f740bbc40afb676

C:\Windows\System32\User32.dll
[2004-11-11 14:00] - [2004-11-11 14:00] - 0578560 ____A (Microsoft Corporation) 56785fd5236d7b22cf471a6da9db46d8

C:\Windows\System32\userinit.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0025088 ____A (Microsoft Corporation) d1e53dc57143f2584b1dd53b036c0633

C:\Windows\System32\Drivers\volsnap.sys
[2004-11-11 14:00] - [2004-11-11 14:00] - 0053760 ____A (Microsoft Corporation) d6888520ff56d72a50437e371ca25fc9


==================== End Of Log ============================
--- --- ---

--- --- ---


2. Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-09-2013 01
Ran by winnie at 2013-10-01 12:35:03
Running from C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

Adobe Flash Player 10 Plugin (Version: 10.1.102.64)
Adobe Photoshop CS (Version: CS)
Adobe Reader 8.1.2 - Deutsch (Version: 8.1.2)
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Apache HTTP Server 2.2.10 (Version: 2.2.10)
avast! Free Antivirus (Version: 8.0.1497.0)
Bomberclone
Bridge Builder
Canon Camera Access Library (Version: 8.1.1.17)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.2.0.8)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.1.0.7)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.2.0.5)
Canon Internet Library for ZoomBrowser EX (Version: 1.4.2.6)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.4.0.7)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.5.0.5)
Canon Utilities Digital Photo Professional 2.2 (Version: 2.2.0.1)
Canon Utilities EOS Utility (Version: 1.1.0.8)
Canon Utilities PhotoStitch (Version: 3.1.18.42)
Canon Utilities ZoomBrowser EX (Version: 5.7.0.74)
CorelDRAW Graphics Suite 12 (Version: 12.0.0.458)
ElsterFormular für Privatanwender (Version: 12.3.2.6814p)
EPSON PhotoQuicker3.5
EPSON Web-To-Page
EPSON-Drucker-Software
ESC86 Referenzhandbuch
ESC86 Softwarehandbuch
ESET Online Scanner v3
FreePDF XP (Remove only)
GTK+ Runtime 2.14.7 rev a (remove only)
IrfanView (remove only)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MediaImpression 2.0 for PENTAX (Version: 2.0.63.630)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft Office XP Professional mit FrontPage (Version: 10.0.2701.01)
Microsoft Silverlight (Version: 1.0.20926.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero 7 Ultra Edition (Version: 7.00.0177)
PCI Audio Driver
RedMon - Redirection Port Monitor
ScanToWeb
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.158)
Skype™ 5.0 (Version: 5.0.152)
SkyTest® FQ-Trainingssoftware 2.0
Sophos AutoUpdate (Version: 2.7.4.317)
Sygate Personal Firewall (Version: 5.5.2307)
TeamViewer 8 (Version: 8.0.20935)
USB Scanner
USB2.0 PC Camera (SN9C201&202) (Version: 5.7.22.000)
VirtuaGirl HD
WebFldrs XP (Version: 9.50.7523)
Windows Installer 3.1 (KB893803) (Version: 3.1)
WinRAR Archivierer
WINZD 2013-04
ZTestHL 12.0.0 (Version: 12.0.0)

==================== Restore Points  =========================

25-07-2013 13:33:23 Systemprüfpunkt
03-09-2013 16:42:09 Systemprüfpunkt
25-09-2013 12:35:24 Systemprüfpunkt
26-09-2013 07:09:19 Avira AntiVir Personal - 26.09.2013 09:08
26-09-2013 07:33:45 Installed MSXML 4.0 SP3 Parser
26-09-2013 07:35:06 Sophos Anti-Virus wird installiert
26-09-2013 07:55:17 Sophos AutoUpdate wird installiert
26-09-2013 13:53:47 Malwarebytes Anti-Rootkit Restore Point
27-09-2013 07:36:43 Sophos Anti-Virus wird entfernt
27-09-2013 10:10:15 avast! Free Antivirus Setup
28-09-2013 18:13:24 Systemprüfpunkt
30-09-2013 02:29:29 Systemprüfpunkt
01-10-2013 02:33:00 Systemprüfpunkt

==================== Hosts content: ==========================

2004-11-11 14:00 - 2004-11-11 14:00 - 00000820 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Programme\AVAST Software\Avast\AvastEmUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-30 23:16 - 2013-09-30 21:21 - 02102784 _____ () C:\Programme\AVAST Software\Avast\defs\13093001\algo.dll
2008-02-12 20:52 - 2005-01-06 19:33 - 00116224 _____ () C:\WINDOWS\system32\redmonnt.dll
2007-04-06 10:29 - 2005-10-19 11:56 - 00125952 ____N () C:\Programme\WinRAR\rarext.dll
2004-11-11 14:00 - 2004-11-11 14:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2013 00:27:17 PM) (Source: crypt32) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (09/27/2013 00:27:05 PM) (Source: crypt32) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (09/27/2013 00:27:02 PM) (Source: crypt32) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (09/19/2013 10:04:19 AM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.

Error: (09/19/2013 10:04:19 AM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.

Error: (09/12/2013 05:57:30 PM) (Source: Microsoft Office 10) (User: )
Description: Faulting application winword.exe, version 10.0.2627.0, faulting module winword.exe, version 10.0.2627.0, fault address 0x00046c3b.

Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.

Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.

Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.

Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.


System errors:
=============
Error: (10/01/2013 09:42:54 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Canon Camera Access Library 8" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/01/2013 09:42:54 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TeamViewer 8" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Starten Sie den Dienst neu..

Error: (10/01/2013 09:42:53 AM) (Source: Service Control Manager) (User: )
Description: Dienst "StarWind iSCSI Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/01/2013 09:42:53 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Sophos AutoUpdate Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/01/2013 09:42:52 AM) (Source: Service Control Manager) (User: )
Description: Dienst "ArcSoft Connect Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/01/2013 09:42:52 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Sygate Personal Firewall" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/01/2013 08:08:24 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: 2147500037 (0x80004005).

Error: (10/01/2013 08:08:15 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: Der Server "{4991D34B-80A1-4291-83B6-3328366B9097}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/30/2013 10:46:49 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: Der Server "{4991D34B-80A1-4291-83B6-3328366B9097}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/30/2013 10:46:19 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: 2147500037 (0x80004005).


Microsoft Office Sessions:
=========================
Error: (09/27/2013 00:27:17 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (09/27/2013 00:27:05 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (09/27/2013 00:27:02 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (09/19/2013 10:04:19 AM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a

Error: (09/19/2013 10:04:19 AM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a

Error: (09/12/2013 05:57:30 PM) (Source: Microsoft Office 10)(User: )
Description: winword.exe10.0.2627.0winword.exe10.0.2627.000046c3b

Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a

Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a

Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a

Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a


==================== Memory info ===========================

Percentage of memory in use: 64%
Total physical RAM: 511.49 MB
Available physical RAM: 181.24 MB
Total Pagefile: 1249.44 MB
Available Pagefile: 936.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:19.53 GB) (Free:4.16 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:14.65 GB) (Free:3.29 GB) NTFS
Drive e: () (Fixed) (Total:3.98 GB) (Free:3.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 38 GB) (Disk ID: 0AE20AE1)
Partition 1: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=19 GB) - (Type=OF Extended)

==================== End Of Log ============================
Beste Grüße,

pummel

schrauber 01.10.2013 19:03
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
    Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die End Nutzer Lizenz.
    Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls was schief geht.
    Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.
Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.


Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

pummelfee 02.10.2013 16:16
Also, ich hab das jetzt mal installiert und gestartet, nachdem ich Firewall und Avast deaktiviert habe. Die Wiederherstellungskonsole wurde ordnungsgemäß installiert. Ist es normal, dass Combofix nach starten des Scans drei Stunden quasi bei 0% (letzter Eintrag in der Konsole: "Scanzeit kann sich bei stark infizierten usw.") steht oder ist da noch etwas anderes nicht so, wie es sein soll? Ich werde es nun auf jeden Fall mal über Nacht laufen lassen, mal sehen, ob sich da noch was tut.

Beste Grüße,

pummel

schrauber 03.10.2013 07:30
Wenn es immer noch läuft abbrechen, Combofix löschen und neu laden.

pummelfee 07.10.2013 08:14
Hallo schrauber,

es hat nun endlich mit combofix geklappt, nach langem Hin und Her. Hier das logfile:

Code:
ComboFix 13-10-04.02 - winnie 05.10.2013  19:33:41.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.49.1031.18.511.269 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\winnie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\AdobeDLM.log
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\Verknüpfung mit xp-AntiSpy.exe.lnk
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
.
c:\windows\system32\drivers\usbehci.sys . . . fehlt!!
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-09-05 bis 2013-10-05  ))))))))))))))))))))))))))))))
.
.
2013-10-04 07:41 . 2013-10-04 07:41        --------        d-----w-        c:\windows\system32\CatRoot2
2013-10-04 07:22 . 2013-10-04 07:22        --------        d-s---w-        c:\dokumente und einstellungen\winnie\UserData
2013-09-30 14:14 . 2013-09-30 14:14        --------        d-----w-        c:\programme\ESET
2013-09-28 11:45 . 2013-09-28 11:45        --------        dc----w-        C:\FRST
2013-09-27 18:48 . 2013-09-27 18:50        --------        dc----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-09-27 18:48 . 2013-09-27 18:48        48728        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2013-09-27 10:16 . 2013-08-30 07:48        29816        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2013-09-27 10:16 . 2013-08-30 07:48        369584        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2013-09-27 10:16 . 2013-08-30 07:48        49760        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2013-09-27 10:16 . 2013-08-30 07:48        56080        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2013-09-27 10:16 . 2013-08-30 07:48        770344        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2013-09-27 10:16 . 2013-08-30 07:48        177864        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2013-09-27 10:16 . 2013-08-30 07:48        49376        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2013-09-27 10:16 . 2013-08-30 07:48        66336        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2013-09-27 10:16 . 2013-08-30 07:47        229648        ----a-w-        c:\windows\system32\aswBoot.exe
2013-09-27 10:12 . 2013-08-30 07:47        41664        ----a-w-        c:\windows\avastSS.scr
2013-09-27 10:10 . 2013-09-27 10:10        --------        d-----w-        c:\programme\AVAST Software
2013-09-27 10:08 . 2013-09-27 10:10        --------        dc----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVAST Software
2013-09-26 18:18 . 2013-09-26 18:18        --------        d-----w-        c:\dokumente und einstellungen\winnie\Anwendungsdaten\Malwarebytes
2013-09-26 18:17 . 2013-04-04 12:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-09-26 18:17 . 2013-09-26 18:18        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2013-09-26 16:34 . 2013-09-28 14:49        --------        dc----w-        C:\AdwCleaner
2013-09-26 16:20 . 2013-09-26 16:20        --------        d-----w-        c:\windows\ERUNT
2013-09-26 11:02 . 2013-09-26 11:02        --------        dc----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-09-26 07:57 . 2013-09-26 07:57        --------        d-----w-        c:\dokumente und einstellungen\winnie\Lokale Einstellungen\Anwendungsdaten\Sophos
2013-09-26 07:43 . 2013-09-27 16:59        --------        dc----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Sophos
2013-09-26 07:34 . 2013-09-26 07:34        --------        d-----w-        c:\programme\MSXML 4.0
2013-09-25 14:21 . 2013-09-26 07:29        --------        dc----w-        C:\savw_100_sa
2013-09-25 12:14 . 2013-09-25 12:14        --------        d-----w-        c:\programme\TeamViewer
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2004-11-11 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2004-11-11 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-11-11 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2004-11-11 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-11-11 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2004-11-11 . B128FC0A5CD83F669D5DE4B58F77C7D6 . 25216 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2004-11-11 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2004-11-11 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2004-11-11 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2004-11-11 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2004-11-11 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-11-11 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2004-11-11 . 09EB23A4567BDD56D9580A059E616E23 . 359040 . . [5.1.2600.2505] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2004-11-11 . D8653DCD80CF2EBB333FC4FCC43A7DEF . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
[-] 2004-11-11 . D8653DCD80CF2EBB333FC4FCC43A7DEF . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll
.
[-] 2004-11-11 . 183805EB05BCA5A1E4AAAED4D2BE3690 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2004-11-11 . 183805EB05BCA5A1E4AAAED4D2BE3690 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2004-11-11 . CDF4DA6B518105343FE9E8AFBBF8FBF4 . 198144 . . [5.1.2600.2180] . . c:\windows\system32\netman.dll
[-] 2004-11-11 . CDF4DA6B518105343FE9E8AFBBF8FBF4 . 198144 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2004-11-11 12:00 . 4B9D9E2708019763C5A72DA776DB1158 . 846848 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
[-] 2004-11-11 12:00 . 4B9D9E2708019763C5A72DA776DB1158 . 846848 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2004-11-11 . 3A5E54A9AB96EF2D273B58136FB58EFE . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[-] 2004-11-11 . 3A5E54A9AB96EF2D273B58136FB58EFE . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2004-11-11 . 9F28FF58D6D67B123272869D89D14004 . 395776 . . [5.1.2600.2180] . . c:\windows\system32\rpcss.dll
[-] 2004-11-11 . 9F28FF58D6D67B123272869D89D14004 . 395776 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\rpcss.dll
.
[-] 2004-11-11 . EDB6B81761BD60F32F740BBC40AFB676 . 108544 . . [5.1.2600.2180] . . c:\windows\system32\services.exe
[-] 2004-11-11 . EDB6B81761BD60F32F740BBC40AFB676 . 108544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\services.exe
.
[-] 2004-11-11 . 54E7113A4BD696E430919BCAF5C65E06 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe
[-] 2004-11-11 . 54E7113A4BD696E430919BCAF5C65E06 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\spoolsv.exe
.
[-] 2004-11-11 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-11-11 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2004-11-11 . 032CA12162E89E545356525554EA12A7 . 111616 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2004-11-11 . 032CA12162E89E545356525554EA12A7 . 111616 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe
.
[-] 2004-11-11 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2004-11-11 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2004-11-11 . 2CF914215226B3F7FA1AE4A47E4D261C . 611328 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-11-11 . 2CF914215226B3F7FA1AE4A47E4D261C . 611328 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2004-11-11 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-11-11 . 9D0F57B9C65BF8A07DB655A9ED6EB2EE . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2004-11-11 . 1A5F9DB98DF7955B4C7CBDBF2C638238 . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
[-] 2004-11-11 . 1A5F9DB98DF7955B4C7CBDBF2C638238 . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2004-11-11 12:00 . 4E1A8645EE77CB9454FFE53C59620A25 . 243200 . . [2001.12.4414.258] . . c:\windows\system32\es.dll
[-] 2004-11-11 12:00 . 4E1A8645EE77CB9454FFE53C59620A25 . 243200 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\es.dll
.
[-] 2004-11-11 . 94101D13A1818A9D08337EEC12ED277A . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2004-11-11 . 94101D13A1818A9D08337EEC12ED277A . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2004-11-11 . E6CD85D0D37416CF138F01F4BB0FC872 . 1057280 . . [5.1.2600.2180] . . c:\windows\system32\kernel32.dll
[-] 2004-11-11 . E6CD85D0D37416CF138F01F4BB0FC872 . 1057280 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\kernel32.dll
.
[-] 2004-11-11 . 3898FFF548E2968CB3AC5A71D7F4E425 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\linkinfo.dll
[-] 2004-11-11 . 3898FFF548E2968CB3AC5A71D7F4E425 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2004-11-11 . B4AD65C79F85C61D32C015B11E03CAAD . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2004-11-11 . B4AD65C79F85C61D32C015B11E03CAAD . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2004-11-11 . CAC51AD576713E5F0CE2251ED3A7FE82 . 3003392 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-11-11 . CAC51AD576713E5F0CE2251ED3A7FE82 . 3003392 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll
.
[-] 2004-11-11 . B30BAA48E5063E71C76280E34E7E4802 . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2004-11-11 . B30BAA48E5063E71C76280E34E7E4802 . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2004-11-11 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-11-11 . 365B3C43810E1CF41B3BE1E7180F583B . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2004-11-11 . B36E08F680BAE4DFC5C24D00A2DFC9E7 . 247296 . . [5.1.2600.2180] . . c:\windows\system32\mswsock.dll
[-] 2004-11-11 . B36E08F680BAE4DFC5C24D00A2DFC9E7 . 247296 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\mswsock.dll
.
[-] 2004-11-11 . D27395EDCD3416AFD125A9370DCB585C . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2004-11-11 . D27395EDCD3416AFD125A9370DCB585C . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2004-11-11 . 5604574D490B798BD9A946B021A766AD . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2004-11-11 . 5604574D490B798BD9A946B021A766AD . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2004-11-11 . 64DC26B3CF7BCCAD431CE360A4C625D5 . 186880 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2004-11-11 . 64DC26B3CF7BCCAD431CE360A4C625D5 . 186880 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2004-11-11 . F62934BC94299083EBFC8810242D8640 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2004-11-11 . F62934BC94299083EBFC8810242D8640 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2004-11-11 . 65A819B121EB6FDAB4400EA42BDFFE64 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2004-11-11 . 65A819B121EB6FDAB4400EA42BDFFE64 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2004-11-11 . 4584E2A5FE662AB3E7C32936E1449043 . 246272 . . [5.1.2600.2180] . . c:\windows\system32\tapisrv.dll
[-] 2004-11-11 . 4584E2A5FE662AB3E7C32936E1449043 . 246272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2004-11-11 . 56785FD5236D7B22CF471A6DA9DB46D8 . 578560 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
[-] 2004-11-11 . 56785FD5236D7B22CF471A6DA9DB46D8 . 578560 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2004-11-11 . D1E53DC57143F2584B1DD53B036C0633 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2004-11-11 . D1E53DC57143F2584B1DD53B036C0633 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2004-11-11 . B1A1DA99C4A6EBFD59F86A453BF02F39 . 662016 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-11-11 . B1A1DA99C4A6EBFD59F86A453BF02F39 . 662016 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll
.
[-] 2004-11-11 . D569240A22421D5F670BB6FB6DD522B5 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2004-11-11 . D569240A22421D5F670BB6FB6DD522B5 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2004-11-11 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
[-] 2004-11-11 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2004-11-11 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-11-11 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2004-11-11 . 8193CE5FB09E83F2699FD65BBCBE2FD2 . 153600 . . [5.1.2600.2180] . . c:\windows\regedit.exe
[-] 2004-11-11 . 8193CE5FB09E83F2699FD65BBCBE2FD2 . 153600 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2004-11-11 . D700449AD3045E81680C25A79620A171 . 1281536 . . [5.1.2600.2180] . . c:\windows\system32\ole32.dll
[-] 2004-11-11 . D700449AD3045E81680C25A79620A171 . 1281536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ole32.dll
.
[-] 2004-11-11 . E4E40EAFF464EBE7752BAD3D82AF1715 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\usp10.dll
[-] 2004-11-11 . E4E40EAFF464EBE7752BAD3D82AF1715 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\dllcache\usp10.dll
.
[-] 2004-08-03 . 4721744CE11F385073F6F9F7831752C7 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll
[-] 2004-08-03 . 4721744CE11F385073F6F9F7831752C7 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\ksuser.dll
.
[-] 2004-11-11 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-11-11 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2004-11-11 . BAC5F7F0C2B8C1B9832594851E0F9914 . 135168 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll
[-] 2004-11-11 . BAC5F7F0C2B8C1B9832594851E0F9914 . 135168 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\shsvcs.dll
.
[-] 2004-11-11 . 3B8A9C87027BF8D6D156BE5FA6E8EBC6 . 4608 . . [5.1.2600.2180] . . c:\windows\system32\msimg32.dll
[-] 2004-11-11 . 3B8A9C87027BF8D6D156BE5FA6E8EBC6 . 4608 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msimg32.dll
.
[-] 2004-11-11 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-11-11 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2004-11-11 . 7D3E0BEB62799112F5C9FF717D72BF29 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-11-11 . 7D3E0BEB62799112F5C9FF717D72BF29 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2004-11-11 . 8302DE1C64618D72346DD0034DBC5D9B . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
[-] 2004-11-11 . 8302DE1C64618D72346DD0034DBC5D9B . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2004-11-11 . 00E9FF65CC5C4F965ABB0C7BBDAE8309 . 733696 . . [5.1.2600.2180] . . c:\windows\system32\ntdll.dll
[-] 2004-11-11 . 00E9FF65CC5C4F965ABB0C7BBDAE8309 . 733696 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntdll.dll
.
[-] 2004-11-11 . C7329927E2C73450323565DCFE17D78E . 177152 . . [5.1.2600.2180] . . c:\windows\system32\MSCTFIME.IME
[-] 2004-11-11 . C7329927E2C73450323565DCFE17D78E . 177152 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msctfime.ime
.
[-] 2004-11-11 . B932C077D5A65B71B4512544AC404CB4 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2004-11-11 . B932C077D5A65B71B4512544AC404CB4 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2004-11-11 . 80F7B7198B869C07C98627AF812D68B6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2004-11-11 . 80F7B7198B869C07C98627AF812D68B6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2004-11-11 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2004-11-11 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2004-11-11 . AE81CF7D7CFA79CD03E8FB99788A7E09 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2004-11-11 . AE81CF7D7CFA79CD03E8FB99788A7E09 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2004-11-11 . D5E73842F38E24457C63FEF8CEFFBE19 . 192000 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2004-11-11 . D5E73842F38E24457C63FEF8CEFFBE19 . 192000 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2004-11-11 . 6FA03B462B2FFFE2627171B7FE73EE29 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-11-11 . 6FA03B462B2FFFE2627171B7FE73EE29 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2004-11-11 . 1850BC10DE5DCCCEDE063FC2D0F2CEDA . 297472 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
[-] 2004-11-11 . 1850BC10DE5DCCCEDE063FC2D0F2CEDA . 297472 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2004-11-11 . AE93E415220A4C0112768A0DEE36D28D . 348672 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
[-] 2004-11-11 . AE93E415220A4C0112768A0DEE36D28D . 348672 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2004-11-11 . BECD5328E7869807D6557BE4FE60C72F . 175616 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[-] 2004-11-11 . BECD5328E7869807D6557BE4FE60C72F . 175616 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll
.
[-] 2004-11-11 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2004-11-11 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys
.
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\AGP440.SYS
.
[-] 2004-11-11 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-11-11 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2004-11-11 12:00 . 31DD27AB47F62D383505F35CA972748B . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
[-] 2004-11-11 12:00 . 31DD27AB47F62D383505F35CA972748B . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll
.
[-] 2004-11-11 . E5215AB942C5AC5F7EB0E54871D7A27C . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2004-11-11 . E5215AB942C5AC5F7EB0E54871D7A27C . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2004-11-11 12:00 . 5FDCCC838CD95F61097D8A637F842AA8 . 25600 . . [10.0.3790.3646] . . c:\windows\system32\mspmsnsv.dll
[-] 2004-11-11 12:00 . 5FDCCC838CD95F61097D8A637F842AA8 . 25600 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[-] 2004-11-11 . CE41FC4C06499A389D39B301879535FB . 2059136 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2004-11-11 12:00 . 428AA946A8D9F32DBB4260C8E6E13377 . 438272 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2004-11-11 12:00 . 428AA946A8D9F32DBB4260C8E6E13377 . 438272 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2004-11-11 . 09D4A2D7C5A8ABEC227D118765FAADDF . 185856 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll
[-] 2004-11-11 . 09D4A2D7C5A8ABEC227D118765FAADDF . 185856 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2004-11-11 . 7DB3393F98E4211F5CE8F003DE0615CF . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
[-] 2004-11-11 . 7DB3393F98E4211F5CE8F003DE0615CF . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2004-11-11 . 20AE7889467887B869F30308EEED9A2A . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll
[-] 2004-11-11 . 20AE7889467887B869F30308EEED9A2A . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2004-11-11 . CAC545A56482DE01640E6B791DE19944 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll
[-] 2004-11-11 . CAC545A56482DE01640E6B791DE19944 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2004-11-11 12:00 . 1404D3DD4ED4F5E2A938B43794049A81 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
[-] 2004-11-11 12:00 . 1404D3DD4ED4F5E2A938B43794049A81 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2004-11-11 . 007BFD01772B5202C5CE4F208A2F3F46 . 41984 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll
[-] 2004-11-11 . 007BFD01772B5202C5CE4F208A2F3F46 . 41984 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2004-11-11 . 4EF2FDC0A085C8339ED4D9C59CE8FC60 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
[-] 2004-11-11 . 4EF2FDC0A085C8339ED4D9C59CE8FC60 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\version.dll
.
[-] 2004-11-11 . B39A6AF04A431E317C85BF061719E705 . 93184 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe
.
[-] 2004-11-11 . DC888C9C4CA0EEA7A3CB7E6B610F75C7 . 2183296 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe
.
[-] 2004-11-11 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-11-11 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2004-11-11 . C6D874CD2A5B83CD11CDEBD28A638584 . 176640 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll
[-] 2004-11-11 . C6D874CD2A5B83CD11CDEBD28A638584 . 176640 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2004-11-11 . 7E751068ADA60FC77638622E86A7CD9E . 333824 . . [5.1.2600.2180] . . c:\windows\system32\wiaservc.dll
[-] 2004-11-11 . 7E751068ADA60FC77638622E86A7CD9E . 333824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2004-11-11 . 32641AE4D340C1AC2D9B3A3BD71F5C47 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\midimap.dll
[-] 2004-11-11 . 32641AE4D340C1AC2D9B3A3BD71F5C47 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2004-11-11 . 84028E2EBE7A25494766673A5FF4B304 . 8192 . . [5.1.2600.2180] . . c:\windows\system32\rasadhlp.dll
[-] 2004-11-11 . 84028E2EBE7A25494766673A5FF4B304 . 8192 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\rasadhlp.dll
.
[-] 2004-11-11 . 3FEADE4D0B41D22E8B8460739A9B4FEE . 19968 . . [5.1.2600.2180] . . c:\windows\system32\wshtcpip.dll
[-] 2004-11-11 . 3FEADE4D0B41D22E8B8460739A9B4FEE . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wshtcpip.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47        121968        ----a-w-        c:\programme\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CorelDRAW Graphics Suite 11b"="c:\programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe" [2003-11-27 733184]
"EPSON Stylus C86 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE" [2003-11-25 99840]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2007-06-26 312320]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"C-Media Mixer"="Mixer.exe" [2002-03-25 1228800]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"ArcSoft Connection Service"="c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avast"="c:\programme\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-6 113664]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50        155648        -c----w-        c:\windows\system32\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [27.09.2013 12:16 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [27.09.2013 12:16 177864]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06.04.2007 10:31 642560]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27.09.2013 12:16 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27.09.2013 12:16 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.09.2013 12:16 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [27.09.2013 12:16 66336]
R2 TeamViewer8;TeamViewer 8;c:\programme\TeamViewer\Version8\TeamViewer_Service.exe [25.09.2013 14:15 5071712]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [06.04.2007 10:40 223128]
S3 Kbardsentca;Kbardsentca;c:\windows\system32\drivers\MSPQM.sys [02.04.2007 09:13 4992]
S3 LwAdiHid;Logitech WingMan-Digitalgeräte (autom. Erkennung);c:\windows\system32\drivers\LwAdiHid.sys [12.01.2009 21:51 20864]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [27.09.2013 20:48 48728]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 78033611
*Deregistered* - 78033611
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\programme\AVAST Software\Avast\AvastEmUpdate.exe [2013-09-27 07:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Connection Wizard,ShellNext = "c:\programme\Outlook Express\msimn.exe" //mailurl:mailto:nies@bruehl.de
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\winnie\Anwendungsdaten\Mozilla\Firefox\Profiles\6lgj5dmp.default\
FF - ExtSQL: 2013-09-27 12:13; wrc@avast.com; c:\programme\AVAST Software\Avast\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-NWEReboot - (no file)
c:\dokumente und einstellungen\margarete\Startmenü\Programme\Autostart\Monitor Apache Servers.lnk - i:\mtpii\ws09\apache\bin\ApacheMonitor.exe
MSConfigStartUp-ICQ Lite - c:\programme\ICQLite\ICQLite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-10-05 19:46
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\sfc_os.dll
.
Zeit der Fertigstellung: 2013-10-05  19:51:08
ComboFix-quarantined-files.txt  2013-10-05 17:51
.
Vor Suchlauf: 5.658.624.000 Bytes frei
Nach Suchlauf: 5.088.423.936 Bytes frei
.
- - End Of File - - AF5B334C9B1EEE4850940DEBA22F4CE3
72B8CE41AF0DE751C946802B3ED844B4
Beste Grüße,

pummel

schrauber 07.10.2013 11:59
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

pummelfee 07.10.2013 15:25
So, dann wollen wir mal:

1. MBAM
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.07.06

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
winnie :: ASGARD [Administrator]

07.10.2013 13:18:47
mbam-log-2013-10-07 (13-18-47).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 333227
Laufzeit: 11 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
2. AdwCleaner
Code:
# AdwCleaner v3.006 - Bericht erstellt am 07/10/2013 um 13:52:59
# Updated 01/10/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 2 (32 bits)
# Benutzername : winnie - ASGARD
# Gestartet von : C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v6.0.2900.2180


-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Mozilla\Firefox\Profiles\reb0wa3w.default\prefs.js ]


[ Datei : C:\Dokumente und Einstellungen\matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\nzyh41fj.default\prefs.js ]


[ Datei : C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Mozilla\Firefox\Profiles\6lgj5dmp.default\prefs.js ]


[ Datei : C:\Dokumente und Einstellungen\basti\Anwendungsdaten\Mozilla\Firefox\Profiles\ut85a9op.default\prefs.js ]


[ Datei : C:\Dokumente und Einstellungen\margarete\Anwendungsdaten\Mozilla\Firefox\Profiles\0xlfyphi.default\prefs.js ]


[ Datei : C:\Dokumente und Einstellungen\katharina\Anwendungsdaten\Mozilla\Firefox\Profiles\4jeiq4jn.default\prefs.js ]


[ Datei : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rw0d39ah.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1937 octets] - [26/09/2013 18:35:27]
AdwCleaner[R1].txt - [1730 octets] - [28/09/2013 16:45:51]
AdwCleaner[R2].txt - [1850 octets] - [07/10/2013 13:42:26]
AdwCleaner[S0].txt - [1998 octets] - [26/09/2013 18:40:07]
AdwCleaner[S1].txt - [1791 octets] - [28/09/2013 16:49:04]
AdwCleaner[S2].txt - [1771 octets] - [07/10/2013 13:52:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1831 octets] ##########
3. JRT
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Microsoft Windows XP x86
Ran by winnie on 07.10.2013 at 14:03:34,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.10.2013 at 15:22:34,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4. FRST

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by winnie (administrator) on ASGARD on 07-10-2013 15:36:45
Running from C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 6
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Programme\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
(Rocket Division Software) C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
(Canon Inc.) C:\Programme\Canon\CAL\CALMAIN.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Desktop.exe
(TeamViewer GmbH) c:\programme\teamviewer\version8\TeamViewer.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
(shbox.de) C:\Programme\FreePDF_XP\fpassist.exe
(C-Media Electronic Inc. (www.cmedia.com.tw)) C:\WINDOWS\Mixer.exe
(Sonix) C:\WINDOWS\vsnp2std.exe
(ArcSoft Inc.) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
(AVAST Software) C:\Programme\AVAST Software\Avast\avastUI.exe
(Nero AG) C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\tv_w32.exe
(ArcSoft Inc.) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CorelDRAW Graphics Suite 11b] - C:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe [733184 2003-11-28] (Corel Corporation)
HKLM\...\Run: [EPSON Stylus C86 Series] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE [99840 2003-11-25] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FreePDF Assistant] - C:\Programme\FreePDF_XP\fpassist.exe [312320 2007-06-26] (shbox.de)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [C-Media Mixer] - Mixer.exe /startup
HKLM\...\Run: [snp2std] - C:\WINDOWS\vsnp2std.exe [675840 2006-09-15] (Sonix)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [avast] - C:\Programme\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [94208 2005-09-08] (Nero AG)
HKU\basti\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [ 2005-09-08] (Nero AG)
HKU\basti\...\Run: [mscj.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscj.exe
HKU\basti\...\Run: [mscjm.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscjm.exe
HKU\basti\...\Run: [WdHelpSnap] - rundll32.exe "C:\Dokumente und Einstellungen\basti\Lokale Einstellungen\Anwendungsdaten\isaUser32\WdHelpSnap.dll",Applemapdrv userMouseman
HKU\basti\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe [ 2010-12-30] (Adobe Systems, Inc.)
HKU\katharina\...\Run: [srvh] - "C:\WINDOWS\system32\srvh.exe" -autorun
HKU\margarete\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [ 2005-09-08] (Nero AG)
HKU\margarete\...\Run: [] - "srvh.exe" -autorun
HKU\margarete\...\Run: [srvh] - "C:\WINDOWS\system32\srvh.exe" -autorun
HKU\matthias\...\Run: [AdobeUpdater] - C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe [ 2009-01-12] (Adobe Systems Incorporated)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Mozilla\Firefox\Profiles\6lgj5dmp.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programme\Microsoft Silverlight\npctrl.1.0.20926.0.dll ( Microsoft Corporation)
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Mozilla\Firefox\Profiles\6lgj5dmp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype extension for Firefox - C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Programme\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Programme\AVAST Software\Avast\WebRep\FF

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2007-04-06] ()
R2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 CCALib8; C:\Programme\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117656 2013-09-03] (Mozilla Foundation)
R2 StarWindService; C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [217600 2005-04-01] (Rocket Division Software)
R2 TeamViewer8; C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [5071712 2013-09-12] (TeamViewer GmbH)

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R3 cmpci; C:\Windows\System32\drivers\cmaudio.sys [374094 2002-03-26] (C-Media Inc)
S3 hidgame; C:\Windows\System32\DRIVERS\hidgame.sys [8576 2001-08-17] (Microsoft Corporation)
S3 Kbardsentca; C:\WINDOWS\system32\drivers\MSPQM.sys [4992 2004-08-03] (Microsoft Corporation)
S3 LwAdiHid; C:\Windows\System32\DRIVERS\LwAdiHid.sys [20864 2004-08-03] (Logitech Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [48728 2013-09-27] (MalwareBytes)
R3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation)
R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2004-11-11] ()
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12039552 2007-04-09] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [642560 2007-04-06] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [21248 2008-04-14] (AVIRA GmbH)
R3 vaxscsi; C:\Windows\System32\Drivers\vaxscsi.sys [223128 2007-04-06] ()
S3 catchme; \??\C:\DOKUME~1\winnie\LOKALE~1\Temp\catchme.sys [x]
S4 InCDFs; system32\drivers\InCDFs.sys [x]
S1 InCDPass; system32\drivers\InCDPass.sys [x]
S1 InCDRm; system32\drivers\InCDRm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-07 15:22 - 2013-10-07 15:22 - 00000582 _____ C:\Dokumente und Einstellungen\winnie\Desktop\JRT.txt
2013-10-05 19:51 - 2013-10-05 19:51 - 00030168 ____C C:\ComboFix.txt
2013-10-04 09:38 - 2013-10-05 19:51 - 00000000 ___DC C:\Qoobox
2013-10-04 09:38 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-04 09:38 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-04 09:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-04 09:36 - 2013-10-04 08:58 - 05130782 ____R (Swearware) C:\Dokumente und Einstellungen\winnie\Desktop\ComboFix.exe
2013-10-04 09:22 - 2013-10-04 09:22 - 00000000 ___SD C:\Dokumente und Einstellungen\winnie\UserData
2013-10-02 10:58 - 2013-10-02 10:58 - 00000000 RSHDC C:\cmdcons
2013-10-02 10:58 - 2007-04-06 14:15 - 00000211 ____C C:\Boot.bak
2013-10-02 10:58 - 2004-08-03 23:00 - 00262448 _RSHC C:\cmldr
2013-10-02 10:54 - 2013-10-05 19:48 - 00000000 ____D C:\WINDOWS\erdnt
2013-09-30 16:14 - 2013-09-30 16:14 - 00000000 ____D C:\Programme\ESET
2013-09-28 13:45 - 2013-10-07 15:36 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
2013-09-28 13:45 - 2013-09-28 13:45 - 00000000 ___DC C:\FRST
2013-09-27 20:48 - 2013-09-27 20:50 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-09-27 20:48 - 2013-09-27 20:48 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-27 12:16 - 2013-10-07 14:00 - 00000356 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-09-27 12:16 - 2013-09-27 12:16 - 00001653 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
2013-09-27 12:16 - 2013-09-27 12:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
2013-09-27 12:16 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00177864 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00049760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-09-27 12:16 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-09-27 12:12 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-09-27 12:10 - 2013-09-27 12:10 - 00000000 ____D C:\Programme\AVAST Software
2013-09-27 12:08 - 2013-09-27 12:10 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
2013-09-27 09:18 - 2013-09-26 18:08 - 131918888 _____ C:\Dokumente und Einstellungen\winnie\Desktop\avast_free_antivirus_setup.exe
2013-09-27 09:10 - 2013-09-27 09:10 - 00045082 _____ C:\Dokumente und Einstellungen\winnie\Desktop\OTL.Txt
2013-09-27 09:10 - 2013-09-27 09:10 - 00030338 _____ C:\Dokumente und Einstellungen\winnie\Desktop\Extras.Txt
2013-09-26 20:18 - 2013-09-26 20:18 - 00000756 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Malwarebytes
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
2013-09-26 20:17 - 2013-09-26 20:18 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-09-26 20:17 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-09-26 19:00 - 2013-09-26 19:00 - 00001998 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\AdwCleaner[S0].txt
2013-09-26 18:34 - 2013-10-07 13:53 - 00000000 ___DC C:\AdwCleaner
2013-09-26 18:33 - 2013-09-26 18:33 - 00000660 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\JRT.txt
2013-09-26 18:20 - 2013-09-26 18:20 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-26 18:19 - 2013-09-26 18:15 - 01030038 _____ (Thisisu) C:\Dokumente und Einstellungen\winnie\Desktop\JRT.exe
2013-09-26 18:17 - 2013-09-26 18:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Dokumente und Einstellungen\winnie\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-26 18:17 - 2013-09-26 18:14 - 00602112 _____ (OldTimer Tools) C:\Dokumente und Einstellungen\winnie\Desktop\OTL.exe
2013-09-26 18:15 - 2013-09-26 18:15 - 00002450 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\aswMBR.txt
2013-09-26 18:15 - 2013-09-26 18:15 - 00000512 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\MBR.dat
2013-09-26 13:02 - 2013-09-26 13:02 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-09-26 12:59 - 2013-09-27 20:48 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\mbar
2013-09-26 12:55 - 2013-09-26 12:54 - 02237968 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\winnie\Desktop\tdsskiller.exe
2013-09-26 12:22 - 2013-09-26 12:58 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\sophos
2013-09-26 12:10 - 2013-09-26 12:10 - 00001108 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\connections.reg
2013-09-26 09:57 - 2013-09-26 09:57 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Lokale Einstellungen\Anwendungsdaten\Sophos
2013-09-26 09:43 - 2013-09-27 18:59 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos
2013-09-26 09:34 - 2013-09-26 09:34 - 00000000 ____D C:\Programme\MSXML 4.0
2013-09-25 16:21 - 2013-09-26 09:29 - 00000000 ___DC C:\savw_100_sa
2013-09-25 14:15 - 2013-09-25 14:15 - 00000787 _____ C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 8.lnk
2013-09-25 14:15 - 2013-09-25 14:15 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8
2013-09-25 14:14 - 2013-09-25 14:14 - 00000000 ____D C:\Programme\TeamViewer

==================== One Month Modified Files and Folders =======

2013-10-07 15:36 - 2013-09-28 13:45 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
2013-10-07 15:22 - 2013-10-07 15:22 - 00000582 _____ C:\Dokumente und Einstellungen\winnie\Desktop\JRT.txt
2013-10-07 14:42 - 2007-04-02 08:24 - 00353950 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-07 14:00 - 2013-09-27 12:16 - 00000356 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-10-07 13:55 - 2007-04-02 09:13 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-07 13:55 - 2007-04-02 09:13 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-07 13:55 - 2007-04-02 08:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-07 13:55 - 2004-11-11 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-07 13:54 - 2007-04-06 14:17 - 00000190 ___SH C:\Dokumente und Einstellungen\winnie\ntuser.ini
2013-10-07 13:54 - 2007-04-06 14:17 - 00000000 ____D C:\Dokumente und Einstellungen\winnie
2013-10-07 13:54 - 2007-04-02 08:31 - 00032508 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-07 13:53 - 2013-09-26 18:34 - 00000000 ___DC C:\AdwCleaner
2013-10-06 11:13 - 2007-06-27 18:43 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\Kunst
2013-10-06 00:16 - 2007-04-02 08:30 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService
2013-10-05 19:51 - 2013-10-05 19:51 - 00030168 ____C C:\ComboFix.txt
2013-10-05 19:51 - 2013-10-04 09:38 - 00000000 ___DC C:\Qoobox
2013-10-05 19:49 - 2007-04-10 12:30 - 00000000 ___RD C:\Dokumente und Einstellungen\margarete\Startmenü\Programme\Autostart
2013-10-05 19:48 - 2013-10-02 10:54 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-05 19:46 - 2004-11-11 14:00 - 00000227 ____C C:\WINDOWS\system.ini
2013-10-05 19:45 - 2007-04-02 09:10 - 00000000 ___RD C:\Programme
2013-10-04 09:30 - 2007-06-04 17:08 - 00233760 ____C C:\Dokumente und Einstellungen\winnie\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2013-10-04 09:22 - 2013-10-04 09:22 - 00000000 ___SD C:\Dokumente und Einstellungen\winnie\UserData
2013-10-04 08:58 - 2013-10-04 09:36 - 05130782 ____R (Swearware) C:\Dokumente und Einstellungen\winnie\Desktop\ComboFix.exe
2013-10-04 08:49 - 2007-04-02 09:09 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2013-10-03 17:05 - 2007-04-02 08:22 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-10-02 10:58 - 2013-10-02 10:58 - 00000000 RSHDC C:\cmdcons
2013-10-02 10:58 - 2007-04-02 10:08 - 00000327 _RSHC C:\boot.ini
2013-10-01 13:50 - 2009-01-08 16:09 - 00000000 ____D C:\Programme\SkyTestFQ
2013-10-01 13:21 - 2013-09-03 17:39 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-10-01 13:13 - 2010-04-05 17:58 - 00000000 ___RD C:\Programme\Skype
2013-10-01 13:13 - 2010-01-08 16:52 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2013-09-30 16:14 - 2013-09-30 16:14 - 00000000 ____D C:\Programme\ESET
2013-09-28 13:45 - 2013-09-28 13:45 - 00000000 ___DC C:\FRST
2013-09-27 20:50 - 2013-09-27 20:48 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-09-27 20:48 - 2013-09-27 20:48 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-27 20:48 - 2013-09-26 12:59 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\mbar
2013-09-27 18:59 - 2013-09-26 09:43 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos
2013-09-27 12:16 - 2013-09-27 12:16 - 00001653 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
2013-09-27 12:16 - 2013-09-27 12:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
2013-09-27 12:16 - 2007-04-02 08:26 - 00002951 ____C C:\WINDOWS\system32\CONFIG.NT
2013-09-27 12:10 - 2013-09-27 12:10 - 00000000 ____D C:\Programme\AVAST Software
2013-09-27 12:10 - 2013-09-27 12:08 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
2013-09-27 09:10 - 2013-09-27 09:10 - 00045082 _____ C:\Dokumente und Einstellungen\winnie\Desktop\OTL.Txt
2013-09-27 09:10 - 2013-09-27 09:10 - 00030338 _____ C:\Dokumente und Einstellungen\winnie\Desktop\Extras.Txt
2013-09-27 07:56 - 2007-04-02 10:02 - 00000000 ____D C:\WINDOWS\twain_32
2013-09-26 20:18 - 2013-09-26 20:18 - 00000756 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Malwarebytes
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
2013-09-26 20:18 - 2013-09-26 20:17 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-09-26 19:00 - 2013-09-26 19:00 - 00001998 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\AdwCleaner[S0].txt
2013-09-26 18:33 - 2013-09-26 18:33 - 00000660 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\JRT.txt
2013-09-26 18:20 - 2013-09-26 18:20 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-26 18:16 - 2007-04-06 11:05 - 00000190 __SHC C:\Dokumente und Einstellungen\matthias\ntuser.ini
2013-09-26 18:15 - 2013-09-26 18:19 - 01030038 _____ (Thisisu) C:\Dokumente und Einstellungen\winnie\Desktop\JRT.exe
2013-09-26 18:15 - 2013-09-26 18:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Dokumente und Einstellungen\winnie\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-26 18:15 - 2013-09-26 18:15 - 00002450 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\aswMBR.txt
2013-09-26 18:15 - 2013-09-26 18:15 - 00000512 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\MBR.dat
2013-09-26 18:14 - 2013-09-26 18:17 - 00602112 _____ (OldTimer Tools) C:\Dokumente und Einstellungen\winnie\Desktop\OTL.exe
2013-09-26 18:08 - 2013-09-27 09:18 - 131918888 _____ C:\Dokumente und Einstellungen\winnie\Desktop\avast_free_antivirus_setup.exe
2013-09-26 15:59 - 2007-04-02 08:23 - 00000000 ____D C:\WINDOWS\srchasst
2013-09-26 13:02 - 2013-09-26 13:02 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-09-26 12:58 - 2013-09-26 12:22 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\sophos
2013-09-26 12:54 - 2013-09-26 12:55 - 02237968 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\winnie\Desktop\tdsskiller.exe
2013-09-26 12:32 - 2013-05-27 11:14 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Siblhzisnrb
2013-09-26 12:10 - 2013-09-26 12:10 - 00001108 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\connections.reg
2013-09-26 09:57 - 2013-09-26 09:57 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Lokale Einstellungen\Anwendungsdaten\Sophos
2013-09-26 09:34 - 2013-09-26 09:34 - 00000000 ____D C:\Programme\MSXML 4.0
2013-09-26 09:29 - 2013-09-25 16:21 - 00000000 ___DC C:\savw_100_sa
2013-09-26 09:27 - 2007-04-02 09:09 - 00796344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-25 15:03 - 2010-12-25 19:09 - 00000000 ____D C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744
2013-09-25 14:15 - 2013-09-25 14:15 - 00000787 _____ C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 8.lnk
2013-09-25 14:15 - 2013-09-25 14:15 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8
2013-09-25 14:14 - 2013-09-25 14:14 - 00000000 ____D C:\Programme\TeamViewer
2013-09-25 13:08 - 2007-04-06 14:21 - 00002495 _____ C:\Dokumente und Einstellungen\winnie\Desktop\Microsoft Word.lnk
2013-09-24 21:47 - 2007-08-22 15:04 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\e5
2013-09-22 11:55 - 2007-07-21 17:22 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\Ku5
2013-09-22 11:49 - 2007-04-15 20:26 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\d6
2013-09-22 11:47 - 2007-11-06 22:02 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\d5
2013-09-19 10:23 - 2007-04-10 12:30 - 00000190 ___SH C:\Dokumente und Einstellungen\margarete\ntuser.ini
2013-09-18 15:40 - 2007-07-21 17:39 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\formulare
2013-09-13 19:07 - 2012-07-09 17:53 - 00000000 ____D C:\Programme\Mozilla Maintenance Service

Files to move or delete:
====================
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\dm.ini


Some content of TEMP:
====================
C:\Dokumente und Einstellungen\winnie\Lokale Einstellungen\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 1035264 ____A (Microsoft Corporation) 22fe1be02eadde1632e478e4125639e0

C:\Windows\System32\winlogon.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0507392 ____A (Microsoft Corporation) 2b6a0baf33a9918f09442d873848ff72

C:\Windows\System32\svchost.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0014336 ____A (Microsoft Corporation) 65a819b121eb6fdab4400ea42bdffe64

C:\Windows\System32\services.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0108544 ____A (Microsoft Corporation) edb6b81761bd60f32f740bbc40afb676

C:\Windows\System32\User32.dll
[2004-11-11 14:00] - [2004-11-11 14:00] - 0578560 ____A (Microsoft Corporation) 56785fd5236d7b22cf471a6da9db46d8

C:\Windows\System32\userinit.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0025088 ____A (Microsoft Corporation) d1e53dc57143f2584b1dd53b036c0633

C:\Windows\System32\Drivers\volsnap.sys
[2004-11-11 14:00] - [2004-11-11 14:00] - 0053760 ____A (Microsoft Corporation) d6888520ff56d72a50437e371ca25fc9


==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


5. FRST Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by winnie at 2013-10-07 15:56:18
Running from C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

Adobe Flash Player 10 Plugin (Version: 10.1.102.64)
Adobe Photoshop CS (Version: CS)
Adobe Reader 8.1.2 - Deutsch (Version: 8.1.2)
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Apache HTTP Server 2.2.10 (Version: 2.2.10)
avast! Free Antivirus (Version: 8.0.1497.0)
Bomberclone
Bridge Builder
Canon Camera Access Library (Version: 8.1.1.17)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.2.0.8)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.1.0.7)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.2.0.5)
Canon Internet Library for ZoomBrowser EX (Version: 1.4.2.6)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.4.0.7)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.5.0.5)
Canon Utilities Digital Photo Professional 2.2 (Version: 2.2.0.1)
Canon Utilities EOS Utility (Version: 1.1.0.8)
Canon Utilities PhotoStitch (Version: 3.1.18.42)
Canon Utilities ZoomBrowser EX (Version: 5.7.0.74)
CorelDRAW Graphics Suite 12 (Version: 12.0.0.458)
ElsterFormular für Privatanwender (Version: 12.3.2.6814p)
EPSON PhotoQuicker3.5
EPSON Web-To-Page
EPSON-Drucker-Software
ESC86 Referenzhandbuch
ESC86 Softwarehandbuch
ESET Online Scanner v3
FreePDF XP (Remove only)
GTK+ Runtime 2.14.7 rev a (remove only)
IrfanView (remove only)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MediaImpression 2.0 for PENTAX (Version: 2.0.63.630)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft Office XP Professional mit FrontPage (Version: 10.0.2701.01)
Microsoft Silverlight (Version: 1.0.20926.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero 7 Ultra Edition (Version: 7.00.0177)
PCI Audio Driver
RedMon - Redirection Port Monitor
ScanToWeb
Skype Toolbars (Version: 1.0.4051)
Skype™ 5.0 (Version: 5.0.152)
TeamViewer 8 (Version: 8.0.20935)
USB Scanner
USB2.0 PC Camera (SN9C201&202) (Version: 5.7.22.000)
WebFldrs XP (Version: 9.50.7523)
Windows Installer 3.1 (KB893803) (Version: 3.1)
WinRAR Archivierer
WINZD 2013-04
ZTestHL 12.0.0 (Version: 12.0.0)

==================== Restore Points  =========================

03-10-2013 15:05:28 Systemprüfpunkt
04-10-2013 06:48:55 Sygate Personal Firewall wird entfernt

==================== Hosts content: ==========================

2004-11-11 14:00 - 2013-10-05 19:46 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Programme\AVAST Software\Avast\AvastEmUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-07 09:51 - 2013-10-07 08:38 - 02104832 _____ () C:\Programme\AVAST Software\Avast\defs\13100700\algo.dll
2008-02-12 20:52 - 2005-01-06 19:33 - 00116224 _____ () C:\WINDOWS\system32\redmonnt.dll
2004-11-11 14:00 - 2004-11-11 14:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2013 00:27:17 PM) (Source: crypt32) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (09/27/2013 00:27:05 PM) (Source: crypt32) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (09/27/2013 00:27:02 PM) (Source: crypt32) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (09/19/2013 10:04:19 AM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.

Error: (09/19/2013 10:04:19 AM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.

Error: (09/12/2013 05:57:30 PM) (Source: Microsoft Office 10) (User: )
Description: Faulting application winword.exe, version 10.0.2627.0, faulting module winword.exe, version 10.0.2627.0, fault address 0x00046c3b.

Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.

Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.

Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.

Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.


System errors:
=============
Error: (10/06/2013 09:22:11 AM) (Source: Windows Update Agent) (User: )
Description: Verbindung kann nicht hergestellt werden: Die Verbindung mit dem Dienst für automatische Updates konnte nicht hergestellt werden, so dass keine Updates zum angegebenen Zeitplan übertragen und installiert werden können. Es wird weiterhin versucht, eine Verbindung herzustellen.

Error: (10/02/2013 01:38:04 PM) (Source: System Error) (User: )
Description: Fehlercode 0000004d, 1. Parameter 0001d218, 2. Parameter 0001d218, 3. Parameter 0000769e, 4. Parameter 00000000.

Error: (10/02/2013 01:37:56 PM) (Source: System Error) (User: )
Description: Fehlercode 100000ea, 1. Parameter 819b3700, 2. Parameter 82157008, 3. Parameter f8964cb4, 4. Parameter 00000001.

Error: (10/02/2013 01:37:48 PM) (Source: System Error) (User: )
Description: Fehlercode 000000ea, 1. Parameter 82146be0, 2. Parameter 820296e0, 3. Parameter 82023230, 4. Parameter 00000001.

Error: (10/02/2013 01:37:43 PM) (Source: System Error) (User: )
Description: Fehlercode 100000ea, 1. Parameter 82141020, 2. Parameter 820dabf8, 3. Parameter f8968cb4, 4. Parameter 00000001.

Error: (10/02/2013 01:37:28 PM) (Source: System Error) (User: )
Description: Fehlercode 100000ea, 1. Parameter 82060da8, 2. Parameter 8212a140, 3. Parameter f8960cb4, 4. Parameter 00000001.

Error: (10/02/2013 01:37:24 PM) (Source: System Error) (User: )
Description: Fehlercode 000000ea, 1. Parameter 81ff7da8, 2. Parameter 820154b8, 3. Parameter 82098038, 4. Parameter 00000001.

Error: (10/02/2013 01:37:19 PM) (Source: System Error) (User: )
Description: Fehlercode 100000ea, 1. Parameter 81a5db68, 2. Parameter 82186200, 3. Parameter f8964cb4, 4. Parameter 00000001.

Error: (10/02/2013 01:36:29 PM) (Source: System Error) (User: )
Description: Fehlercode 000000ea, 1. Parameter 81d19d00, 2. Parameter 82011e20, 3. Parameter 820a9688, 4. Parameter 00000001.

Error: (10/02/2013 01:32:10 PM) (Source: Service Control Manager) (User: )
Description: Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst TeamViewer8.


Microsoft Office Sessions:
=========================
Error: (09/27/2013 00:27:17 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (09/27/2013 00:27:05 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (09/27/2013 00:27:02 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (09/19/2013 10:04:19 AM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a

Error: (09/19/2013 10:04:19 AM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a

Error: (09/12/2013 05:57:30 PM) (Source: Microsoft Office 10)(User: )
Description: winword.exe10.0.2627.0winword.exe10.0.2627.000046c3b

Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a

Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a

Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a

Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a


==================== Memory info ===========================

Percentage of memory in use: 64%
Total physical RAM: 511.49 MB
Available physical RAM: 181.49 MB
Total Pagefile: 1249.54 MB
Available Pagefile: 941.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:19.53 GB) (Free:5.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:14.65 GB) (Free:3.29 GB) NTFS
Drive e: () (Fixed) (Total:3.98 GB) (Free:3.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 38 GB) (Disk ID: 0AE20AE1)
Partition 1: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=19 GB) - (Type=OF Extended)

==================== End Of Log ============================
Was ich vorhin noch vergessen hatte (keine Ahnung, ob das wichtig ist): die Firewall (sygate) musste ich scheinbar runterschmeissen, um ComboFix zum Laufen zu kriegen. Jedenfalls lief es danach zum ersten Mal durch.

Beste Grüße,

pummel

schrauber 08.10.2013 08:07
Bitte nochmal mit TDSSKiller scannen und das Log posten.

pummelfee 08.10.2013 08:29
Bitteschön

Code:
09:26:22.0828 2812  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:26:23.0171 2812  ============================================================
09:26:23.0171 2812  Current date / time: 2013/10/08 09:26:23.0171
09:26:23.0171 2812  SystemInfo:
09:26:23.0171 2812 
09:26:23.0171 2812  OS Version: 5.1.2600 ServicePack: 2.0
09:26:23.0171 2812  Product type: Workstation
09:26:23.0171 2812  ComputerName: ASGARD
09:26:23.0171 2812  UserName: winnie
09:26:23.0171 2812  Windows directory: C:\WINDOWS
09:26:23.0171 2812  System windows directory: C:\WINDOWS
09:26:23.0171 2812  Processor architecture: Intel x86
09:26:23.0171 2812  Number of processors: 1
09:26:23.0171 2812  Page size: 0x1000
09:26:23.0171 2812  Boot type: Normal boot
09:26:23.0171 2812  ============================================================
09:26:25.0484 2812  Drive \Device\Harddisk0\DR0 - Size: 0x98ABA0000 (38.17 Gb), SectorSize: 0x200, Cylinders: 0x1376, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:26:25.0484 2812  ============================================================
09:26:25.0484 2812  \Device\Harddisk0\DR0:
09:26:25.0484 2812  MBR partitions:
09:26:25.0484 2812  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
09:26:25.0515 2812  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x1D4B139
09:26:25.0546 2812  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x445C82D, BlocksNum 0x7F3908
09:26:25.0546 2812  ============================================================
09:26:25.0609 2812  C: <-> \Device\Harddisk0\DR0\Partition1
09:26:25.0640 2812  D: <-> \Device\Harddisk0\DR0\Partition2
09:26:25.0671 2812  E: <-> \Device\Harddisk0\DR0\Partition3
09:26:25.0671 2812  ============================================================
09:26:25.0687 2812  Initialize success
09:26:25.0687 2812  ============================================================
09:26:32.0234 3552  ============================================================
09:26:32.0234 3552  Scan started
09:26:32.0234 3552  Mode: Manual; SigCheck; TDLFS;
09:26:32.0234 3552  ============================================================
09:26:32.0859 3552  ================ Scan system memory ========================
09:26:32.0906 3552  System memory - ok
09:26:32.0906 3552  ================ Scan services =============================
09:26:33.0062 3552  Abiosdsk - ok
09:26:33.0078 3552  abp480n5 - ok
09:26:33.0203 3552  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
09:26:33.0656 3552  ACDaemon - ok
09:26:33.0718 3552  [ 94B4741D2CF9ED38140B831293D1601A ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:26:34.0812 3552  ACPI ( UnsignedFile.Multi.Generic ) - warning
09:26:34.0812 3552  ACPI - detected UnsignedFile.Multi.Generic (1)
09:26:34.0859 3552  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
09:26:34.0875 3552  ACPIEC ( UnsignedFile.Multi.Generic ) - warning
09:26:34.0875 3552  ACPIEC - detected UnsignedFile.Multi.Generic (1)
09:26:34.0921 3552  [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
09:26:34.0953 3552  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
09:26:34.0953 3552  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
09:26:34.0984 3552  adpu160m - ok
09:26:35.0046 3552  [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec            C:\WINDOWS\system32\drivers\aec.sys
09:26:35.0062 3552  aec ( UnsignedFile.Multi.Generic ) - warning
09:26:35.0062 3552  aec - detected UnsignedFile.Multi.Generic (1)
09:26:35.0109 3552  [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc            C:\WINDOWS\system32\drivers\Afc.sys
09:26:35.0125 3552  Afc - ok
09:26:35.0187 3552  [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD            C:\WINDOWS\System32\drivers\afd.sys
09:26:35.0203 3552  AFD ( UnsignedFile.Multi.Generic ) - warning
09:26:35.0203 3552  AFD - detected UnsignedFile.Multi.Generic (1)
09:26:35.0265 3552  [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
09:26:35.0296 3552  agp440 ( UnsignedFile.Multi.Generic ) - warning
09:26:35.0296 3552  agp440 - detected UnsignedFile.Multi.Generic (1)
09:26:35.0312 3552  Aha154x - ok
09:26:35.0328 3552  aic78u2 - ok
09:26:35.0359 3552  aic78xx - ok
09:26:35.0421 3552  [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter        C:\WINDOWS\system32\alrsvc.dll
09:26:35.0437 3552  Alerter ( UnsignedFile.Multi.Generic ) - warning
09:26:35.0437 3552  Alerter - detected UnsignedFile.Multi.Generic (1)
09:26:35.0468 3552  [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG            C:\WINDOWS\System32\alg.exe
09:26:35.0500 3552  ALG ( UnsignedFile.Multi.Generic ) - warning
09:26:35.0500 3552  ALG - detected UnsignedFile.Multi.Generic (1)
09:26:35.0515 3552  AliIde - ok
09:26:35.0531 3552  amsint - ok
09:26:35.0593 3552  [ BECD5328E7869807D6557BE4FE60C72F ] AppMgmt        C:\WINDOWS\System32\appmgmts.dll
09:26:35.0625 3552  AppMgmt ( UnsignedFile.Multi.Generic ) - warning
09:26:35.0625 3552  AppMgmt - detected UnsignedFile.Multi.Generic (1)
09:26:35.0640 3552  asc - ok
09:26:35.0656 3552  asc3350p - ok
09:26:35.0671 3552  asc3550 - ok
09:26:35.0796 3552  [ D33C507942299753868204CC7642FA27 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:26:35.0828 3552  aspnet_state - ok
09:26:35.0906 3552  [ B9FE438B3CAD82B2014710349A2022F7 ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
09:26:35.0953 3552  aswFsBlk - ok
09:26:36.0000 3552  [ AE5549DD21F6DE06406031EF1D51ACC3 ] aswMonFlt      C:\WINDOWS\system32\drivers\aswMonFlt.sys
09:26:36.0046 3552  aswMonFlt - ok
09:26:36.0156 3552  [ D084D0A7A66619FC29776CBBB9D5FA55 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
09:26:36.0203 3552  AswRdr - ok
09:26:36.0234 3552  [ FA72FA503F580C3C628DD8C7D7622E37 ] aswRvrt        C:\WINDOWS\system32\drivers\aswRvrt.sys
09:26:36.0250 3552  aswRvrt - ok
09:26:36.0406 3552  [ 4D53349D848C6BADB3D4ACBE98C27676 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
09:26:36.0546 3552  aswSnx - ok
09:26:36.0625 3552  [ 813024DFD54A41B3AFAE2B1E2796CB80 ] aswSP          C:\WINDOWS\system32\drivers\aswSP.sys
09:26:36.0671 3552  aswSP - ok
09:26:36.0703 3552  [ 5E18413310134130D7772F0668698CB7 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
09:26:36.0750 3552  aswTdi - ok
09:26:36.0796 3552  [ A5F637D61719D37A5B4868C385E363C0 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
09:26:36.0828 3552  aswVmm - ok
09:26:36.0890 3552  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:26:36.0906 3552  AsyncMac ( UnsignedFile.Multi.Generic ) - warning
09:26:36.0906 3552  AsyncMac - detected UnsignedFile.Multi.Generic (1)
09:26:36.0984 3552  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi          C:\WINDOWS\system32\DRIVERS\atapi.sys
09:26:37.0000 3552  atapi ( UnsignedFile.Multi.Generic ) - warning
09:26:37.0000 3552  atapi - detected UnsignedFile.Multi.Generic (1)
09:26:37.0015 3552  Atdisk - ok
09:26:37.0078 3552  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc        C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:26:37.0093 3552  Atmarpc ( UnsignedFile.Multi.Generic ) - warning
09:26:37.0093 3552  Atmarpc - detected UnsignedFile.Multi.Generic (1)
09:26:37.0187 3552  [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
09:26:37.0218 3552  AudioSrv ( UnsignedFile.Multi.Generic ) - warning
09:26:37.0218 3552  AudioSrv - detected UnsignedFile.Multi.Generic (1)
09:26:37.0281 3552  [ D9F724AA26C010A217C97606B160ED68 ] audstub        C:\WINDOWS\system32\DRIVERS\audstub.sys
09:26:37.0312 3552  audstub ( UnsignedFile.Multi.Generic ) - warning
09:26:37.0312 3552  audstub - detected UnsignedFile.Multi.Generic (1)
09:26:37.0390 3552  [ 9330941C8F6DF417F6DBBE998DB6687E ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
09:26:37.0406 3552  avast! Antivirus - ok
09:26:37.0468 3552  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
09:26:37.0484 3552  Beep ( UnsignedFile.Multi.Generic ) - warning
09:26:37.0484 3552  Beep - detected UnsignedFile.Multi.Generic (1)
09:26:37.0578 3552  [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS            C:\WINDOWS\system32\qmgr.dll
09:26:37.0671 3552  BITS ( UnsignedFile.Multi.Generic ) - warning
09:26:37.0671 3552  BITS - detected UnsignedFile.Multi.Generic (1)
09:26:37.0734 3552  [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser        C:\WINDOWS\System32\browser.dll
09:26:37.0750 3552  Browser ( UnsignedFile.Multi.Generic ) - warning
09:26:37.0750 3552  Browser - detected UnsignedFile.Multi.Generic (1)
09:26:37.0921 3552  catchme - ok
09:26:37.0968 3552  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k        C:\WINDOWS\system32\drivers\cbidf2k.sys
09:26:37.0984 3552  cbidf2k ( UnsignedFile.Multi.Generic ) - warning
09:26:37.0984 3552  cbidf2k - detected UnsignedFile.Multi.Generic (1)
09:26:38.0046 3552  [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8        C:\Programme\Canon\CAL\CALMAIN.exe
09:26:38.0062 3552  CCALib8 ( UnsignedFile.Multi.Generic ) - warning
09:26:38.0062 3552  CCALib8 - detected UnsignedFile.Multi.Generic (1)
09:26:38.0125 3552  [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:26:38.0125 3552  CCDECODE ( UnsignedFile.Multi.Generic ) - warning
09:26:38.0125 3552  CCDECODE - detected UnsignedFile.Multi.Generic (1)
09:26:38.0156 3552  cd20xrnt - ok
09:26:38.0203 3552  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio        C:\WINDOWS\system32\drivers\Cdaudio.sys
09:26:38.0218 3552  Cdaudio ( UnsignedFile.Multi.Generic ) - warning
09:26:38.0218 3552  Cdaudio - detected UnsignedFile.Multi.Generic (1)
09:26:38.0281 3552  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
09:26:38.0312 3552  Cdfs ( UnsignedFile.Multi.Generic ) - warning
09:26:38.0312 3552  Cdfs - detected UnsignedFile.Multi.Generic (1)
09:26:38.0375 3552  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom          C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:26:38.0453 3552  Cdrom ( UnsignedFile.Multi.Generic ) - warning
09:26:38.0453 3552  Cdrom - detected UnsignedFile.Multi.Generic (1)
09:26:38.0468 3552  Changer - ok
09:26:38.0515 3552  [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc          C:\WINDOWS\system32\cisvc.exe
09:26:38.0531 3552  CiSvc ( UnsignedFile.Multi.Generic ) - warning
09:26:38.0531 3552  CiSvc - detected UnsignedFile.Multi.Generic (1)
09:26:38.0546 3552  [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv        C:\WINDOWS\system32\clipsrv.exe
09:26:38.0578 3552  ClipSrv ( UnsignedFile.Multi.Generic ) - warning
09:26:38.0578 3552  ClipSrv - detected UnsignedFile.Multi.Generic (1)
09:26:38.0656 3552  [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:26:38.0703 3552  clr_optimization_v2.0.50727_32 - ok
09:26:38.0718 3552  CmdIde - ok
09:26:38.0796 3552  [ 9120C9CAAC11A6149B6B1EB1598733B6 ] cmpci          C:\WINDOWS\system32\drivers\cmaudio.sys
09:26:38.0843 3552  cmpci ( UnsignedFile.Multi.Generic ) - warning
09:26:38.0843 3552  cmpci - detected UnsignedFile.Multi.Generic (1)
09:26:38.0859 3552  COMSysApp - ok
09:26:38.0906 3552  Cpqarray - ok
09:26:38.0953 3552  [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
09:26:38.0984 3552  CryptSvc ( UnsignedFile.Multi.Generic ) - warning
09:26:38.0984 3552  CryptSvc - detected UnsignedFile.Multi.Generic (1)
09:26:38.0984 3552  dac2w2k - ok
09:26:39.0015 3552  dac960nt - ok
09:26:39.0062 3552  [ 9F28FF58D6D67B123272869D89D14004 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
09:26:39.0140 3552  DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0140 3552  DcomLaunch - detected UnsignedFile.Multi.Generic (1)
09:26:39.0203 3552  [ 69F986B2688BA95A0D9362B0E233D5FF ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
09:26:39.0218 3552  Dhcp ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0218 3552  Dhcp - detected UnsignedFile.Multi.Generic (1)
09:26:39.0250 3552  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
09:26:39.0296 3552  Disk ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0296 3552  Disk - detected UnsignedFile.Multi.Generic (1)
09:26:39.0312 3552  dmadmin - ok
09:26:39.0390 3552  [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
09:26:39.0453 3552  dmboot ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0453 3552  dmboot - detected UnsignedFile.Multi.Generic (1)
09:26:39.0500 3552  [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
09:26:39.0546 3552  dmio ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0546 3552  dmio - detected UnsignedFile.Multi.Generic (1)
09:26:39.0578 3552  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
09:26:39.0593 3552  dmload ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0593 3552  dmload - detected UnsignedFile.Multi.Generic (1)
09:26:39.0625 3552  [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver        C:\WINDOWS\System32\dmserver.dll
09:26:39.0703 3552  dmserver ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0703 3552  dmserver - detected UnsignedFile.Multi.Generic (1)
09:26:39.0765 3552  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
09:26:39.0796 3552  DMusic ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0796 3552  DMusic - detected UnsignedFile.Multi.Generic (1)
09:26:39.0859 3552  [ D1F5B71BBAEEE07B78980DBD878C0BC7 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
09:26:39.0875 3552  Dnscache ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0875 3552  Dnscache - detected UnsignedFile.Multi.Generic (1)
09:26:39.0890 3552  dpti2o - ok
09:26:39.0921 3552  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud        C:\WINDOWS\system32\drivers\drmkaud.sys
09:26:39.0937 3552  drmkaud ( UnsignedFile.Multi.Generic ) - warning
09:26:39.0937 3552  drmkaud - detected UnsignedFile.Multi.Generic (1)
09:26:40.0015 3552  [ 877A4512CC9074D6954776AF47021766 ] ERSvc          C:\WINDOWS\System32\ersvc.dll
09:26:40.0031 3552  ERSvc ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0031 3552  ERSvc - detected UnsignedFile.Multi.Generic (1)
09:26:40.0093 3552  [ EDB6B81761BD60F32F740BBC40AFB676 ] Eventlog        C:\WINDOWS\system32\services.exe
09:26:40.0125 3552  Eventlog ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0125 3552  Eventlog - detected UnsignedFile.Multi.Generic (1)
09:26:40.0156 3552  [ 4E1A8645EE77CB9454FFE53C59620A25 ] EventSystem    C:\WINDOWS\system32\es.dll
09:26:40.0187 3552  EventSystem ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0187 3552  EventSystem - detected UnsignedFile.Multi.Generic (1)
09:26:40.0265 3552  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat        C:\WINDOWS\system32\drivers\Fastfat.sys
09:26:40.0296 3552  Fastfat ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0296 3552  Fastfat - detected UnsignedFile.Multi.Generic (1)
09:26:40.0343 3552  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:26:40.0375 3552  FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0375 3552  FastUserSwitchingCompatibility - detected UnsignedFile.Multi.Generic (1)
09:26:40.0468 3552  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc            C:\WINDOWS\system32\drivers\Fdc.sys
09:26:40.0484 3552  Fdc ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0484 3552  Fdc - detected UnsignedFile.Multi.Generic (1)
09:26:40.0546 3552  [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
09:26:40.0562 3552  Fips ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0578 3552  Fips - detected UnsignedFile.Multi.Generic (1)
09:26:40.0671 3552  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
09:26:40.0671 3552  Flpydisk ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0671 3552  Flpydisk - detected UnsignedFile.Multi.Generic (1)
09:26:40.0750 3552  [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:26:40.0765 3552  FltMgr ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0765 3552  FltMgr - detected UnsignedFile.Multi.Generic (1)
09:26:40.0812 3552  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:26:40.0843 3552  Fs_Rec ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0843 3552  Fs_Rec - detected UnsignedFile.Multi.Generic (1)
09:26:40.0875 3552  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:26:40.0953 3552  Ftdisk ( UnsignedFile.Multi.Generic ) - warning
09:26:40.0953 3552  Ftdisk - detected UnsignedFile.Multi.Generic (1)
09:26:40.0953 3552  [ 5F92FD09E5610A5995DA7D775EADCD12 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
09:26:41.0000 3552  gameenum ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0000 3552  gameenum - detected UnsignedFile.Multi.Generic (1)
09:26:41.0031 3552  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc            C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:26:41.0078 3552  Gpc ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0078 3552  Gpc - detected UnsignedFile.Multi.Generic (1)
09:26:41.0171 3552  [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc        C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:26:41.0187 3552  helpsvc ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0187 3552  helpsvc - detected UnsignedFile.Multi.Generic (1)
09:26:41.0234 3552  [ 923EE4EEF2582909A056904CA8026015 ] hidgame        C:\WINDOWS\system32\DRIVERS\hidgame.sys
09:26:41.0250 3552  hidgame ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0250 3552  hidgame - detected UnsignedFile.Multi.Generic (1)
09:26:41.0265 3552  HidServ - ok
09:26:41.0328 3552  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:26:41.0343 3552  HidUsb ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0343 3552  HidUsb - detected UnsignedFile.Multi.Generic (1)
09:26:41.0343 3552  hpn - ok
09:26:41.0406 3552  [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
09:26:41.0437 3552  HTTP ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0437 3552  HTTP - detected UnsignedFile.Multi.Generic (1)
09:26:41.0484 3552  [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
09:26:41.0515 3552  HTTPFilter ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0515 3552  HTTPFilter - detected UnsignedFile.Multi.Generic (1)
09:26:41.0531 3552  i2omgmt - ok
09:26:41.0546 3552  i2omp - ok
09:26:41.0609 3552  [ 7C575018D0413440D75432A78B88C899 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:26:41.0640 3552  i8042prt ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0640 3552  i8042prt - detected UnsignedFile.Multi.Generic (1)
09:26:41.0828 3552  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
09:26:41.0843 3552  IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0843 3552  IDriverT - detected UnsignedFile.Multi.Generic (1)
09:26:41.0906 3552  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi          C:\WINDOWS\system32\DRIVERS\imapi.sys
09:26:41.0921 3552  Imapi ( UnsignedFile.Multi.Generic ) - warning
09:26:41.0921 3552  Imapi - detected UnsignedFile.Multi.Generic (1)
09:26:41.0984 3552  [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService    C:\WINDOWS\system32\imapi.exe
09:26:42.0015 3552  ImapiService ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0015 3552  ImapiService - detected UnsignedFile.Multi.Generic (1)
09:26:42.0031 3552  InCDFs - ok
09:26:42.0046 3552  InCDPass - ok
09:26:42.0046 3552  InCDRm - ok
09:26:42.0140 3552  ini910u - ok
09:26:42.0234 3552  [ D63C33F65F6EBC732116403D88883B2D ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
09:26:42.0250 3552  IntelIde ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0250 3552  IntelIde - detected UnsignedFile.Multi.Generic (1)
09:26:42.0312 3552  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw          C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:26:42.0312 3552  Ip6Fw ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0312 3552  Ip6Fw - detected UnsignedFile.Multi.Generic (1)
09:26:42.0359 3552  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:26:42.0390 3552  IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0390 3552  IpFilterDriver - detected UnsignedFile.Multi.Generic (1)
09:26:42.0421 3552  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:26:42.0437 3552  IpInIp ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0437 3552  IpInIp - detected UnsignedFile.Multi.Generic (1)
09:26:42.0500 3552  [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat          C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:26:42.0531 3552  IpNat ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0531 3552  IpNat - detected UnsignedFile.Multi.Generic (1)
09:26:42.0593 3552  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec          C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:26:42.0609 3552  IPSec ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0609 3552  IPSec - detected UnsignedFile.Multi.Generic (1)
09:26:42.0656 3552  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
09:26:42.0671 3552  IRENUM ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0671 3552  IRENUM - detected UnsignedFile.Multi.Generic (1)
09:26:42.0718 3552  [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:26:42.0750 3552  isapnp ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0750 3552  isapnp - detected UnsignedFile.Multi.Generic (1)
09:26:42.0781 3552  [ 1988A33FF19242576C3D0EF9CE785DA7 ] Kbardsentca    C:\WINDOWS\system32\drivers\MSPQM.sys
09:26:42.0796 3552  Kbardsentca ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0796 3552  Kbardsentca - detected UnsignedFile.Multi.Generic (1)
09:26:42.0859 3552  [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:26:42.0875 3552  Kbdclass ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0875 3552  Kbdclass - detected UnsignedFile.Multi.Generic (1)
09:26:42.0906 3552  [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
09:26:42.0937 3552  kmixer ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0937 3552  kmixer - detected UnsignedFile.Multi.Generic (1)
09:26:42.0968 3552  [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
09:26:42.0984 3552  KSecDD ( UnsignedFile.Multi.Generic ) - warning
09:26:42.0984 3552  KSecDD - detected UnsignedFile.Multi.Generic (1)
09:26:43.0046 3552  [ F8170AA51CD202BC062B8A0983F361B7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
09:26:43.0093 3552  lanmanserver ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0093 3552  lanmanserver - detected UnsignedFile.Multi.Generic (1)
09:26:43.0171 3552  [ 36D74668F5448D55887FA3958488DC06 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:26:43.0203 3552  lanmanworkstation ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0203 3552  lanmanworkstation - detected UnsignedFile.Multi.Generic (1)
09:26:43.0203 3552  lbrtfdc - ok
09:26:43.0328 3552  [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts        C:\WINDOWS\System32\lmhsvc.dll
09:26:43.0406 3552  LmHosts ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0406 3552  LmHosts - detected UnsignedFile.Multi.Generic (1)
09:26:43.0453 3552  [ A8FE41A339CEB3B517321A7FF0ED67C5 ] LwAdiHid        C:\WINDOWS\system32\DRIVERS\LwAdiHid.sys
09:26:43.0468 3552  LwAdiHid ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0468 3552  LwAdiHid - detected UnsignedFile.Multi.Generic (1)
09:26:43.0531 3552  [ B749B05D5A7AD704E47D4565B4894D99 ] mbamchameleon  C:\WINDOWS\system32\drivers\mbamchameleon.sys
09:26:43.0578 3552  mbamchameleon - ok
09:26:43.0625 3552  [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger      C:\WINDOWS\System32\msgsvc.dll
09:26:43.0656 3552  Messenger ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0656 3552  Messenger - detected UnsignedFile.Multi.Generic (1)
09:26:43.0703 3552  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd          C:\WINDOWS\system32\drivers\mnmdd.sys
09:26:43.0718 3552  mnmdd ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0718 3552  mnmdd - detected UnsignedFile.Multi.Generic (1)
09:26:43.0765 3552  [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc        C:\WINDOWS\system32\mnmsrvc.exe
09:26:43.0828 3552  mnmsrvc ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0828 3552  mnmsrvc - detected UnsignedFile.Multi.Generic (1)
09:26:43.0843 3552  [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem          C:\WINDOWS\system32\drivers\Modem.sys
09:26:43.0890 3552  Modem ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0890 3552  Modem - detected UnsignedFile.Multi.Generic (1)
09:26:43.0937 3552  [ 71E15CA47FD947552054AFB28536268F ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:26:43.0937 3552  Mouclass ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0937 3552  Mouclass - detected UnsignedFile.Multi.Generic (1)
09:26:43.0968 3552  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:26:43.0984 3552  mouhid ( UnsignedFile.Multi.Generic ) - warning
09:26:43.0984 3552  mouhid - detected UnsignedFile.Multi.Generic (1)
09:26:44.0000 3552  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
09:26:44.0031 3552  MountMgr ( UnsignedFile.Multi.Generic ) - warning
09:26:44.0031 3552  MountMgr - detected UnsignedFile.Multi.Generic (1)
09:26:44.0093 3552  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
09:26:44.0140 3552  MozillaMaintenance - ok
09:26:44.0140 3552  mraid35x - ok
09:26:44.0218 3552  [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:26:44.0250 3552  MRxDAV ( UnsignedFile.Multi.Generic ) - warning
09:26:44.0250 3552  MRxDAV - detected UnsignedFile.Multi.Generic (1)
09:26:44.0296 3552  [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:26:44.0406 3552  MRxSmb ( UnsignedFile.Multi.Generic ) - warning
09:26:44.0406 3552  MRxSmb - detected UnsignedFile.Multi.Generic (1)
09:26:44.0437 3552  [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC          C:\WINDOWS\system32\msdtc.exe
09:26:44.0468 3552  MSDTC ( UnsignedFile.Multi.Generic ) - warning
09:26:44.0468 3552  MSDTC - detected UnsignedFile.Multi.Generic (1)
09:26:44.0546 3552  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
09:26:44.0593 3552  Msfs ( UnsignedFile.Multi.Generic ) - warning
09:26:44.0593 3552  Msfs - detected UnsignedFile.Multi.Generic (1)
09:26:44.0609 3552  MSIServer - ok
09:26:44.0687 3552  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV        C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:26:44.0734 3552  MSKSSRV ( UnsignedFile.Multi.Generic ) - warning
09:26:44.0734 3552  MSKSSRV - detected UnsignedFile.Multi.Generic (1)
09:26:44.0781 3552  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:26:44.0796 3552  MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning
09:26:44.0796 3552  MSPCLOCK - detected UnsignedFile.Multi.Generic (1)
09:26:44.0828 3552  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM          C:\WINDOWS\system32\drivers\MSPQM.sys
09:26:44.0875 3552  MSPQM ( UnsignedFile.Multi.Generic ) - warning
09:26:44.0875 3552  MSPQM - detected UnsignedFile.Multi.Generic (1)
09:26:44.0937 3552  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:26:44.0953 3552  mssmbios ( UnsignedFile.Multi.Generic ) - warning
09:26:44.0953 3552  mssmbios - detected UnsignedFile.Multi.Generic (1)
09:26:45.0000 3552  [ BF13612142995096AB084F2DB7F40F77 ] MSTEE          C:\WINDOWS\system32\drivers\MSTEE.sys
09:26:45.0015 3552  MSTEE ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0015 3552  MSTEE - detected UnsignedFile.Multi.Generic (1)
09:26:45.0062 3552  [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401      C:\WINDOWS\system32\drivers\msmpu401.sys
09:26:45.0062 3552  ms_mpu401 ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0062 3552  ms_mpu401 - detected UnsignedFile.Multi.Generic (1)
09:26:45.0109 3552  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup            C:\WINDOWS\system32\drivers\Mup.sys
09:26:45.0156 3552  Mup ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0156 3552  Mup - detected UnsignedFile.Multi.Generic (1)
09:26:45.0218 3552  [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:26:45.0234 3552  NABTSFEC ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0234 3552  NABTSFEC - detected UnsignedFile.Multi.Generic (1)
09:26:45.0296 3552  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
09:26:45.0359 3552  NDIS ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0359 3552  NDIS - detected UnsignedFile.Multi.Generic (1)
09:26:45.0421 3552  [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:26:45.0437 3552  NdisIP ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0437 3552  NdisIP - detected UnsignedFile.Multi.Generic (1)
09:26:45.0484 3552  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:26:45.0484 3552  NdisTapi ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0484 3552  NdisTapi - detected UnsignedFile.Multi.Generic (1)
09:26:45.0546 3552  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio        C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:26:45.0562 3552  Ndisuio ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0562 3552  Ndisuio - detected UnsignedFile.Multi.Generic (1)
09:26:45.0625 3552  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan        C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:26:45.0656 3552  NdisWan ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0656 3552  NdisWan - detected UnsignedFile.Multi.Generic (1)
09:26:45.0671 3552  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy        C:\WINDOWS\system32\drivers\NDProxy.sys
09:26:45.0703 3552  NDProxy ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0703 3552  NDProxy - detected UnsignedFile.Multi.Generic (1)
09:26:45.0734 3552  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS        C:\WINDOWS\system32\DRIVERS\netbios.sys
09:26:45.0750 3552  NetBIOS ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0750 3552  NetBIOS - detected UnsignedFile.Multi.Generic (1)
09:26:45.0781 3552  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT          C:\WINDOWS\system32\DRIVERS\netbt.sys
09:26:45.0812 3552  NetBT ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0812 3552  NetBT - detected UnsignedFile.Multi.Generic (1)
09:26:45.0875 3552  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE          C:\WINDOWS\system32\netdde.exe
09:26:45.0953 3552  NetDDE ( UnsignedFile.Multi.Generic ) - warning
09:26:45.0968 3552  NetDDE - detected UnsignedFile.Multi.Generic (1)
09:26:45.0984 3552  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
09:26:46.0015 3552  NetDDEdsdm ( UnsignedFile.Multi.Generic ) - warning
09:26:46.0015 3552  NetDDEdsdm - detected UnsignedFile.Multi.Generic (1)
09:26:46.0093 3552  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon        C:\WINDOWS\system32\lsass.exe
09:26:46.0109 3552  Netlogon ( UnsignedFile.Multi.Generic ) - warning
09:26:46.0109 3552  Netlogon - detected UnsignedFile.Multi.Generic (1)
09:26:46.0156 3552  [ CDF4DA6B518105343FE9E8AFBBF8FBF4 ] Netman          C:\WINDOWS\System32\netman.dll
09:26:46.0203 3552  Netman ( UnsignedFile.Multi.Generic ) - warning
09:26:46.0203 3552  Netman - detected UnsignedFile.Multi.Generic (1)
09:26:46.0234 3552  [ B36E08F680BAE4DFC5C24D00A2DFC9E7 ] Nla            C:\WINDOWS\System32\mswsock.dll
09:26:46.0281 3552  Nla ( UnsignedFile.Multi.Generic ) - warning
09:26:46.0281 3552  Nla - detected UnsignedFile.Multi.Generic (1)
09:26:46.0328 3552  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
09:26:46.0375 3552  Npfs ( UnsignedFile.Multi.Generic ) - warning
09:26:46.0375 3552  Npfs - detected UnsignedFile.Multi.Generic (1)
09:26:46.0468 3552  [ B78BE402C3F63DD55521F73876951CDD ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
09:26:46.0515 3552  Ntfs ( UnsignedFile.Multi.Generic ) - warning
09:26:46.0515 3552  Ntfs - detected UnsignedFile.Multi.Generic (1)
09:26:46.0578 3552  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp        C:\WINDOWS\system32\lsass.exe
09:26:46.0609 3552  NtLmSsp ( UnsignedFile.Multi.Generic ) - warning
09:26:46.0609 3552  NtLmSsp - detected UnsignedFile.Multi.Generic (1)
09:26:46.0671 3552  [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc        C:\WINDOWS\system32\ntmssvc.dll
09:26:46.0734 3552  NtmsSvc ( UnsignedFile.Multi.Generic ) - warning
09:26:46.0734 3552  NtmsSvc - detected UnsignedFile.Multi.Generic (1)
09:26:46.0781 3552  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
09:26:46.0796 3552  Null ( UnsignedFile.Multi.Generic ) - warning
09:26:46.0796 3552  Null - detected UnsignedFile.Multi.Generic (1)
09:26:46.0937 3552  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:26:47.0109 3552  nv ( UnsignedFile.Multi.Generic ) - warning
09:26:47.0109 3552  nv - detected UnsignedFile.Multi.Generic (1)
09:26:47.0187 3552  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:26:47.0218 3552  NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning
09:26:47.0218 3552  NwlnkFlt - detected UnsignedFile.Multi.Generic (1)
09:26:47.0250 3552  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:26:47.0281 3552  NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning
09:26:47.0281 3552  NwlnkFwd - detected UnsignedFile.Multi.Generic (1)
09:26:47.0328 3552  [ B2F17A2EDB5450E61973A037F63A595B ] Parport        C:\WINDOWS\system32\DRIVERS\parport.sys
09:26:47.0359 3552  Parport ( UnsignedFile.Multi.Generic ) - warning
09:26:47.0359 3552  Parport - detected UnsignedFile.Multi.Generic (1)
09:26:47.0421 3552  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr        C:\WINDOWS\system32\drivers\PartMgr.sys
09:26:47.0421 3552  PartMgr ( UnsignedFile.Multi.Generic ) - warning
09:26:47.0421 3552  PartMgr - detected UnsignedFile.Multi.Generic (1)
09:26:47.0484 3552  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
09:26:47.0484 3552  ParVdm ( UnsignedFile.Multi.Generic ) - warning
09:26:47.0500 3552  ParVdm - detected UnsignedFile.Multi.Generic (1)
09:26:47.0531 3552  [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI            C:\WINDOWS\system32\DRIVERS\pci.sys
09:26:47.0546 3552  PCI ( UnsignedFile.Multi.Generic ) - warning
09:26:47.0546 3552  PCI - detected UnsignedFile.Multi.Generic (1)
09:26:47.0562 3552  PCIDump - ok
09:26:47.0593 3552  PCIIde - ok
09:26:47.0671 3552  [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
09:26:47.0703 3552  Pcmcia ( UnsignedFile.Multi.Generic ) - warning
09:26:47.0703 3552  Pcmcia - detected UnsignedFile.Multi.Generic (1)
09:26:47.0734 3552  PDCOMP - ok
09:26:47.0750 3552  PDFRAME - ok
09:26:47.0765 3552  PDRELI - ok
09:26:47.0796 3552  PDRFRAME - ok
09:26:47.0812 3552  perc2 - ok
09:26:47.0828 3552  perc2hib - ok
09:26:48.0031 3552  [ EDB6B81761BD60F32F740BBC40AFB676 ] PlugPlay        C:\WINDOWS\system32\services.exe
09:26:48.0125 3552  PlugPlay ( UnsignedFile.Multi.Generic ) - warning
09:26:48.0125 3552  PlugPlay - detected UnsignedFile.Multi.Generic (1)
09:26:48.0156 3552  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent    C:\WINDOWS\system32\lsass.exe
09:26:48.0187 3552  PolicyAgent ( UnsignedFile.Multi.Generic ) - warning
09:26:48.0187 3552  PolicyAgent - detected UnsignedFile.Multi.Generic (1)
09:26:48.0218 3552  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:26:48.0218 3552  PptpMiniport ( UnsignedFile.Multi.Generic ) - warning
09:26:48.0218 3552  PptpMiniport - detected UnsignedFile.Multi.Generic (1)
09:26:48.0234 3552  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:26:48.0296 3552  ProtectedStorage ( UnsignedFile.Multi.Generic ) - warning
09:26:48.0296 3552  ProtectedStorage - detected UnsignedFile.Multi.Generic (1)
09:26:48.0328 3552  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
09:26:48.0406 3552  PSched ( UnsignedFile.Multi.Generic ) - warning
09:26:48.0406 3552  PSched - detected UnsignedFile.Multi.Generic (1)
09:26:48.0453 3552  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink        C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:26:48.0515 3552  Ptilink ( UnsignedFile.Multi.Generic ) - warning
09:26:48.0515 3552  Ptilink - detected UnsignedFile.Multi.Generic (1)
09:26:48.0531 3552  ql1080 - ok
09:26:48.0546 3552  Ql10wnt - ok
09:26:48.0593 3552  ql12160 - ok
09:26:48.0625 3552  ql1240 - ok
09:26:48.0656 3552  ql1280 - ok
09:26:48.0687 3552  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:26:48.0734 3552  RasAcd ( UnsignedFile.Multi.Generic ) - warning
09:26:48.0734 3552  RasAcd - detected UnsignedFile.Multi.Generic (1)
09:26:48.0859 3552  [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto        C:\WINDOWS\System32\rasauto.dll
09:26:48.0937 3552  RasAuto ( UnsignedFile.Multi.Generic ) - warning
09:26:48.0937 3552  RasAuto - detected UnsignedFile.Multi.Generic (1)
09:26:48.0968 3552  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp        C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:26:49.0187 3552  Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
09:26:49.0187 3552  Rasl2tp - detected UnsignedFile.Multi.Generic (1)
09:26:49.0281 3552  [ A5D2D745A2AEFA327DCA6DA317B5FD70 ] RasMan          C:\WINDOWS\System32\rasmans.dll
09:26:49.0656 3552  RasMan ( UnsignedFile.Multi.Generic ) - warning
09:26:49.0671 3552  RasMan - detected UnsignedFile.Multi.Generic (1)
09:26:49.0734 3552  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:26:50.0015 3552  RasPppoe ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0015 3552  RasPppoe - detected UnsignedFile.Multi.Generic (1)
09:26:50.0046 3552  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
09:26:50.0093 3552  Raspti ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0093 3552  Raspti - detected UnsignedFile.Multi.Generic (1)
09:26:50.0140 3552  [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss          C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:26:50.0187 3552  Rdbss ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0187 3552  Rdbss - detected UnsignedFile.Multi.Generic (1)
09:26:50.0218 3552  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:26:50.0234 3552  RDPCDD ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0234 3552  RDPCDD - detected UnsignedFile.Multi.Generic (1)
09:26:50.0328 3552  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr          C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:26:50.0343 3552  rdpdr ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0343 3552  rdpdr - detected UnsignedFile.Multi.Generic (1)
09:26:50.0406 3552  [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD          C:\WINDOWS\system32\drivers\RDPWD.sys
09:26:50.0453 3552  RDPWD ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0453 3552  RDPWD - detected UnsignedFile.Multi.Generic (1)
09:26:50.0500 3552  [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr      C:\WINDOWS\system32\sessmgr.exe
09:26:50.0531 3552  RDSessMgr ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0531 3552  RDSessMgr - detected UnsignedFile.Multi.Generic (1)
09:26:50.0578 3552  [ AA56702E230860565CB8D43680F57F33 ] redbook        C:\WINDOWS\system32\DRIVERS\redbook.sys
09:26:50.0593 3552  redbook ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0593 3552  redbook - detected UnsignedFile.Multi.Generic (1)
09:26:50.0640 3552  [ EBA80CDF25E02084857957E820004934 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
09:26:50.0703 3552  RemoteAccess ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0703 3552  RemoteAccess - detected UnsignedFile.Multi.Generic (1)
09:26:50.0765 3552  [ AE81CF7D7CFA79CD03E8FB99788A7E09 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
09:26:50.0796 3552  RemoteRegistry ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0796 3552  RemoteRegistry - detected UnsignedFile.Multi.Generic (1)
09:26:50.0843 3552  [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator      C:\WINDOWS\system32\locator.exe
09:26:50.0906 3552  RpcLocator ( UnsignedFile.Multi.Generic ) - warning
09:26:50.0906 3552  RpcLocator - detected UnsignedFile.Multi.Generic (1)
09:26:50.0953 3552  [ 9F28FF58D6D67B123272869D89D14004 ] RpcSs          C:\WINDOWS\System32\rpcss.dll
09:26:51.0015 3552  RpcSs ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0015 3552  RpcSs - detected UnsignedFile.Multi.Generic (1)
09:26:51.0078 3552  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
09:26:51.0125 3552  RSVP ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0125 3552  RSVP - detected UnsignedFile.Multi.Generic (1)
09:26:51.0171 3552  [ D507C1400284176573224903819FFDA3 ] rtl8139        C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
09:26:51.0203 3552  rtl8139 ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0203 3552  rtl8139 - detected UnsignedFile.Multi.Generic (1)
09:26:51.0234 3552  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs          C:\WINDOWS\system32\lsass.exe
09:26:51.0265 3552  SamSs ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0265 3552  SamSs - detected UnsignedFile.Multi.Generic (1)
09:26:51.0328 3552  [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
09:26:51.0359 3552  SCardSvr ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0359 3552  SCardSvr - detected UnsignedFile.Multi.Generic (1)
09:26:51.0421 3552  [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
09:26:51.0468 3552  Schedule ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0468 3552  Schedule - detected UnsignedFile.Multi.Generic (1)
09:26:51.0531 3552  [ D26E26EA516450AF9D072635C60387F4 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:26:51.0546 3552  Secdrv ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0546 3552  Secdrv - detected UnsignedFile.Multi.Generic (1)
09:26:51.0578 3552  [ FED544B43903FB801B106F062110358A ] seclogon        C:\WINDOWS\System32\seclogon.dll
09:26:51.0625 3552  seclogon ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0625 3552  seclogon - detected UnsignedFile.Multi.Generic (1)
09:26:51.0656 3552  [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS            C:\WINDOWS\system32\sens.dll
09:26:51.0703 3552  SENS ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0703 3552  SENS - detected UnsignedFile.Multi.Generic (1)
09:26:51.0734 3552  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum        C:\WINDOWS\system32\DRIVERS\serenum.sys
09:26:51.0765 3552  serenum ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0765 3552  serenum - detected UnsignedFile.Multi.Generic (1)
09:26:51.0781 3552  [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
09:26:51.0812 3552  Serial ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0812 3552  Serial - detected UnsignedFile.Multi.Generic (1)
09:26:51.0828 3552  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy        C:\WINDOWS\system32\drivers\Sfloppy.sys
09:26:51.0859 3552  Sfloppy ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0859 3552  Sfloppy - detected UnsignedFile.Multi.Generic (1)
09:26:51.0890 3552  [ 9245420422E409A25C1410ACB4244060 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
09:26:51.0984 3552  SharedAccess ( UnsignedFile.Multi.Generic ) - warning
09:26:51.0984 3552  SharedAccess - detected UnsignedFile.Multi.Generic (1)
09:26:52.0031 3552  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:26:52.0062 3552  ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
09:26:52.0062 3552  ShellHWDetection - detected UnsignedFile.Multi.Generic (1)
09:26:52.0062 3552  Simbad - ok
09:26:52.0125 3552  [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:26:52.0156 3552  SLIP ( UnsignedFile.Multi.Generic ) - warning
09:26:52.0156 3552  SLIP - detected UnsignedFile.Multi.Generic (1)
09:26:52.0562 3552  [ 8C5AF605A85C5214D40542D933DA737C ] SNP2STD        C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
09:26:53.0406 3552  SNP2STD ( UnsignedFile.Multi.Generic ) - warning
09:26:53.0406 3552  SNP2STD - detected UnsignedFile.Multi.Generic (1)
09:26:53.0421 3552  Sparrow - ok
09:26:53.0468 3552  [ 8E186B8F23295D1E42C573B82B80D548 ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
09:26:53.0500 3552  splitter ( UnsignedFile.Multi.Generic ) - warning
09:26:53.0500 3552  splitter - detected UnsignedFile.Multi.Generic (1)
09:26:53.0562 3552  [ 54E7113A4BD696E430919BCAF5C65E06 ] Spooler        C:\WINDOWS\system32\spoolsv.exe
09:26:53.0609 3552  Spooler ( UnsignedFile.Multi.Generic ) - warning
09:26:53.0609 3552  Spooler - detected UnsignedFile.Multi.Generic (1)
09:26:53.0703 3552  [ 87E7F21843FCDC6AF1967A928929CFF9 ] sptd            C:\WINDOWS\system32\Drivers\sptd.sys
09:26:53.0718 3552  Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 87E7F21843FCDC6AF1967A928929CFF9
09:26:53.0718 3552  sptd ( LockedFile.Multi.Generic ) - warning
09:26:53.0718 3552  sptd - detected LockedFile.Multi.Generic (1)
09:26:53.0796 3552  [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
09:26:53.0812 3552  sr ( UnsignedFile.Multi.Generic ) - warning
09:26:53.0812 3552  sr - detected UnsignedFile.Multi.Generic (1)
09:26:53.0828 3552  [ 015F302C4CF961F20C3F98F3A7CA7917 ] srservice      C:\WINDOWS\system32\srsvc.dll
09:26:53.0890 3552  srservice ( UnsignedFile.Multi.Generic ) - warning
09:26:53.0890 3552  srservice - detected UnsignedFile.Multi.Generic (1)
09:26:53.0937 3552  [ 20B7E396720353E4117D64D9DCB926CA ] Srv            C:\WINDOWS\system32\DRIVERS\srv.sys
09:26:53.0984 3552  Srv ( UnsignedFile.Multi.Generic ) - warning
09:26:53.0984 3552  Srv - detected UnsignedFile.Multi.Generic (1)
09:26:54.0046 3552  [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV        C:\WINDOWS\System32\ssdpsrv.dll
09:26:54.0078 3552  SSDPSRV ( UnsignedFile.Multi.Generic ) - warning
09:26:54.0078 3552  SSDPSRV - detected UnsignedFile.Multi.Generic (1)
09:26:54.0140 3552  [ 71D609C5DFF067906D930BDE031C4CFE ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
09:26:54.0156 3552  ssmdrv ( UnsignedFile.Multi.Generic ) - warning
09:26:54.0156 3552  ssmdrv - detected UnsignedFile.Multi.Generic (1)
09:26:54.0296 3552  [ AB2B9349ADA4AC5EC74B622B8303FE23 ] StarWindService C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
09:26:54.0312 3552  StarWindService ( UnsignedFile.Multi.Generic ) - warning
09:26:54.0312 3552  StarWindService - detected UnsignedFile.Multi.Generic (1)
09:26:54.0390 3552  [ 7E751068ADA60FC77638622E86A7CD9E ] stisvc          C:\WINDOWS\system32\wiaservc.dll
09:26:54.0468 3552  stisvc ( UnsignedFile.Multi.Generic ) - warning
09:26:54.0468 3552  stisvc - detected UnsignedFile.Multi.Generic (1)
09:26:54.0515 3552  [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:26:54.0546 3552  streamip ( UnsignedFile.Multi.Generic ) - warning
09:26:54.0546 3552  streamip - detected UnsignedFile.Multi.Generic (1)
09:26:54.0578 3552  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
09:26:54.0578 3552  swenum ( UnsignedFile.Multi.Generic ) - warning
09:26:54.0578 3552  swenum - detected UnsignedFile.Multi.Generic (1)
09:26:54.0609 3552  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
09:26:54.0640 3552  swmidi ( UnsignedFile.Multi.Generic ) - warning
09:26:54.0640 3552  swmidi - detected UnsignedFile.Multi.Generic (1)
09:26:54.0671 3552  SwPrv - ok
09:26:54.0718 3552  symc810 - ok
09:26:54.0750 3552  symc8xx - ok
09:26:54.0812 3552  sym_hi - ok
09:26:54.0859 3552  sym_u3 - ok
09:26:54.0906 3552  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
09:26:54.0937 3552  sysaudio ( UnsignedFile.Multi.Generic ) - warning
09:26:54.0937 3552  sysaudio - detected UnsignedFile.Multi.Generic (1)
09:26:55.0000 3552  [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog      C:\WINDOWS\system32\smlogsvc.exe
09:26:55.0046 3552  SysmonLog ( UnsignedFile.Multi.Generic ) - warning
09:26:55.0046 3552  SysmonLog - detected UnsignedFile.Multi.Generic (1)
09:26:55.0109 3552  [ 4584E2A5FE662AB3E7C32936E1449043 ] TapiSrv        C:\WINDOWS\System32\tapisrv.dll
09:26:55.0156 3552  TapiSrv ( UnsignedFile.Multi.Generic ) - warning
09:26:55.0156 3552  TapiSrv - detected UnsignedFile.Multi.Generic (1)
09:26:55.0203 3552  [ 09EB23A4567BDD56D9580A059E616E23 ] Tcpip          C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:26:55.0265 3552  Tcpip ( UnsignedFile.Multi.Generic ) - warning
09:26:55.0265 3552  Tcpip - detected UnsignedFile.Multi.Generic (1)
09:26:55.0343 3552  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
09:26:55.0343 3552  TDPIPE ( UnsignedFile.Multi.Generic ) - warning
09:26:55.0343 3552  TDPIPE - detected UnsignedFile.Multi.Generic (1)
09:26:55.0390 3552  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP          C:\WINDOWS\system32\drivers\TDTCP.sys
09:26:55.0406 3552  TDTCP ( UnsignedFile.Multi.Generic ) - warning
09:26:55.0406 3552  TDTCP - detected UnsignedFile.Multi.Generic (1)
09:26:55.0718 3552  [ 576918B02840A360702051BC4269B13F ] TeamViewer8    C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
09:26:56.0234 3552  TeamViewer8 - ok
09:26:56.0281 3552  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
09:26:56.0328 3552  TermDD ( UnsignedFile.Multi.Generic ) - warning
09:26:56.0328 3552  TermDD - detected UnsignedFile.Multi.Generic (1)
09:26:56.0390 3552  [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService    C:\WINDOWS\System32\termsrv.dll
09:26:56.0437 3552  TermService ( UnsignedFile.Multi.Generic ) - warning
09:26:56.0437 3552  TermService - detected UnsignedFile.Multi.Generic (1)
09:26:56.0468 3552  [ BAC5F7F0C2B8C1B9832594851E0F9914 ] Themes          C:\WINDOWS\System32\shsvcs.dll
09:26:56.0531 3552  Themes ( UnsignedFile.Multi.Generic ) - warning
09:26:56.0531 3552  Themes - detected UnsignedFile.Multi.Generic (1)
09:26:56.0562 3552  [ 58708746B8267033E5CF2B29659E7F74 ] TlntSvr        C:\WINDOWS\system32\tlntsvr.exe
09:26:56.0593 3552  TlntSvr ( UnsignedFile.Multi.Generic ) - warning
09:26:56.0593 3552  TlntSvr - detected UnsignedFile.Multi.Generic (1)
09:26:56.0625 3552  TosIde - ok
09:26:56.0671 3552  [ A34E894201D66E380E1FA96FE11B587E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
09:26:56.0718 3552  TrkWks ( UnsignedFile.Multi.Generic ) - warning
09:26:56.0718 3552  TrkWks - detected UnsignedFile.Multi.Generic (1)
09:26:56.0781 3552  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
09:26:56.0812 3552  Udfs ( UnsignedFile.Multi.Generic ) - warning
09:26:56.0812 3552  Udfs - detected UnsignedFile.Multi.Generic (1)
09:26:56.0828 3552  ultra - ok
09:26:56.0875 3552  [ 1977313E362C8732C1AF4D1BCB9C06B7 ] UMWdf          C:\WINDOWS\system32\wdfmgr.exe
09:26:56.0921 3552  UMWdf ( UnsignedFile.Multi.Generic ) - warning
09:26:56.0921 3552  UMWdf - detected UnsignedFile.Multi.Generic (1)
09:26:56.0968 3552  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
09:26:57.0000 3552  Update ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0000 3552  Update - detected UnsignedFile.Multi.Generic (1)
09:26:57.0046 3552  [ 09D4A2D7C5A8ABEC227D118765FAADDF ] upnphost        C:\WINDOWS\System32\upnphost.dll
09:26:57.0171 3552  upnphost ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0171 3552  upnphost - detected UnsignedFile.Multi.Generic (1)
09:26:57.0203 3552  [ A99F867E76CFDAA28EE305B93F70E84F ] UPS            C:\WINDOWS\System32\ups.exe
09:26:57.0265 3552  UPS ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0265 3552  UPS - detected UnsignedFile.Multi.Generic (1)
09:26:57.0328 3552  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:26:57.0359 3552  usbhub ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0359 3552  usbhub - detected UnsignedFile.Multi.Generic (1)
09:26:57.0390 3552  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan        C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:26:57.0406 3552  usbscan ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0406 3552  usbscan - detected UnsignedFile.Multi.Generic (1)
09:26:57.0453 3552  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR        C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:26:57.0468 3552  USBSTOR ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0468 3552  USBSTOR - detected UnsignedFile.Multi.Generic (1)
09:26:57.0515 3552  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci        C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:26:57.0531 3552  usbuhci ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0531 3552  usbuhci - detected UnsignedFile.Multi.Generic (1)
09:26:57.0609 3552  [ 92CEBC2BC7BE2C8D49391B365569F306 ] vaxscsi        C:\WINDOWS\System32\Drivers\vaxscsi.sys
09:26:57.0625 3552  Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92CEBC2BC7BE2C8D49391B365569F306
09:26:57.0625 3552  vaxscsi ( LockedFile.Multi.Generic ) - warning
09:26:57.0625 3552  vaxscsi - detected LockedFile.Multi.Generic (1)
09:26:57.0656 3552  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave        C:\WINDOWS\System32\drivers\vga.sys
09:26:57.0671 3552  VgaSave ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0671 3552  VgaSave - detected UnsignedFile.Multi.Generic (1)
09:26:57.0703 3552  ViaIde - ok
09:26:57.0750 3552  [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap        C:\WINDOWS\system32\drivers\VolSnap.sys
09:26:57.0765 3552  VolSnap ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0765 3552  VolSnap - detected UnsignedFile.Multi.Generic (1)
09:26:57.0828 3552  [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS            C:\WINDOWS\System32\vssvc.exe
09:26:57.0875 3552  VSS ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0875 3552  VSS - detected UnsignedFile.Multi.Generic (1)
09:26:57.0937 3552  [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time        C:\WINDOWS\system32\w32time.dll
09:26:57.0968 3552  W32Time ( UnsignedFile.Multi.Generic ) - warning
09:26:57.0968 3552  W32Time - detected UnsignedFile.Multi.Generic (1)
09:26:58.0015 3552  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:26:58.0046 3552  Wanarp ( UnsignedFile.Multi.Generic ) - warning
09:26:58.0046 3552  Wanarp - detected UnsignedFile.Multi.Generic (1)
09:26:58.0062 3552  WDICA - ok
09:26:58.0093 3552  [ 2797F33EBF50466020C430EE4F037933 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
09:26:58.0109 3552  wdmaud ( UnsignedFile.Multi.Generic ) - warning
09:26:58.0109 3552  wdmaud - detected UnsignedFile.Multi.Generic (1)
09:26:58.0140 3552  [ 1EB51FEEA9D3208EAE60604F4346C02E ] WebClient      C:\WINDOWS\System32\webclnt.dll
09:26:58.0187 3552  WebClient ( UnsignedFile.Multi.Generic ) - warning
09:26:58.0187 3552  WebClient - detected UnsignedFile.Multi.Generic (1)
09:26:58.0312 3552  [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt        C:\WINDOWS\system32\wbem\WMIsvc.dll
09:26:58.0406 3552  winmgmt ( UnsignedFile.Multi.Generic ) - warning
09:26:58.0406 3552  winmgmt - detected UnsignedFile.Multi.Generic (1)
09:26:58.0484 3552  [ 5FDCCC838CD95F61097D8A637F842AA8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
09:26:58.0546 3552  WmdmPmSN ( UnsignedFile.Multi.Generic ) - warning
09:26:58.0546 3552  WmdmPmSN - detected UnsignedFile.Multi.Generic (1)
09:26:58.0625 3552  [ 9CBB06E4438D6A0D52A46E0B44796D37 ] Wmi            C:\WINDOWS\System32\advapi32.dll
09:26:58.0718 3552  Wmi ( UnsignedFile.Multi.Generic ) - warning
09:26:58.0718 3552  Wmi - detected UnsignedFile.Multi.Generic (1)
09:26:58.0781 3552  [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:26:58.0796 3552  WmiApSrv ( UnsignedFile.Multi.Generic ) - warning
09:26:58.0796 3552  WmiApSrv - detected UnsignedFile.Multi.Generic (1)
09:26:58.0843 3552  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL        C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:26:58.0875 3552  WS2IFSL ( UnsignedFile.Multi.Generic ) - warning
09:26:58.0875 3552  WS2IFSL - detected UnsignedFile.Multi.Generic (1)
09:26:58.0953 3552  [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
09:26:58.0984 3552  wscsvc ( UnsignedFile.Multi.Generic ) - warning
09:26:58.0984 3552  wscsvc - detected UnsignedFile.Multi.Generic (1)
09:26:59.0062 3552  [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:26:59.0078 3552  WSTCODEC ( UnsignedFile.Multi.Generic ) - warning
09:26:59.0078 3552  WSTCODEC - detected UnsignedFile.Multi.Generic (1)
09:26:59.0125 3552  [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
09:26:59.0171 3552  wuauserv ( UnsignedFile.Multi.Generic ) - warning
09:26:59.0171 3552  wuauserv - detected UnsignedFile.Multi.Generic (1)
09:26:59.0203 3552  [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
09:26:59.0296 3552  WZCSVC ( UnsignedFile.Multi.Generic ) - warning
09:26:59.0296 3552  WZCSVC - detected UnsignedFile.Multi.Generic (1)
09:26:59.0343 3552  [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov        C:\WINDOWS\System32\xmlprov.dll
09:26:59.0390 3552  xmlprov ( UnsignedFile.Multi.Generic ) - warning
09:26:59.0390 3552  xmlprov - detected UnsignedFile.Multi.Generic (1)
09:26:59.0421 3552  ================ Scan global ===============================
09:26:59.0500 3552  [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
09:26:59.0562 3552  [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll
09:26:59.0656 3552  [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll
09:26:59.0734 3552  [ EDB6B81761BD60F32F740BBC40AFB676 ] C:\WINDOWS\system32\services.exe
09:26:59.0781 3552  [Global] - ok
09:26:59.0781 3552  ================ Scan MBR ==================================
09:26:59.0812 3552  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
09:27:00.0265 3552  \Device\Harddisk0\DR0 - ok
09:27:00.0265 3552  ================ Scan VBR ==================================
09:27:00.0281 3552  [ D7570C01026DEA662DA683AF40399D1A ] \Device\Harddisk0\DR0\Partition1
09:27:00.0296 3552  \Device\Harddisk0\DR0\Partition1 - ok
09:27:00.0359 3552  [ 3FF55E3A650A7955AB6B83B31FA29385 ] \Device\Harddisk0\DR0\Partition2
09:27:00.0359 3552  \Device\Harddisk0\DR0\Partition2 - ok
09:27:00.0421 3552  [ 87B48A5169851BA98B6AEB60CB5BF175 ] \Device\Harddisk0\DR0\Partition3
09:27:00.0421 3552  \Device\Harddisk0\DR0\Partition3 - ok
09:27:00.0421 3552  ============================================================
09:27:00.0421 3552  Scan finished
09:27:00.0437 3552  ============================================================
09:27:00.0625 3588  Detected object count: 208
09:27:00.0625 3588  Actual detected object count: 208
09:27:45.0656 3588  ACPI ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0656 3588  ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0656 3588  ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0656 3588  ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0671 3588  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0671 3588  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0718 3588  aec ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0718 3588  aec ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0718 3588  AFD ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0718 3588  AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0734 3588  agp440 ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0734 3588  agp440 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0734 3588  Alerter ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0734 3588  Alerter ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0750 3588  ALG ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0750 3588  ALG ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0765 3588  AppMgmt ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0765 3588  AppMgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0765 3588  AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0765 3588  AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0796 3588  atapi ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0796 3588  atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0796 3588  Atmarpc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0796 3588  Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0796 3588  AudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0796 3588  AudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0812 3588  audstub ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0812 3588  audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0828 3588  Beep ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0828 3588  Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0843 3588  BITS ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0843 3588  BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0843 3588  Browser ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0843 3588  Browser ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0859 3588  cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0859 3588  cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0875 3588  CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0875 3588  CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0890 3588  CCDECODE ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0890 3588  CCDECODE ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0890 3588  Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0890 3588  Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0921 3588  Cdfs ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0921 3588  Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0921 3588  Cdrom ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0921 3588  Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0921 3588  CiSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0921 3588  CiSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0937 3588  ClipSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0937 3588  ClipSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0937 3588  cmpci ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0937 3588  cmpci ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0953 3588  CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0953 3588  CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:45.0984 3588  DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:45.0984 3588  DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0015 3588  Dhcp ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0015 3588  Dhcp ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0015 3588  Disk ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0015 3588  Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0031 3588  dmboot ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0031 3588  dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0078 3588  dmio ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0078 3588  dmio ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0078 3588  dmload ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0078 3588  dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0093 3588  dmserver ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0093 3588  dmserver ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0093 3588  DMusic ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0093 3588  DMusic ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0093 3588  Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0093 3588  Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0093 3588  drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0093 3588  drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0109 3588  ERSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0109 3588  ERSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0140 3588  Eventlog ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0140 3588  Eventlog ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0156 3588  EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0156 3588  EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0156 3588  Fastfat ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0156 3588  Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0171 3588  FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0171 3588  FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0171 3588  Fdc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0171 3588  Fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0171 3588  Fips ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0171 3588  Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0187 3588  Flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0187 3588  Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0187 3588  FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0187 3588  FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0203 3588  Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0203 3588  Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0203 3588  Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0203 3588  Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0234 3588  gameenum ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0234 3588  gameenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0234 3588  Gpc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0234 3588  Gpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0234 3588  helpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0234 3588  helpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0250 3588  hidgame ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0250 3588  hidgame ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0265 3588  HidUsb ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0265 3588  HidUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0281 3588  HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0281 3588  HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0296 3588  HTTPFilter ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0296 3588  HTTPFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0312 3588  i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0312 3588  i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0312 3588  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0312 3588  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0312 3588  Imapi ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0312 3588  Imapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0312 3588  ImapiService ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0312 3588  ImapiService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0343 3588  IntelIde ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0343 3588  IntelIde ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0359 3588  Ip6Fw ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0359 3588  Ip6Fw ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0375 3588  IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0375 3588  IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0375 3588  IpInIp ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0375 3588  IpInIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0390 3588  IpNat ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0390 3588  IpNat ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0390 3588  IPSec ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0390 3588  IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0421 3588  IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0421 3588  IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0421 3588  isapnp ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0421 3588  isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0421 3588  Kbardsentca ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0421 3588  Kbardsentca ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0421 3588  Kbdclass ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0421 3588  Kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0437 3588  kmixer ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0437 3588  kmixer ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0453 3588  KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0453 3588  KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0453 3588  lanmanserver ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0453 3588  lanmanserver ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0453 3588  lanmanworkstation ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0453 3588  lanmanworkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0484 3588  LmHosts ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0484 3588  LmHosts ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0515 3588  LwAdiHid ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0515 3588  LwAdiHid ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0531 3588  Messenger ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0531 3588  Messenger ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0531 3588  mnmdd ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0531 3588  mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0531 3588  mnmsrvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0531 3588  mnmsrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0546 3588  Modem ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0546 3588  Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0546 3588  Mouclass ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0546 3588  Mouclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0562 3588  mouhid ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0562 3588  mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0578 3588  MountMgr ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0578 3588  MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0593 3588  MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0593 3588  MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0609 3588  MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0609 3588  MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0609 3588  MSDTC ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0609 3588  MSDTC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0625 3588  Msfs ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0625 3588  Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0640 3588  MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0640 3588  MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0640 3588  MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0640 3588  MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0656 3588  MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0656 3588  MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0671 3588  mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0671 3588  mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0671 3588  MSTEE ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0671 3588  MSTEE ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0687 3588  ms_mpu401 ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0687 3588  ms_mpu401 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0687 3588  Mup ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0687 3588  Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0687 3588  NABTSFEC ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0687 3588  NABTSFEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0718 3588  NDIS ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0718 3588  NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0734 3588  NdisIP ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0734 3588  NdisIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0734 3588  NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0734 3588  NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0734 3588  Ndisuio ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0734 3588  Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0750 3588  NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0750 3588  NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0765 3588  NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0765 3588  NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0781 3588  NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0781 3588  NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0781 3588  NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0781 3588  NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0796 3588  NetDDE ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0796 3588  NetDDE ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0812 3588  NetDDEdsdm ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0812 3588  NetDDEdsdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0828 3588  Netlogon ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0828 3588  Netlogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0828 3588  Netman ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0828 3588  Netman ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0828 3588  Nla ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0828 3588  Nla ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0859 3588  Npfs ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0859 3588  Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0859 3588  Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0859 3588  Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0875 3588  NtLmSsp ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0875 3588  NtLmSsp ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0875 3588  NtmsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0875 3588  NtmsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0906 3588  Null ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0906 3588  Null ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0921 3588  nv ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0921 3588  nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0921 3588  NwlnkFlt ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0921 3588  NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0921 3588  NwlnkFwd ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0921 3588  NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0953 3588  Parport ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0953 3588  Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0953 3588  PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0953 3588  PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0984 3588  ParVdm ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0984 3588  ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:46.0984 3588  PCI ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:46.0984 3588  PCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0000 3588  Pcmcia ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0000 3588  Pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0000 3588  PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0000 3588  PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0015 3588  PolicyAgent ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0015 3588  PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0031 3588  PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0031 3588  PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0046 3588  ProtectedStorage ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0046 3588  ProtectedStorage ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0046 3588  PSched ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0046 3588  PSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0046 3588  Ptilink ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0046 3588  Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0062 3588  RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0062 3588  RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0078 3588  RasAuto ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0078 3588  RasAuto ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0093 3588  Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0093 3588  Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0109 3588  RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0109 3588  RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0109 3588  RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0109 3588  RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0109 3588  Raspti ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0109 3588  Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0125 3588  Rdbss ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0125 3588  Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0140 3588  RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0140 3588  RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0156 3588  rdpdr ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0156 3588  rdpdr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0171 3588  RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0171 3588  RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0171 3588  RDSessMgr ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0171 3588  RDSessMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0171 3588  redbook ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0171 3588  redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0203 3588  RemoteAccess ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0203 3588  RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0203 3588  RemoteRegistry ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0203 3588  RemoteRegistry ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0218 3588  RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0218 3588  RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0218 3588  RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0218 3588  RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0234 3588  RSVP ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0234 3588  RSVP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0265 3588  rtl8139 ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0265 3588  rtl8139 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0312 3588  SamSs ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0328 3588  SamSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0328 3588  SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0328 3588  SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0343 3588  Schedule ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0343 3588  Schedule ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0343 3588  Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0343 3588  Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0375 3588  seclogon ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0375 3588  seclogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0390 3588  SENS ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0390 3588  SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0390 3588  serenum ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0390 3588  serenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0406 3588  Serial ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0406 3588  Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0421 3588  Sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0421 3588  Sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0421 3588  SharedAccess ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0421 3588  SharedAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0437 3588  ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0437 3588  ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0437 3588  SLIP ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0437 3588  SLIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0453 3588  SNP2STD ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0453 3588  SNP2STD ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0468 3588  splitter ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0468 3588  splitter ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0484 3588  Spooler ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0484 3588  Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0500 3588  sptd ( LockedFile.Multi.Generic ) - skipped by user
09:27:47.0500 3588  sptd ( LockedFile.Multi.Generic ) - User select action: Skip
09:27:47.0515 3588  sr ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0515 3588  sr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0515 3588  srservice ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0515 3588  srservice ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0546 3588  Srv ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0546 3588  Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0546 3588  SSDPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0546 3588  SSDPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0562 3588  ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0562 3588  ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0562 3588  StarWindService ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0562 3588  StarWindService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0593 3588  stisvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0593 3588  stisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0593 3588  streamip ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0609 3588  streamip ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0609 3588  swenum ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0609 3588  swenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0609 3588  swmidi ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0609 3588  swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0640 3588  sysaudio ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0640 3588  sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0640 3588  SysmonLog ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0640 3588  SysmonLog ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0656 3588  TapiSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0656 3588  TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0656 3588  Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0656 3588  Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0671 3588  TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0671 3588  TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0671 3588  TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0671 3588  TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0687 3588  TermDD ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0687 3588  TermDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0718 3588  TermService ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0718 3588  TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0734 3588  Themes ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0734 3588  Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0734 3588  TlntSvr ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0734 3588  TlntSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0734 3588  TrkWks ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0734 3588  TrkWks ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0750 3588  Udfs ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0750 3588  Udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0750 3588  UMWdf ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0750 3588  UMWdf ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0765 3588  Update ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0765 3588  Update ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0781 3588  upnphost ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0781 3588  upnphost ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0796 3588  UPS ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0796 3588  UPS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0812 3588  usbhub ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0812 3588  usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0812 3588  usbscan ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0812 3588  usbscan ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0828 3588  USBSTOR ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0828 3588  USBSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0843 3588  usbuhci ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0843 3588  usbuhci ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0859 3588  vaxscsi ( LockedFile.Multi.Generic ) - skipped by user
09:27:47.0859 3588  vaxscsi ( LockedFile.Multi.Generic ) - User select action: Skip
09:27:47.0859 3588  VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0859 3588  VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0875 3588  VolSnap ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0875 3588  VolSnap ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0906 3588  VSS ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0906 3588  VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0906 3588  W32Time ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0906 3588  W32Time ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0921 3588  Wanarp ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0921 3588  Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0921 3588  wdmaud ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0921 3588  wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0921 3588  WebClient ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0921 3588  WebClient ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0953 3588  winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0953 3588  winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0984 3588  WmdmPmSN ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0984 3588  WmdmPmSN ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0984 3588  Wmi ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0984 3588  Wmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:47.0984 3588  WmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:47.0984 3588  WmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:48.0000 3588  WS2IFSL ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:48.0000 3588  WS2IFSL ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:48.0015 3588  wscsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:48.0015 3588  wscsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:48.0031 3588  WSTCODEC ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:48.0031 3588  WSTCODEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:48.0046 3588  wuauserv ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:48.0046 3588  wuauserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:48.0046 3588  WZCSVC ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:48.0046 3588  WZCSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:27:48.0062 3588  xmlprov ( UnsignedFile.Multi.Generic ) - skipped by user
09:27:48.0062 3588  xmlprov ( UnsignedFile.Multi.Generic ) - User select action: Skip
Beste Grüße,

pummel

schrauber 08.10.2013 09:13

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

pummelfee 08.10.2013 16:27
Hallo schrauber,

Probleme gibt es keine mehr, danke. Hier erstmal die logs:

ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d43a89219a68894c95a54e261ef1fea0
# engine=15308
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-30 03:53:46
# local_time=2013-09-30 05:53:47 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=774 16777213 85 91 279509 157266299 0 0
# scanned=91332
# found=1
# cleaned=0
# scan_time=5690
sh=D10C60C37B48B04118508529316553C12E9C82E2 ft=0 fh=0000000000000000 vn="Win32/TrojanClicker.VB.NMH trojan" ac=I fn="C:\Dokumente und Einstellungen\basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EXPMZEHS\244[1].gif"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d43a89219a68894c95a54e261ef1fea0
# engine=15314
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-30 08:13:10
# local_time=2013-09-30 10:13:10 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=774 16777213 85 91 295073 157281863 0 0
# scanned=91394
# found=1
# cleaned=1
# scan_time=5838
sh=D10C60C37B48B04118508529316553C12E9C82E2 ft=0 fh=0000000000000000 vn="Win32/TrojanClicker.VB.NMH trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Dokumente und Einstellungen\basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EXPMZEHS\244[1].gif"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d43a89219a68894c95a54e261ef1fea0
# engine=15398
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-08 02:11:33
# local_time=2013-10-08 04:11:33 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=774 16777213 85 91 964575 157951365 0 0
# scanned=56432
# found=0
# cleaned=0
# scan_time=20667
SecurityCheck:

Code:
Results of screen317's Security Check version 0.99.74 
 Windows XP Service Pack 2 x86 
 Out of date service pack!!
 Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Warten Sie, w„hrend WMIC installiert wird.d
i
s
p
l
a
y
N
a
m
e
ECHO ist ausgeschaltet (OFF).
a
v
a
s
t
!
ECHO ist ausgeschaltet (OFF).
A
n
t
i
v
i
r
u
s
ECHO ist ausgeschaltet (OFF).
 Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Adobe Flash Player 10 Flash Player out of Date!
  Adobe Flash Player        10.1.102.64 Flash Player out of Date! 
 Adobe Reader 8 Adobe Reader out of Date!
 Mozilla Firefox 23.0.1 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 
````````````````````End of Log``````````````````````
FRST:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by winnie (administrator) on ASGARD on 08-10-2013 16:50:06
Running from C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 6
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Programme\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
(Rocket Division Software) C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
(Canon Inc.) C:\Programme\Canon\CAL\CALMAIN.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Desktop.exe
(TeamViewer GmbH) c:\programme\teamviewer\version8\TeamViewer.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
(shbox.de) C:\Programme\FreePDF_XP\fpassist.exe
(C-Media Electronic Inc. (www.cmedia.com.tw)) C:\WINDOWS\Mixer.exe
(Sonix) C:\WINDOWS\vsnp2std.exe
(ArcSoft Inc.) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
(AVAST Software) C:\Programme\AVAST Software\Avast\avastUI.exe
(Nero AG) C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
(ArcSoft Inc.) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\tv_w32.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CorelDRAW Graphics Suite 11b] - C:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe [733184 2003-11-28] (Corel Corporation)
HKLM\...\Run: [EPSON Stylus C86 Series] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE [99840 2003-11-25] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FreePDF Assistant] - C:\Programme\FreePDF_XP\fpassist.exe [312320 2007-06-26] (shbox.de)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [C-Media Mixer] - Mixer.exe /startup
HKLM\...\Run: [snp2std] - C:\WINDOWS\vsnp2std.exe [675840 2006-09-15] (Sonix)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [avast] - C:\Programme\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [94208 2005-09-08] (Nero AG)
HKU\basti\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [ 2005-09-08] (Nero AG)
HKU\basti\...\Run: [mscj.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscj.exe
HKU\basti\...\Run: [mscjm.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscjm.exe
HKU\basti\...\Run: [WdHelpSnap] - rundll32.exe "C:\Dokumente und Einstellungen\basti\Lokale Einstellungen\Anwendungsdaten\isaUser32\WdHelpSnap.dll",Applemapdrv userMouseman
HKU\basti\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe [ 2010-12-30] (Adobe Systems, Inc.)
HKU\katharina\...\Run: [srvh] - "C:\WINDOWS\system32\srvh.exe" -autorun
HKU\margarete\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [ 2005-09-08] (Nero AG)
HKU\margarete\...\Run: [] - "srvh.exe" -autorun
HKU\margarete\...\Run: [srvh] - "C:\WINDOWS\system32\srvh.exe" -autorun
HKU\matthias\...\Run: [AdobeUpdater] - C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe [ 2009-01-12] (Adobe Systems Incorporated)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Mozilla\Firefox\Profiles\6lgj5dmp.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programme\Microsoft Silverlight\npctrl.1.0.20926.0.dll ( Microsoft Corporation)
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Mozilla\Firefox\Profiles\6lgj5dmp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype extension for Firefox - C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Programme\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Programme\AVAST Software\Avast\WebRep\FF

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2007-04-06] ()
R2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 CCALib8; C:\Programme\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117656 2013-09-03] (Mozilla Foundation)
R2 StarWindService; C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [217600 2005-04-01] (Rocket Division Software)
R2 TeamViewer8; C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [5071712 2013-09-12] (TeamViewer GmbH)

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R3 cmpci; C:\Windows\System32\drivers\cmaudio.sys [374094 2002-03-26] (C-Media Inc)
S3 hidgame; C:\Windows\System32\DRIVERS\hidgame.sys [8576 2001-08-17] (Microsoft Corporation)
S3 Kbardsentca; C:\WINDOWS\system32\drivers\MSPQM.sys [4992 2004-08-03] (Microsoft Corporation)
S3 LwAdiHid; C:\Windows\System32\DRIVERS\LwAdiHid.sys [20864 2004-08-03] (Logitech Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [48728 2013-09-27] (MalwareBytes)
R3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation)
R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2004-11-11] ()
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12039552 2007-04-09] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [642560 2007-04-06] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [21248 2008-04-14] (AVIRA GmbH)
R3 vaxscsi; C:\Windows\System32\Drivers\vaxscsi.sys [223128 2007-04-06] ()
S3 catchme; \??\C:\DOKUME~1\winnie\LOKALE~1\Temp\catchme.sys [x]
S4 InCDFs; system32\drivers\InCDFs.sys [x]
S1 InCDPass; system32\drivers\InCDPass.sys [x]
S1 InCDRm; system32\drivers\InCDRm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-07 15:22 - 2013-10-07 15:22 - 00000582 _____ C:\Dokumente und Einstellungen\winnie\Desktop\JRT.txt
2013-10-05 19:51 - 2013-10-05 19:51 - 00030168 ____C C:\ComboFix.txt
2013-10-04 09:38 - 2013-10-05 19:51 - 00000000 ___DC C:\Qoobox
2013-10-04 09:38 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-04 09:38 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-04 09:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-04 09:38 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-04 09:36 - 2013-10-04 08:58 - 05130782 ____R (Swearware) C:\Dokumente und Einstellungen\winnie\Desktop\ComboFix.exe
2013-10-04 09:22 - 2013-10-04 09:22 - 00000000 ___SD C:\Dokumente und Einstellungen\winnie\UserData
2013-10-02 10:58 - 2013-10-02 10:58 - 00000000 RSHDC C:\cmdcons
2013-10-02 10:58 - 2007-04-06 14:15 - 00000211 ____C C:\Boot.bak
2013-10-02 10:58 - 2004-08-03 23:00 - 00262448 _RSHC C:\cmldr
2013-10-02 10:54 - 2013-10-05 19:48 - 00000000 ____D C:\WINDOWS\erdnt
2013-09-28 13:45 - 2013-10-08 16:50 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
2013-09-28 13:45 - 2013-09-28 13:45 - 00000000 ___DC C:\FRST
2013-09-27 20:48 - 2013-09-27 20:50 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-09-27 20:48 - 2013-09-27 20:48 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-27 12:16 - 2013-10-08 12:16 - 00000356 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-09-27 12:16 - 2013-09-27 12:16 - 00001653 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
2013-09-27 12:16 - 2013-09-27 12:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
2013-09-27 12:16 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00177864 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00049760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-09-27 12:16 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-09-27 12:16 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-09-27 12:12 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-09-27 12:10 - 2013-09-27 12:10 - 00000000 ____D C:\Programme\AVAST Software
2013-09-27 12:08 - 2013-09-27 12:10 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
2013-09-27 09:18 - 2013-09-26 18:08 - 131918888 _____ C:\Dokumente und Einstellungen\winnie\Desktop\avast_free_antivirus_setup.exe
2013-09-27 09:10 - 2013-09-27 09:10 - 00045082 _____ C:\Dokumente und Einstellungen\winnie\Desktop\OTL.Txt
2013-09-27 09:10 - 2013-09-27 09:10 - 00030338 _____ C:\Dokumente und Einstellungen\winnie\Desktop\Extras.Txt
2013-09-26 20:18 - 2013-09-26 20:18 - 00000756 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Malwarebytes
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
2013-09-26 20:17 - 2013-09-26 20:18 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-09-26 20:17 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-09-26 19:00 - 2013-09-26 19:00 - 00001998 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\AdwCleaner[S0].txt
2013-09-26 18:34 - 2013-10-07 13:53 - 00000000 ___DC C:\AdwCleaner
2013-09-26 18:33 - 2013-09-26 18:33 - 00000660 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\JRT.txt
2013-09-26 18:20 - 2013-09-26 18:20 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-26 18:19 - 2013-09-26 18:15 - 01030038 _____ (Thisisu) C:\Dokumente und Einstellungen\winnie\Desktop\JRT.exe
2013-09-26 18:17 - 2013-09-26 18:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Dokumente und Einstellungen\winnie\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-26 18:17 - 2013-09-26 18:14 - 00602112 _____ (OldTimer Tools) C:\Dokumente und Einstellungen\winnie\Desktop\OTL.exe
2013-09-26 18:15 - 2013-09-26 18:15 - 00002450 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\aswMBR.txt
2013-09-26 18:15 - 2013-09-26 18:15 - 00000512 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\MBR.dat
2013-09-26 13:02 - 2013-09-26 13:02 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-09-26 12:59 - 2013-09-27 20:48 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\mbar
2013-09-26 12:55 - 2013-09-26 12:54 - 02237968 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\winnie\Desktop\tdsskiller.exe
2013-09-26 12:22 - 2013-09-26 12:58 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\sophos
2013-09-26 12:10 - 2013-09-26 12:10 - 00001108 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\connections.reg
2013-09-26 09:57 - 2013-09-26 09:57 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Lokale Einstellungen\Anwendungsdaten\Sophos
2013-09-26 09:43 - 2013-09-27 18:59 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos
2013-09-26 09:34 - 2013-09-26 09:34 - 00000000 ____D C:\Programme\MSXML 4.0
2013-09-25 16:21 - 2013-09-26 09:29 - 00000000 ___DC C:\savw_100_sa
2013-09-25 14:15 - 2013-09-25 14:15 - 00000787 _____ C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 8.lnk
2013-09-25 14:15 - 2013-09-25 14:15 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8
2013-09-25 14:14 - 2013-09-25 14:14 - 00000000 ____D C:\Programme\TeamViewer

==================== One Month Modified Files and Folders =======

2013-10-08 16:50 - 2013-09-28 13:45 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
2013-10-08 16:21 - 2007-04-02 09:10 - 00000000 ___RD C:\Programme
2013-10-08 13:41 - 2007-04-02 08:24 - 00382828 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-08 12:16 - 2013-09-27 12:16 - 00000356 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-10-08 09:36 - 2007-04-02 09:13 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-08 09:36 - 2007-04-02 09:13 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-08 09:35 - 2007-04-02 08:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-08 09:34 - 2007-04-02 08:31 - 00032508 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-07 15:22 - 2013-10-07 15:22 - 00000582 _____ C:\Dokumente und Einstellungen\winnie\Desktop\JRT.txt
2013-10-07 13:55 - 2004-11-11 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-07 13:54 - 2007-04-06 14:17 - 00000190 ___SH C:\Dokumente und Einstellungen\winnie\ntuser.ini
2013-10-07 13:54 - 2007-04-06 14:17 - 00000000 ____D C:\Dokumente und Einstellungen\winnie
2013-10-07 13:53 - 2013-09-26 18:34 - 00000000 ___DC C:\AdwCleaner
2013-10-06 11:13 - 2007-06-27 18:43 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\Kunst
2013-10-06 00:16 - 2007-04-02 08:30 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService
2013-10-05 19:51 - 2013-10-05 19:51 - 00030168 ____C C:\ComboFix.txt
2013-10-05 19:51 - 2013-10-04 09:38 - 00000000 ___DC C:\Qoobox
2013-10-05 19:49 - 2007-04-10 12:30 - 00000000 ___RD C:\Dokumente und Einstellungen\margarete\Startmenü\Programme\Autostart
2013-10-05 19:48 - 2013-10-02 10:54 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-05 19:46 - 2004-11-11 14:00 - 00000227 ____C C:\WINDOWS\system.ini
2013-10-04 09:30 - 2007-06-04 17:08 - 00233760 ____C C:\Dokumente und Einstellungen\winnie\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2013-10-04 09:22 - 2013-10-04 09:22 - 00000000 ___SD C:\Dokumente und Einstellungen\winnie\UserData
2013-10-04 08:58 - 2013-10-04 09:36 - 05130782 ____R (Swearware) C:\Dokumente und Einstellungen\winnie\Desktop\ComboFix.exe
2013-10-04 08:49 - 2007-04-02 09:09 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2013-10-03 17:05 - 2007-04-02 08:22 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-10-02 10:58 - 2013-10-02 10:58 - 00000000 RSHDC C:\cmdcons
2013-10-02 10:58 - 2007-04-02 10:08 - 00000327 _RSHC C:\boot.ini
2013-10-01 13:50 - 2009-01-08 16:09 - 00000000 ____D C:\Programme\SkyTestFQ
2013-10-01 13:21 - 2013-09-03 17:39 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-10-01 13:13 - 2010-04-05 17:58 - 00000000 ___RD C:\Programme\Skype
2013-10-01 13:13 - 2010-01-08 16:52 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2013-09-28 13:45 - 2013-09-28 13:45 - 00000000 ___DC C:\FRST
2013-09-27 20:50 - 2013-09-27 20:48 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-09-27 20:48 - 2013-09-27 20:48 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-27 20:48 - 2013-09-26 12:59 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\mbar
2013-09-27 18:59 - 2013-09-26 09:43 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos
2013-09-27 12:16 - 2013-09-27 12:16 - 00001653 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
2013-09-27 12:16 - 2013-09-27 12:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
2013-09-27 12:16 - 2007-04-02 08:26 - 00002951 ____C C:\WINDOWS\system32\CONFIG.NT
2013-09-27 12:10 - 2013-09-27 12:10 - 00000000 ____D C:\Programme\AVAST Software
2013-09-27 12:10 - 2013-09-27 12:08 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
2013-09-27 09:10 - 2013-09-27 09:10 - 00045082 _____ C:\Dokumente und Einstellungen\winnie\Desktop\OTL.Txt
2013-09-27 09:10 - 2013-09-27 09:10 - 00030338 _____ C:\Dokumente und Einstellungen\winnie\Desktop\Extras.Txt
2013-09-27 07:56 - 2007-04-02 10:02 - 00000000 ____D C:\WINDOWS\twain_32
2013-09-26 20:18 - 2013-09-26 20:18 - 00000756 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Anwendungsdaten\Malwarebytes
2013-09-26 20:18 - 2013-09-26 20:18 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
2013-09-26 20:18 - 2013-09-26 20:17 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-09-26 19:00 - 2013-09-26 19:00 - 00001998 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\AdwCleaner[S0].txt
2013-09-26 18:33 - 2013-09-26 18:33 - 00000660 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\JRT.txt
2013-09-26 18:20 - 2013-09-26 18:20 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-26 18:16 - 2007-04-06 11:05 - 00000190 __SHC C:\Dokumente und Einstellungen\matthias\ntuser.ini
2013-09-26 18:15 - 2013-09-26 18:19 - 01030038 _____ (Thisisu) C:\Dokumente und Einstellungen\winnie\Desktop\JRT.exe
2013-09-26 18:15 - 2013-09-26 18:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Dokumente und Einstellungen\winnie\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-26 18:15 - 2013-09-26 18:15 - 00002450 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\aswMBR.txt
2013-09-26 18:15 - 2013-09-26 18:15 - 00000512 _____ C:\Dokumente und Einstellungen\matthias\Eigene Dateien\MBR.dat
2013-09-26 18:14 - 2013-09-26 18:17 - 00602112 _____ (OldTimer Tools) C:\Dokumente und Einstellungen\winnie\Desktop\OTL.exe
2013-09-26 18:08 - 2013-09-27 09:18 - 131918888 _____ C:\Dokumente und Einstellungen\winnie\Desktop\avast_free_antivirus_setup.exe
2013-09-26 15:59 - 2007-04-02 08:23 - 00000000 ____D C:\WINDOWS\srchasst
2013-09-26 13:02 - 2013-09-26 13:02 - 00000000 ___DC C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-09-26 12:58 - 2013-09-26 12:22 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Desktop\sophos
2013-09-26 12:54 - 2013-09-26 12:55 - 02237968 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\winnie\Desktop\tdsskiller.exe
2013-09-26 12:32 - 2013-05-27 11:14 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Siblhzisnrb
2013-09-26 12:10 - 2013-09-26 12:10 - 00001108 _____ C:\Dokumente und Einstellungen\winnie\Eigene Dateien\connections.reg
2013-09-26 09:57 - 2013-09-26 09:57 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Lokale Einstellungen\Anwendungsdaten\Sophos
2013-09-26 09:34 - 2013-09-26 09:34 - 00000000 ____D C:\Programme\MSXML 4.0
2013-09-26 09:29 - 2013-09-25 16:21 - 00000000 ___DC C:\savw_100_sa
2013-09-26 09:27 - 2007-04-02 09:09 - 00796344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-25 15:03 - 2010-12-25 19:09 - 00000000 ____D C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744
2013-09-25 14:15 - 2013-09-25 14:15 - 00000787 _____ C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 8.lnk
2013-09-25 14:15 - 2013-09-25 14:15 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8
2013-09-25 14:14 - 2013-09-25 14:14 - 00000000 ____D C:\Programme\TeamViewer
2013-09-25 13:08 - 2007-04-06 14:21 - 00002495 _____ C:\Dokumente und Einstellungen\winnie\Desktop\Microsoft Word.lnk
2013-09-24 21:47 - 2007-08-22 15:04 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\e5
2013-09-22 11:55 - 2007-07-21 17:22 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\Ku5
2013-09-22 11:49 - 2007-04-15 20:26 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\d6
2013-09-22 11:47 - 2007-11-06 22:02 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\d5
2013-09-19 10:23 - 2007-04-10 12:30 - 00000190 ___SH C:\Dokumente und Einstellungen\margarete\ntuser.ini
2013-09-18 15:40 - 2007-07-21 17:39 - 00000000 ____D C:\Dokumente und Einstellungen\winnie\Eigene Dateien\formulare
2013-09-13 19:07 - 2012-07-09 17:53 - 00000000 ____D C:\Programme\Mozilla Maintenance Service

Files to move or delete:
====================
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\dm.ini


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 1035264 ____A (Microsoft Corporation) 22fe1be02eadde1632e478e4125639e0

C:\Windows\System32\winlogon.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0507392 ____A (Microsoft Corporation) 2b6a0baf33a9918f09442d873848ff72

C:\Windows\System32\svchost.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0014336 ____A (Microsoft Corporation) 65a819b121eb6fdab4400ea42bdffe64

C:\Windows\System32\services.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0108544 ____A (Microsoft Corporation) edb6b81761bd60f32f740bbc40afb676

C:\Windows\System32\User32.dll
[2004-11-11 14:00] - [2004-11-11 14:00] - 0578560 ____A (Microsoft Corporation) 56785fd5236d7b22cf471a6da9db46d8

C:\Windows\System32\userinit.exe
[2004-11-11 14:00] - [2004-11-11 14:00] - 0025088 ____A (Microsoft Corporation) d1e53dc57143f2584b1dd53b036c0633

C:\Windows\System32\Drivers\volsnap.sys
[2004-11-11 14:00] - [2004-11-11 14:00] - 0053760 ____A (Microsoft Corporation) d6888520ff56d72a50437e371ca25fc9


==================== End Of Log ============================
--- --- ---

--- --- ---


FRST Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by winnie at 2013-10-08 17:01:30
Running from C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

Adobe Flash Player 10 Plugin (Version: 10.1.102.64)
Adobe Photoshop CS (Version: CS)
Adobe Reader 8.1.2 - Deutsch (Version: 8.1.2)
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Apache HTTP Server 2.2.10 (Version: 2.2.10)
avast! Free Antivirus (Version: 8.0.1497.0)
Bomberclone
Bridge Builder
Canon Camera Access Library (Version: 8.1.1.17)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.2.0.8)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.1.0.7)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.2.0.5)
Canon Internet Library for ZoomBrowser EX (Version: 1.4.2.6)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.4.0.7)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.5.0.5)
Canon Utilities Digital Photo Professional 2.2 (Version: 2.2.0.1)
Canon Utilities EOS Utility (Version: 1.1.0.8)
Canon Utilities PhotoStitch (Version: 3.1.18.42)
Canon Utilities ZoomBrowser EX (Version: 5.7.0.74)
CorelDRAW Graphics Suite 12 (Version: 12.0.0.458)
ElsterFormular für Privatanwender (Version: 12.3.2.6814p)
EPSON PhotoQuicker3.5
EPSON Web-To-Page
EPSON-Drucker-Software
ESC86 Referenzhandbuch
ESC86 Softwarehandbuch
FreePDF XP (Remove only)
GTK+ Runtime 2.14.7 rev a (remove only)
IrfanView (remove only)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MediaImpression 2.0 for PENTAX (Version: 2.0.63.630)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft Office XP Professional mit FrontPage (Version: 10.0.2701.01)
Microsoft Silverlight (Version: 1.0.20926.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero 7 Ultra Edition (Version: 7.00.0177)
PCI Audio Driver
RedMon - Redirection Port Monitor
ScanToWeb
Skype Toolbars (Version: 1.0.4051)
Skype™ 5.0 (Version: 5.0.152)
TeamViewer 8 (Version: 8.0.20935)
USB Scanner
USB2.0 PC Camera (SN9C201&202) (Version: 5.7.22.000)
WebFldrs XP (Version: 9.50.7523)
Windows Installer 3.1 (KB893803) (Version: 3.1)
WinRAR Archivierer
WINZD 2013-04
ZTestHL 12.0.0 (Version: 12.0.0)

==================== Restore Points  =========================

03-10-2013 15:05:28 Systemprüfpunkt
04-10-2013 06:48:55 Sygate Personal Firewall wird entfernt
08-10-2013 02:33:50 Systemprüfpunkt

==================== Hosts content: ==========================

2004-11-11 14:00 - 2013-10-05 19:46 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Programme\AVAST Software\Avast\AvastEmUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-07 09:51 - 2013-10-07 08:38 - 02104832 _____ () C:\Programme\AVAST Software\Avast\defs\13100700\algo.dll
2008-02-12 20:52 - 2005-01-06 19:33 - 00116224 _____ () C:\WINDOWS\system32\redmonnt.dll
2007-04-06 10:29 - 2005-10-19 11:56 - 00125952 ____N () C:\Programme\WinRAR\rarext.dll
2004-11-11 14:00 - 2004-11-11 14:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2013 00:27:17 PM) (Source: crypt32) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (09/27/2013 00:27:05 PM) (Source: crypt32) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (09/27/2013 00:27:02 PM) (Source: crypt32) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (09/19/2013 10:04:19 AM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.

Error: (09/19/2013 10:04:19 AM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.

Error: (09/12/2013 05:57:30 PM) (Source: Microsoft Office 10) (User: )
Description: Faulting application winword.exe, version 10.0.2627.0, faulting module winword.exe, version 10.0.2627.0, fault address 0x00046c3b.

Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.

Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.

Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.

Error: (07/25/2013 02:56:00 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00c0694a.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.


System errors:
=============
Error: (10/08/2013 09:32:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TeamViewer 8" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Starten Sie den Dienst neu..

Error: (10/08/2013 09:32:11 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Canon Camera Access Library 8" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/08/2013 09:32:11 AM) (Source: Service Control Manager) (User: )
Description: Dienst "StarWind iSCSI Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/08/2013 09:32:09 AM) (Source: Service Control Manager) (User: )
Description: Dienst "ArcSoft Connect Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/08/2013 09:22:11 AM) (Source: Windows Update Agent) (User: )
Description: Verbindung kann nicht hergestellt werden: Die Verbindung mit dem Dienst für automatische Updates konnte nicht hergestellt werden, so dass keine Updates zum angegebenen Zeitplan übertragen und installiert werden können. Es wird weiterhin versucht, eine Verbindung herzustellen.

Error: (10/06/2013 09:22:11 AM) (Source: Windows Update Agent) (User: )
Description: Verbindung kann nicht hergestellt werden: Die Verbindung mit dem Dienst für automatische Updates konnte nicht hergestellt werden, so dass keine Updates zum angegebenen Zeitplan übertragen und installiert werden können. Es wird weiterhin versucht, eine Verbindung herzustellen.

Error: (10/02/2013 01:38:04 PM) (Source: System Error) (User: )
Description: Fehlercode 0000004d, 1. Parameter 0001d218, 2. Parameter 0001d218, 3. Parameter 0000769e, 4. Parameter 00000000.

Error: (10/02/2013 01:37:56 PM) (Source: System Error) (User: )
Description: Fehlercode 100000ea, 1. Parameter 819b3700, 2. Parameter 82157008, 3. Parameter f8964cb4, 4. Parameter 00000001.

Error: (10/02/2013 01:37:48 PM) (Source: System Error) (User: )
Description: Fehlercode 000000ea, 1. Parameter 82146be0, 2. Parameter 820296e0, 3. Parameter 82023230, 4. Parameter 00000001.

Error: (10/02/2013 01:37:43 PM) (Source: System Error) (User: )
Description: Fehlercode 100000ea, 1. Parameter 82141020, 2. Parameter 820dabf8, 3. Parameter f8968cb4, 4. Parameter 00000001.


Microsoft Office Sessions:
=========================
Error: (09/27/2013 00:27:17 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (09/27/2013 00:27:05 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (09/27/2013 00:27:02 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (09/19/2013 10:04:19 AM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a

Error: (09/19/2013 10:04:19 AM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a

Error: (09/12/2013 05:57:30 PM) (Source: Microsoft Office 10)(User: )
Description: winword.exe10.0.2627.0winword.exe10.0.2627.000046c3b

Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a

Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a

Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a

Error: (07/25/2013 02:56:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.000c0694a


==================== Memory info ===========================

Percentage of memory in use: 70%
Total physical RAM: 511.49 MB
Available physical RAM: 148.76 MB
Total Pagefile: 1249.54 MB
Available Pagefile: 942.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:19.53 GB) (Free:5.31 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:14.65 GB) (Free:3.29 GB) NTFS
Drive e: () (Fixed) (Total:3.98 GB) (Free:3.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 38 GB) (Disk ID: 0AE20AE1)
Partition 1: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=19 GB) - (Type=OF Extended)

==================== End Of Log ============================
Ich nehme an, die in SecurityCheck erkannten "Probleme" im Sinne von update-würdigen Programme sollten auf einen aktuelleren Stand gebracht werden.

Beste Grüße,

pummel

schrauber 09.10.2013 08:16
Vor allem Windows. Das Servicepack 3 gibt es schon 5 Jahre. Jetzt updaten, nach dem Fix.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\basti\...\Run: [mscj.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscj.exe
HKU\basti\...\Run: [mscjm.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscjm.exe
HKU\margarete\...\Run: [] - "srvh.exe" -autorun
HKU\margarete\...\Run: [srvh] - "C:\WINDOWS\system32\srvh.exe" -autorun
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\dm.ini
C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744
C:\WINDOWS\system32\srvh.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Jetzt so oft Win Update aufsuchen und alles installieren bis nach mehreren Reboots keine Updates mehr angezeigt werden, dann bitte ein frisches FRST log.

pummelfee 09.10.2013 11:19
Hallo schrauber,

ja, das ist wohl wahr. Man sollte sich nicht drauf verlassen, dass die Herrschaften immer das machen, was man ihnen predigt. Hier ist schon mal die Fixlog. Der Rest wird vermutlich noch etwas dauern.

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by winnie at 2013-10-09 10:31:32 Run:1
Running from C:\Dokumente und Einstellungen\winnie\Desktop\Neuer Ordner
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\basti\...\Run: [mscj.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscj.exe
HKU\basti\...\Run: [mscjm.exe] - C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744\mscjm.exe
HKU\margarete\...\Run: [] - "srvh.exe" -autorun
HKU\margarete\...\Run: [srvh] - "C:\WINDOWS\system32\srvh.exe" -autorun
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\dm.ini
C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744
C:\WINDOWS\system32\srvh.exe
*****************

HKU\basti\Software\Microsoft\Windows\CurrentVersion\Run\\mscj.exe => Value deleted successfully.
HKU\basti\Software\Microsoft\Windows\CurrentVersion\Run\\mscjm.exe => Value deleted successfully.
HKU\margarete\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\margarete\Software\Microsoft\Windows\CurrentVersion\Run\\srvh => Value deleted successfully.
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\dm.ini => Moved successfully.
C:\Dokumente und Einstellungen\basti\Anwendungsdaten\95744 => Moved successfully.
"C:\WINDOWS\system32\srvh.exe" => File/Directory not found.

==== End of Fixlog ====
Tausend Dank schon mal!

Beste Grüße,

pummel


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:30 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55