| |
| |||||||
Log-Analyse und Auswertung: 50 EUR Trojaner / ubd.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.03.2012, 18:46
| #1 |
 |  50 EUR Trojaner / ubd.exe Guten Tag, ich habe z.Z. den Rechner eines Freundes zwecks "Entwanzung" hier stehen. Er hat vor einer Weile die bekannte 50 EUR Zahlungaufforderung beim Systemstart gehabt. Er hat dann eine Zeit lang mit dem (parallel installierten) alten Win XP gearbeitet. Nach einer Weile lief auch das Win7 wieder (soweit kenne ich das leider nur als mündliche Schilderung). Ich habe erstmal die Desinfec't 2011 CD laufen lassen (genauer: Avira Antivirus und Bitdefender). Leider hat sie sich in unregelmäßigen Abständen aufgehängt, so das ich nicht mehr genau weiß was wo gefunden wurde (es wurden diverse Dateien angemeckert, soweit ich mich erinnere im Java cache und im temp Ordner). Die betroffenen Dateien habe ich gelöscht. Im Anschuss habe ich die aktuelle Kaspersky Rescue CD im Textmodus laufen lassen. Dabei wurde Nichts mehr gefunden. Das System läuft jetzt wieder (XP und 7), aber ich traue dem Braten nicht ganz. Stutzig gemacht hat mich der Prozess "ubd.exe" im Taskmanager. Lt. Google könnte er zu Apple ITunes bzw. dem IPod Support gehören. Hier im Board gabe es aber auch einen Hinweis auf einen Trojaner/Downloader. Also habe ich (zusätzlich zum bereits vorhandenen NOD32) Malwarebytes Anti-Malware installiert und einen vollständigen Scan ausgeführt. Log: Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.09.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Georg :: GEORGS-PC [Administrator] Schutz: Aktiviert 09.03.2012 15:51:39 mbam-log-2012-03-09 (17-09-31).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 366541 Laufzeit: 1 Stunde(n), 16 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 c:\users\georg\appdata\local\temp\qtinstallcode.log (Extension.Mismatch) -> Keine Aktion durchgeführt. (Ende) Vermutlich eher unkritisch. Trotzdem würde ich mich sehr freuen wenn sich das jemand ansehen könnte der richtig Ahnung von der Materie hat. DDS Log: .DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Georg at 17:25:40 on 2012-03-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.958.283 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wg111v~1.lnk - c:\program files\netgear\wg111v2 configuration utility\RtlWake.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{80E7C3D2-16F0-4229-B2DE-D93A18881F54} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DF7F8843-065F-48CA-B475-E779C2DD6CD4} : DhcpNameServer = 192.168.178.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\georg\appdata\roaming\mozilla\firefox\profiles\1ohbrm5s.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2011-11-20 66048]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-12-21 95384]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-9 652360]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-9 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2011-11-20 167808]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2011-11-20 167808]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-6 52224]
.
=============== Created Last 30 ================
.
2012-03-09 14:46:37 -------- d-----w- c:\users\georg\appdata\roaming\Malwarebytes
2012-03-09 14:46:31 -------- d-----w- c:\programdata\Malwarebytes
2012-03-09 14:46:30 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-09 14:46:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-09 14:27:29 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e0322189-384e-47a6-a7cd-457929ca3018}\offreg.dll
2012-03-09 14:09:40 -------- d-----w- c:\users\georg\appdata\local\WindowsUpdate
2012-03-09 13:57:28 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2012-03-09 13:40:22 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-03-09 13:40:22 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-03-09 13:40:22 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-03-09 13:40:22 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-03-09 11:03:51 -------- d-----w- c:\program files\iPod
2012-03-09 11:03:43 -------- d-----w- c:\program files\iTunes
2012-03-09 10:14:45 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e0322189-384e-47a6-a7cd-457929ca3018}\mpengine.dll
2012-02-16 09:47:20 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 09:47:01 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 09:46:51 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 09:46:48 2343424 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-03-09 13:57:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-09 13:48:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 17:26:03,39 ===============
Vor dem GMER Scan habe ich per Taskmanger einige Dienst/Prozesse gestoppt: AntiMalware, alle Apple Dienste, Java und Adode Updater (NOD32 ließ sich nicht stoppen). DDS attach.log und GMER.log im Anhang. Danke, Klaus |
|
12.03.2012, 16:01
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | 50 EUR Trojaner / ubd.exeZitat:
__________________ |
|
13.03.2012, 21:47
| #3 |
| | 50 EUR Trojaner / ubd.exe Hallo,
__________________das hier habe bzgl. Logs gefunden: Einen Eintrage im Log das NOD32 On Access Scanners (der einzige Eintrag, passt zeitlich ungefähr zum Auftreten des Problems): Code:
ATTFilter 02.02.2012 12:06:26 Echtzeit-Dateischutz Datei C:\USERS\GEORG\APPDATA\ROAMING\MICROSOFT\DLLHSTS.EXE möglicherweise Variante von Win32/Agent.DGHWBLW Trojaner Gesäubert durch Löschen - in Quarantäne kopiert Georgs-PC\Georg Ereignis aufgetreten beim Versuch, die Datei zu öffnen durch die Anwendung: C:\Windows\System32\WerFault.exe.
Code:
ATTFilter Avira / Linux Version 1.9.152.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.
engine set: 8.2.10.8
VDF Version: 7.11.24.194
key file: /AntiVir/rescue_cd.key
registered user: AntiVir Rescue System
serial number: 0000149995
key expires: Mär 27 2013
Scan start time: Di 06 Mär 2012 20:21:50 CET
Command line: /AntiVir/scancl --showall --recursion --log=/tmp/avira.log --defaultaction=ignore /media/503016EE3016DB34
auto excluding /sys from scanning (is a special fs)
auto excluding /proc from scanning (is a special fs)
WARNING: [Config file '/AntiVir/scancl.conf' is missing] Initialization
/media/503016EE3016DB34/Users/Georg/AppData/Local/Temp/0.14909437958645233.exe
Date: 05.01.2012 Time: 22:11:42 Size: 109056
ALERT: [TR/Ransom.EJ.48] /media/503016EE3016DB34/Users/Georg/AppData/Local/Temp/0.14909437958645233.exe <<< Is the Trojan horse TR/Ransom.EJ.48
/media/503016EE3016DB34/Users/Georg/AppData/Local/Temp/jar_cache3152356552050803454.tmp
Date: 05.12.2011 Time: 23:34:12 Size: 47608
ALERT: [TR/Kazy.4733621] /media/503016EE3016DB34/Users/Georg/AppData/Local/Temp/jar_cache3152356552050803454.tmp <<< Is the Trojan horse TR/Kazy.4733621
/media/503016EE3016DB34/Users/Georg/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/44/44abd6c-18d8e506
Date: 05.01.2012 Time: 22:11:41 Size: 109056
ALERT: [TR/Ransom.EJ.48] /media/503016EE3016DB34/Users/Georg/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/44/44abd6c-18d8e506 <<< Is the Trojan horse TR/Ransom.EJ.48
/media/503016EE3016DB34/Users/Georg/Lokale Einstellungen/Temp/0.14909437958645233.exe
Date: 05.01.2012 Time: 22:11:42 Size: 109056
ALERT: [TR/Ransom.EJ.48] /media/503016EE3016DB34/Users/Georg/Lokale Einstellungen/Temp/0.14909437958645233.exe <<< Is the Trojan horse TR/Ransom.EJ.48
/media/503016EE3016DB34/Users/Georg/Lokale Einstellungen/Temp/jar_cache3152356552050803454.tmp
Date: 05.12.2011 Time: 23:34:12 Size: 47608
ALERT: [TR/Kazy.4733621] /media/503016EE3016DB34/Users/Georg/Lokale Einstellungen/Temp/jar_cache3152356552050803454.tmp <<< Is the Trojan horse TR/Kazy.4733621
/media/503016EE3016DB34/Documents and Settings/Georg/AppData/Local/Temp/0.14909437958645233.exe
Date: 05.01.2012 Time: 22:11:42 Size: 109056
ALERT: [TR/Ransom.EJ.48] /media/503016EE3016DB34/Documents and Settings/Georg/AppData/Local/Temp/0.14909437958645233.exe <<< Is the Trojan horse TR/Ransom.EJ.48
/media/503016EE3016DB34/Documents and Settings/Georg/AppData/Local/Temp/jar_cache3152356552050803454.tmp
Date: 05.12.2011 Time: 23:34:12 Size: 47608
ALERT: [TR/Kazy.4733621] /media/503016EE3016DB34/Documents and Settings/Georg/AppData/Local/Temp/jar_cache3152356552050803454.tmp <<< Is the Trojan horse TR/Kazy.4733621
/media/503016EE3016DB34/Documents and Settings/Georg/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/44/44abd6c-18d8e506
Date: 05.01.2012 Time: 22:11:41 Size: 109056
ALERT: [TR/Ransom.EJ.48] /media/503016EE3016DB34/Documents and Settings/Georg/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/44/44abd6c-18d8e506 <<< Is the Trojan horse TR/Ransom.EJ.48
/media/503016EE3016DB34/Documents and Settings/Georg/Lokale Einstellungen/Temp/0.14909437958645233.exe
Date: 05.01.2012 Time: 22:11:42 Size: 109056
ALERT: [TR/Ransom.EJ.48] /media/503016EE3016DB34/Documents and Settings/Georg/Lokale Einstellungen/Temp/0.14909437958645233.exe <<< Is the Trojan horse TR/Ransom.EJ.48
/media/503016EE3016DB34/Documents and Settings/Georg/Lokale Einstellungen/Temp/jar_cache3152356552050803454.tmp
Date: 05.12.2011 Time: 23:34:12 Size: 47608
ALERT: [TR/Kazy.4733621] /media/503016EE3016DB34/Documents and Settings/Georg/Lokale Einstellungen/Temp/jar_cache3152356552050803454.tmp <<< Is the Trojan horse TR/Kazy.4733621
/media/503016EE3016DB34/Dokumente und Einstellungen/Georg/AppData/Local/Temp/0.14909437958645233.exe
Date: 05.01.2012 Time: 22:11:42 Size: 109056
ALERT: [TR/Ransom.EJ.48] /media/503016EE3016DB34/Dokumente und Einstellungen/Georg/AppData/Local/Temp/0.14909437958645233.exe <<< Is the Trojan horse TR/Ransom.EJ.48
/media/503016EE3016DB34/Dokumente und Einstellungen/Georg/AppData/Local/Temp/jar_cache3152356552050803454.tmp
Date: 05.12.2011 Time: 23:34:12 Size: 47608
ALERT: [TR/Kazy.4733621] /media/503016EE3016DB34/Dokumente und Einstellungen/Georg/AppData/Local/Temp/jar_cache3152356552050803454.tmp <<< Is the Trojan horse TR/Kazy.4733621
/media/503016EE3016DB34/Dokumente und Einstellungen/Georg/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/44/44abd6c-18d8e506
Date: 05.01.2012 Time: 22:11:41 Size: 109056
ALERT: [TR/Ransom.EJ.48] /media/503016EE3016DB34/Dokumente und Einstellungen/Georg/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/44/44abd6c-18d8e506 <<< Is the Trojan horse TR/Ransom.EJ.48
/media/503016EE3016DB34/Dokumente und Einstellungen/Georg/Lokale Einstellungen/Temp/0.14909437958645233.exe
Date: 05.01.2012 Time: 22:11:42 Size: 109056
ALERT: [TR/Ransom.EJ.48] /media/503016EE3016DB34/Dokumente und Einstellungen/Georg/Lokale Einstellungen/Temp/0.14909437958645233.exe <<< Is the Trojan horse TR/Ransom.EJ.48
/media/503016EE3016DB34/Dokumente und Einstellungen/Georg/Lokale Einstellungen/Temp/jar_cache3152356552050803454.tmp
Date: 05.12.2011 Time: 23:34:12 Size: 47608
ALERT: [TR/Kazy.4733621] /media/503016EE3016DB34/Dokumente und Einstellungen/Georg/Lokale Einstellungen/Temp/jar_cache3152356552050803454.tmp <<< Is the Trojan horse TR/Kazy.4733621
Statistics :
Directories............... : 57402
Files..................... : 277360
Infected.............. : 15
Ignored........... : 15
Warnings.............. : 0
Suspicious............ : 0
Infections................ : 15
Time...................... : 02:01:36
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.09.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Georg :: GEORGS-PC [Administrator] Schutz: Aktiviert 09.03.2012 15:51:39 mbam-log-2012-03-09 (15-51-39).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 366541 Laufzeit: 1 Stunde(n), 16 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 c:\users\georg\appdata\local\temp\qtinstallcode.log (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Danke + ich hoffe das hilft dir weiter, Klaus |
|
14.03.2012, 15:08
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 EUR Trojaner / ubd.exe CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.03.2012, 21:46
| #5 |
| | 50 EUR Trojaner / ubd.exe Hallo, und bitte sehr. OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.03.2012 20:52:29 - Run 1 OTL by OldTimer - Version 3.2.37.0 Folder = C:\Users\Georg\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 958,49 Mb Total Physical Memory | 294,68 Mb Available Physical Memory | 30,74% Memory free 1,94 Gb Paging File | 1,20 Gb Available in Paging File | 62,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 836,48 Gb Total Space | 728,36 Gb Free Space | 87,08% Space Free | Partition Type: NTFS Drive D: | 94,99 Gb Total Space | 8,41 Gb Free Space | 8,85% Space Free | Partition Type: NTFS Computer Name: GEORGS-PC | User Name: Georg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.15 20:49:46 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Downloads\OTL.exe PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.03.09 13:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2011.01.12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2006.04.06 20:19:28 | 000,745,472 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe ========== Modules (No Company Name) ========== MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2006.04.06 20:19:28 | 000,745,472 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe ========== Win32 Services (SafeList) ========== SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.03.09 13:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.01.12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\athur.sys -- (athur) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.12.21 15:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2010.12.21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2010.12.21 13:47:38 | 000,095,384 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.07.10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.07.13 23:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.03.27 17:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTLWUSB) DRV - [2006.03.27 17:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTL8187) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\..\SearchScopes\{0BE04A77-80D0-4353-B40C-DB57019FF9EB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.09 14:40:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.09 15:13:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.03.06 21:08:10 | 000,000,000 | ---D | M] [2011.03.22 21:43:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\mozilla\Extensions [2011.03.22 21:43:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.03.09 14:40:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\1ohbrm5s.default\extensions [2012.03.09 14:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.09 14:57:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} () (No name found) -- C:\USERS\GEORG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1OHBRM5S.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.03.09 14:40:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.09 14:57:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.03.09 14:40:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.09 14:40:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.09 14:40:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.09 14:40:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.09 14:40:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.09 14:40:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-21-3300651777-261631593-639968072-1000..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-21-3300651777-261631593-639968072-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3300651777-261631593-639968072-1000\..Trusted Domains: microsoft.com ([*.update] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3300651777-261631593-639968072-1000\..Trusted Domains: microsoft.com ([*.update] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3300651777-261631593-639968072-1000\..Trusted Domains: microsoft.com ([update] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3300651777-261631593-639968072-1000\..Trusted Domains: microsoft.com ([update] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3300651777-261631593-639968072-1000\..Trusted Domains: windowsupdate.com ([download] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80E7C3D2-16F0-4229-B2DE-D93A18881F54}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF7F8843-065F-48CA-B475-E779C2DD6CD4}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.08.20 01:58:30 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.09 15:46:37 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\Malwarebytes [2012.03.09 15:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.09 15:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.09 15:46:30 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.09 15:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.09 15:09:40 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Local\WindowsUpdate [2012.03.09 14:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.03.09 14:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.03.09 14:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.03.09 14:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.03.09 12:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.03.09 12:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.03.09 12:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes ========== Files - Modified Within 30 Days ========== [2012.03.15 20:54:07 | 002,076,840 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.15 20:54:07 | 001,030,302 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.15 20:54:07 | 000,570,360 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.15 20:54:07 | 000,501,866 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.15 20:48:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.15 20:48:37 | 753,786,880 | -HS- | M] () -- C:\hiberfil.sys [2012.03.13 21:17:45 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.13 21:17:45 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.13 21:10:20 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.09 18:36:37 | 000,000,907 | ---- | M] () -- C:\Users\Georg\Documents\gmer.zip [2012.03.09 18:36:20 | 000,001,268 | ---- | M] () -- C:\Users\Georg\Documents\Attach.zip [2012.03.09 17:37:08 | 000,000,465 | ---- | M] () -- C:\Users\Georg\Desktop\Verwaltung - Verknüpfung.lnk [2012.03.09 17:19:31 | 000,000,000 | ---- | M] () -- C:\Users\Georg\defogger_reenable [2012.03.09 17:08:03 | 000,007,634 | ---- | M] () -- C:\Users\Georg\AppData\Local\resmon.resmoncfg [2012.03.09 15:46:32 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.09 14:52:48 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.03.09 12:06:24 | 000,001,768 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [2012.03.09 12:04:38 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2012.03.09 18:36:37 | 000,000,907 | ---- | C] () -- C:\Users\Georg\Documents\gmer.zip [2012.03.09 18:36:20 | 000,001,268 | ---- | C] () -- C:\Users\Georg\Documents\Attach.zip [2012.03.09 17:37:08 | 000,000,465 | ---- | C] () -- C:\Users\Georg\Desktop\Verwaltung - Verknüpfung.lnk [2012.03.09 17:19:31 | 000,000,000 | ---- | C] () -- C:\Users\Georg\defogger_reenable [2012.03.09 15:46:32 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.09 14:52:48 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.03.09 14:52:48 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.03.09 12:04:38 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.09.15 00:37:20 | 000,000,404 | ---- | C] () -- C:\Windows\cdplayer.ini [2011.03.24 18:08:39 | 000,003,584 | ---- | C] () -- C:\Users\Georg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.16 22:25:15 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe [2011.03.10 22:34:49 | 000,007,634 | ---- | C] () -- C:\Users\Georg\AppData\Local\resmon.resmoncfg [2011.03.09 21:16:01 | 000,307,200 | ---- | C] () -- C:\Windows\SetACL.exe ========== LOP Check ========== [2011.03.18 21:18:04 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Canneverbe Limited [2011.12.12 20:49:54 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Canon [2011.09.15 00:50:53 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\freac [2011.09.15 00:27:34 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\gnupg [2011.03.17 22:12:52 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\SharePod [2011.03.16 22:25:35 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\SoftMaker [2011.03.14 22:58:57 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\TeamViewer [2011.03.22 21:43:20 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\TomTom [2011.11.20 17:05:44 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.03.09 22:26:49 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Adobe [2012.03.09 15:14:07 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Apple Computer [2011.03.18 21:18:04 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Canneverbe Limited [2011.12.12 20:49:54 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Canon [2011.12.05 09:47:57 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\dvdcss [2011.09.15 00:50:53 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\freac [2011.09.15 00:27:34 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\gnupg [2011.03.06 19:45:30 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Identities [2011.03.09 21:24:02 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Macromedia [2012.03.09 15:46:37 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Malwarebytes [2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Media Center Programs [2012.02.02 12:06:26 | 000,000,000 | --SD | M] -- C:\Users\Georg\AppData\Roaming\Microsoft [2011.03.06 21:16:11 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Mozilla [2011.03.17 22:12:52 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\SharePod [2011.03.16 22:25:35 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\SoftMaker [2011.03.14 22:58:57 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\TeamViewer [2011.03.22 21:43:20 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\TomTom [2012.02.08 16:28:32 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\vlc < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Die Extras.txt habe ich angehängt (falls sie auch benötigt wird). Gruss, Klaus |
|
16.03.2012, 00:03
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 EUR Trojaner / ubd.exe Ist ziemlich unauffällig... Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> 50 EUR Trojaner / ubd.exe |
|
16.03.2012, 19:16
| #7 |
| | 50 EUR Trojaner / ubd.exe Hallo Arne, danke für die erste Einschätzung. Anbei das TDSS-Killer Log. Ich habe nach der angemeckerten Datei EAPPkt gegoogelt -> die könnte zum normalerweise benutzten, aber z.Z. nicht angeschlossenen Netgear WLan Stick gehören. Gruss, Klaus Code:
ATTFilter 19:03:30.0253 2104 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
19:03:30.0582 2104 ============================================================
19:03:30.0582 2104 Current date / time: 2012/03/16 19:03:30.0582
19:03:30.0582 2104 SystemInfo:
19:03:30.0582 2104
19:03:30.0582 2104 OS Version: 6.1.7601 ServicePack: 1.0
19:03:30.0582 2104 Product type: Workstation
19:03:30.0582 2104 ComputerName: GEORGS-PC
19:03:30.0582 2104 UserName: Georg
19:03:30.0582 2104 Windows directory: C:\Windows
19:03:30.0582 2104 System windows directory: C:\Windows
19:03:30.0582 2104 Processor architecture: Intel x86
19:03:30.0582 2104 Number of processors: 2
19:03:30.0582 2104 Page size: 0x1000
19:03:30.0582 2104 Boot type: Normal boot
19:03:30.0582 2104 ============================================================
19:03:31.0800 2104 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:03:31.0816 2104 \Device\Harddisk0\DR0:
19:03:31.0816 2104 MBR used
19:03:31.0816 2104 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0xBDFA470
19:03:31.0816 2104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xBE12000, BlocksNum 0x688F4000
19:03:31.0910 2104 Initialize success
19:03:31.0910 2104 ============================================================
19:04:56.0375 3508 ============================================================
19:04:56.0375 3508 Scan started
19:04:56.0375 3508 Mode: Manual; SigCheck; TDLFS;
19:04:56.0375 3508 ============================================================
19:04:57.0735 3508 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:04:57.0907 3508 1394ohci - ok
19:04:57.0985 3508 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:04:58.0000 3508 ACPI - ok
19:04:58.0047 3508 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:04:58.0094 3508 AcpiPmi - ok
19:04:58.0204 3508 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:04:58.0219 3508 adp94xx - ok
19:04:58.0250 3508 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:04:58.0282 3508 adpahci - ok
19:04:58.0313 3508 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:04:58.0329 3508 adpu320 - ok
19:04:58.0391 3508 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:04:58.0454 3508 AFD - ok
19:04:58.0547 3508 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:04:58.0547 3508 agp440 - ok
19:04:58.0610 3508 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:04:58.0610 3508 aic78xx - ok
19:04:58.0654 3508 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:04:58.0669 3508 aliide - ok
19:04:58.0685 3508 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:04:58.0701 3508 amdagp - ok
19:04:58.0779 3508 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:04:58.0779 3508 amdide - ok
19:04:58.0810 3508 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:04:58.0873 3508 AmdK8 - ok
19:04:58.0904 3508 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:04:58.0919 3508 AmdPPM - ok
19:04:59.0013 3508 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:04:59.0029 3508 amdsata - ok
19:04:59.0060 3508 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:04:59.0076 3508 amdsbs - ok
19:04:59.0107 3508 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:04:59.0107 3508 amdxata - ok
19:04:59.0154 3508 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:04:59.0248 3508 AppID - ok
19:04:59.0388 3508 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:04:59.0404 3508 arc - ok
19:04:59.0419 3508 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:04:59.0435 3508 arcsas - ok
19:04:59.0466 3508 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:04:59.0576 3508 AsyncMac - ok
19:04:59.0661 3508 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:04:59.0676 3508 atapi - ok
19:04:59.0708 3508 athur - ok
19:04:59.0770 3508 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:04:59.0817 3508 b06bdrv - ok
19:04:59.0895 3508 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:04:59.0911 3508 b57nd60x - ok
19:04:59.0958 3508 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
19:04:59.0989 3508 bcm4sbxp - ok
19:05:00.0036 3508 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:05:00.0067 3508 Beep - ok
19:05:00.0098 3508 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:05:00.0114 3508 blbdrive - ok
19:05:00.0223 3508 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:05:00.0254 3508 bowser - ok
19:05:00.0286 3508 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:05:00.0333 3508 BrFiltLo - ok
19:05:00.0348 3508 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:05:00.0379 3508 BrFiltUp - ok
19:05:00.0458 3508 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:05:00.0504 3508 Brserid - ok
19:05:00.0520 3508 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:05:00.0551 3508 BrSerWdm - ok
19:05:00.0567 3508 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:05:00.0598 3508 BrUsbMdm - ok
19:05:00.0678 3508 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:05:00.0709 3508 BrUsbSer - ok
19:05:00.0741 3508 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:05:00.0756 3508 BTHMODEM - ok
19:05:00.0803 3508 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:05:00.0834 3508 cdfs - ok
19:05:00.0928 3508 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
19:05:00.0959 3508 cdrom - ok
19:05:01.0006 3508 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:05:01.0053 3508 circlass - ok
19:05:01.0084 3508 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:05:01.0100 3508 CLFS - ok
19:05:01.0194 3508 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:05:01.0209 3508 CmBatt - ok
19:05:01.0225 3508 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:05:01.0241 3508 cmdide - ok
19:05:01.0272 3508 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
19:05:01.0319 3508 CNG - ok
19:05:01.0350 3508 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:05:01.0366 3508 Compbatt - ok
19:05:01.0428 3508 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:05:01.0459 3508 CompositeBus - ok
19:05:01.0491 3508 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:05:01.0506 3508 crcdisk - ok
19:05:01.0569 3508 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:05:01.0616 3508 DfsC - ok
19:05:01.0663 3508 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:05:01.0709 3508 discache - ok
19:05:01.0788 3508 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:05:01.0803 3508 Disk - ok
19:05:01.0850 3508 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:05:01.0881 3508 drmkaud - ok
19:05:01.0944 3508 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:05:01.0959 3508 DXGKrnl - ok
19:05:02.0053 3508 eamonm (04cba07e73f152970fc34d66d3892e2a) C:\Windows\system32\DRIVERS\eamonm.sys
19:05:02.0428 3508 eamonm - ok
19:05:02.0522 3508 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:\Windows\system32\DRIVERS\EAPPkt.sys
19:05:02.0538 3508 EAPPkt ( UnsignedFile.Multi.Generic ) - warning
19:05:02.0538 3508 EAPPkt - detected UnsignedFile.Multi.Generic (1)
19:05:02.0631 3508 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:05:02.0709 3508 ebdrv - ok
19:05:02.0741 3508 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\Windows\system32\DRIVERS\ehdrv.sys
19:05:02.0756 3508 ehdrv - ok
19:05:02.0866 3508 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:05:02.0897 3508 elxstor - ok
19:05:02.0928 3508 epfwwfpr (ddb45f6371714601a43e8be38145be18) C:\Windows\system32\DRIVERS\epfwwfpr.sys
19:05:02.0944 3508 epfwwfpr - ok
19:05:02.0959 3508 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:05:02.0991 3508 ErrDev - ok
19:05:03.0100 3508 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:05:03.0131 3508 exfat - ok
19:05:03.0163 3508 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:05:03.0194 3508 fastfat - ok
19:05:03.0225 3508 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:05:03.0256 3508 fdc - ok
19:05:03.0272 3508 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:05:03.0288 3508 FileInfo - ok
19:05:03.0366 3508 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:05:03.0428 3508 Filetrace - ok
19:05:03.0444 3508 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:05:03.0475 3508 flpydisk - ok
19:05:03.0506 3508 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:05:03.0522 3508 FltMgr - ok
19:05:03.0538 3508 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:05:03.0553 3508 FsDepends - ok
19:05:03.0616 3508 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:05:03.0631 3508 Fs_Rec - ok
19:05:03.0663 3508 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:05:03.0678 3508 fvevol - ok
19:05:03.0714 3508 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:05:03.0730 3508 gagp30kx - ok
19:05:03.0777 3508 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:05:03.0777 3508 GEARAspiWDM - ok
19:05:03.0855 3508 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:05:03.0917 3508 hcw85cir - ok
19:05:03.0964 3508 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:05:03.0996 3508 HdAudAddService - ok
19:05:04.0027 3508 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:05:04.0058 3508 HDAudBus - ok
19:05:04.0136 3508 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:05:04.0167 3508 HidBatt - ok
19:05:04.0183 3508 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:05:04.0214 3508 HidBth - ok
19:05:04.0246 3508 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:05:04.0261 3508 HidIr - ok
19:05:04.0339 3508 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
19:05:04.0355 3508 HidUsb - ok
19:05:04.0386 3508 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:05:04.0402 3508 HpSAMD - ok
19:05:04.0449 3508 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:05:04.0496 3508 HTTP - ok
19:05:04.0527 3508 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:05:04.0527 3508 hwpolicy - ok
19:05:04.0605 3508 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
19:05:04.0636 3508 i8042prt - ok
19:05:04.0683 3508 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:05:04.0714 3508 iaStorV - ok
19:05:04.0747 3508 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:05:04.0762 3508 iirsp - ok
19:05:04.0793 3508 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:05:04.0793 3508 intelide - ok
19:05:04.0872 3508 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:05:04.0903 3508 intelppm - ok
19:05:04.0918 3508 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:05:04.0965 3508 IpFilterDriver - ok
19:05:05.0012 3508 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:05:05.0028 3508 IPMIDRV - ok
19:05:05.0106 3508 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:05:05.0153 3508 IPNAT - ok
19:05:05.0200 3508 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:05:05.0231 3508 IRENUM - ok
19:05:05.0262 3508 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:05:05.0278 3508 isapnp - ok
19:05:05.0340 3508 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:05:05.0372 3508 iScsiPrt - ok
19:05:05.0387 3508 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:05:05.0403 3508 kbdclass - ok
19:05:05.0434 3508 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
19:05:05.0465 3508 kbdhid - ok
19:05:05.0481 3508 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
19:05:05.0497 3508 KSecDD - ok
19:05:05.0559 3508 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
19:05:05.0575 3508 KSecPkg - ok
19:05:05.0637 3508 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:05:05.0684 3508 lltdio - ok
19:05:05.0731 3508 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:05:05.0731 3508 LSI_FC - ok
19:05:05.0762 3508 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:05:05.0778 3508 LSI_SAS - ok
19:05:05.0856 3508 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:05:05.0856 3508 LSI_SAS2 - ok
19:05:05.0887 3508 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:05:05.0887 3508 LSI_SCSI - ok
19:05:05.0934 3508 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:05:05.0965 3508 luafv - ok
19:05:06.0075 3508 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
19:05:06.0106 3508 MBAMProtector - ok
19:05:06.0137 3508 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:05:06.0153 3508 megasas - ok
19:05:06.0168 3508 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:05:06.0184 3508 MegaSR - ok
19:05:06.0215 3508 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:05:06.0262 3508 Modem - ok
19:05:06.0340 3508 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:05:06.0372 3508 monitor - ok
19:05:06.0403 3508 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
19:05:06.0418 3508 mouclass - ok
19:05:06.0434 3508 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:05:06.0465 3508 mouhid - ok
19:05:06.0497 3508 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:05:06.0512 3508 mountmgr - ok
19:05:06.0575 3508 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:05:06.0590 3508 mpio - ok
19:05:06.0622 3508 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:05:06.0668 3508 mpsdrv - ok
19:05:06.0684 3508 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:05:06.0731 3508 MRxDAV - ok
19:05:06.0762 3508 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:05:06.0809 3508 mrxsmb - ok
19:05:06.0903 3508 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:05:06.0950 3508 mrxsmb10 - ok
19:05:06.0965 3508 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:05:06.0981 3508 mrxsmb20 - ok
19:05:07.0012 3508 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:05:07.0012 3508 msahci - ok
19:05:07.0043 3508 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:05:07.0075 3508 msdsm - ok
19:05:07.0168 3508 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:05:07.0200 3508 Msfs - ok
19:05:07.0215 3508 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:05:07.0262 3508 mshidkmdf - ok
19:05:07.0278 3508 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:05:07.0309 3508 msisadrv - ok
19:05:07.0403 3508 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:05:07.0434 3508 MSKSSRV - ok
19:05:07.0465 3508 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:05:07.0497 3508 MSPCLOCK - ok
19:05:07.0497 3508 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:05:07.0543 3508 MSPQM - ok
19:05:07.0559 3508 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:05:07.0575 3508 MsRPC - ok
19:05:07.0606 3508 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:05:07.0622 3508 mssmbios - ok
19:05:07.0700 3508 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:05:07.0731 3508 MSTEE - ok
19:05:07.0762 3508 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:05:07.0778 3508 MTConfig - ok
19:05:07.0809 3508 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:05:07.0825 3508 Mup - ok
19:05:07.0887 3508 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:05:07.0918 3508 NativeWifiP - ok
19:05:07.0981 3508 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:05:08.0012 3508 NDIS - ok
19:05:08.0043 3508 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:05:08.0090 3508 NdisCap - ok
19:05:08.0153 3508 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:05:08.0200 3508 NdisTapi - ok
19:05:08.0247 3508 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:05:08.0278 3508 Ndisuio - ok
19:05:08.0309 3508 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:05:08.0340 3508 NdisWan - ok
19:05:08.0356 3508 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:05:08.0403 3508 NDProxy - ok
19:05:08.0481 3508 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:05:08.0528 3508 NetBIOS - ok
19:05:08.0543 3508 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:05:08.0590 3508 NetBT - ok
19:05:08.0637 3508 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:05:08.0653 3508 nfrd960 - ok
19:05:08.0747 3508 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:05:08.0795 3508 Npfs - ok
19:05:08.0811 3508 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:05:08.0858 3508 nsiproxy - ok
19:05:08.0920 3508 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:05:08.0952 3508 Ntfs - ok
19:05:08.0983 3508 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:05:09.0014 3508 Null - ok
19:05:09.0280 3508 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:05:09.0545 3508 nvlddmkm - ok
19:05:09.0639 3508 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:05:09.0655 3508 nvraid - ok
19:05:09.0670 3508 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:05:09.0686 3508 nvstor - ok
19:05:09.0717 3508 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:05:09.0733 3508 nv_agp - ok
19:05:09.0749 3508 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:05:09.0764 3508 ohci1394 - ok
19:05:09.0811 3508 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:05:09.0827 3508 Parport - ok
19:05:09.0905 3508 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
19:05:09.0920 3508 partmgr - ok
19:05:09.0936 3508 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:05:09.0952 3508 Parvdm - ok
19:05:09.0999 3508 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:05:10.0014 3508 pci - ok
19:05:10.0030 3508 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:05:10.0030 3508 pciide - ok
19:05:10.0061 3508 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:05:10.0077 3508 pcmcia - ok
19:05:10.0155 3508 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:05:10.0170 3508 pcw - ok
19:05:10.0186 3508 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:05:10.0249 3508 PEAUTH - ok
19:05:10.0327 3508 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:05:10.0374 3508 PptpMiniport - ok
19:05:10.0436 3508 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:05:10.0483 3508 Processor - ok
19:05:10.0514 3508 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:05:10.0545 3508 Psched - ok
19:05:10.0592 3508 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:05:10.0639 3508 ql2300 - ok
19:05:10.0702 3508 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:05:10.0717 3508 ql40xx - ok
19:05:10.0733 3508 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:05:10.0764 3508 QWAVEdrv - ok
19:05:10.0780 3508 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:05:10.0811 3508 RasAcd - ok
19:05:10.0842 3508 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:05:10.0874 3508 RasAgileVpn - ok
19:05:10.0920 3508 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:05:10.0952 3508 Rasl2tp - ok
19:05:11.0030 3508 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:05:11.0077 3508 RasPppoe - ok
19:05:11.0092 3508 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:05:11.0124 3508 RasSstp - ok
19:05:11.0155 3508 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:05:11.0202 3508 rdbss - ok
19:05:11.0264 3508 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:05:11.0295 3508 rdpbus - ok
19:05:11.0389 3508 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:05:11.0436 3508 RDPCDD - ok
19:05:11.0452 3508 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:05:11.0499 3508 RDPENCDD - ok
19:05:11.0514 3508 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:05:11.0545 3508 RDPREFMP - ok
19:05:11.0624 3508 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
19:05:11.0686 3508 RDPWD - ok
19:05:11.0717 3508 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:05:11.0733 3508 rdyboost - ok
19:05:11.0864 3508 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:05:11.0911 3508 rspndr - ok
19:05:11.0942 3508 RTL8187 (691db86b09e13ca5d3e8881141738cc5) C:\Windows\system32\DRIVERS\wg111v2.sys
19:05:12.0004 3508 RTL8187 - ok
19:05:12.0004 3508 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\Windows\system32\DRIVERS\wg111v2.sys
19:05:12.0036 3508 RTLWUSB - ok
19:05:12.0114 3508 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:05:12.0129 3508 sbp2port - ok
19:05:12.0161 3508 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:05:12.0208 3508 scfilter - ok
19:05:12.0254 3508 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:05:12.0301 3508 secdrv - ok
19:05:12.0395 3508 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:05:12.0411 3508 Serenum - ok
19:05:12.0442 3508 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:05:12.0458 3508 Serial - ok
19:05:12.0489 3508 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:05:12.0504 3508 sermouse - ok
19:05:12.0551 3508 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:05:12.0567 3508 sffdisk - ok
19:05:12.0645 3508 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:05:12.0676 3508 sffp_mmc - ok
19:05:12.0692 3508 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:05:12.0739 3508 sffp_sd - ok
19:05:12.0754 3508 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:05:12.0786 3508 sfloppy - ok
19:05:12.0879 3508 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:05:12.0879 3508 sisagp - ok
19:05:12.0911 3508 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:05:12.0926 3508 SiSRaid2 - ok
19:05:12.0942 3508 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:05:12.0958 3508 SiSRaid4 - ok
19:05:12.0989 3508 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:05:13.0036 3508 Smb - ok
19:05:13.0129 3508 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:05:13.0145 3508 spldr - ok
19:05:13.0192 3508 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:05:13.0254 3508 srv - ok
19:05:13.0286 3508 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:05:13.0317 3508 srv2 - ok
19:05:13.0379 3508 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:05:13.0411 3508 srvnet - ok
19:05:13.0442 3508 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:05:13.0458 3508 stexstor - ok
19:05:13.0504 3508 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:05:13.0504 3508 swenum - ok
19:05:13.0629 3508 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
19:05:13.0676 3508 Tcpip - ok
19:05:13.0708 3508 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
19:05:13.0739 3508 TCPIP6 - ok
19:05:13.0770 3508 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:05:13.0801 3508 tcpipreg - ok
19:05:13.0841 3508 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:05:13.0857 3508 TDPIPE - ok
19:05:13.0935 3508 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
19:05:13.0966 3508 TDTCP - ok
19:05:13.0982 3508 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:05:14.0029 3508 tdx - ok
19:05:14.0060 3508 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:05:14.0076 3508 TermDD - ok
19:05:14.0216 3508 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:05:14.0263 3508 tssecsrv - ok
19:05:14.0294 3508 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:05:14.0341 3508 TsUsbFlt - ok
19:05:14.0373 3508 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:05:14.0404 3508 tunnel - ok
19:05:14.0482 3508 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:05:14.0498 3508 uagp35 - ok
19:05:14.0529 3508 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:05:14.0576 3508 udfs - ok
19:05:14.0623 3508 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:05:14.0638 3508 uliagpkx - ok
19:05:14.0654 3508 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:05:14.0669 3508 umbus - ok
19:05:14.0748 3508 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:05:14.0763 3508 UmPass - ok
19:05:14.0810 3508 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:05:14.0841 3508 usbccgp - ok
19:05:14.0857 3508 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:05:14.0888 3508 usbcir - ok
19:05:14.0919 3508 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:05:14.0951 3508 usbehci - ok
19:05:15.0029 3508 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:05:15.0044 3508 usbhub - ok
19:05:15.0076 3508 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
19:05:15.0107 3508 usbohci - ok
19:05:15.0138 3508 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:05:15.0154 3508 usbprint - ok
19:05:15.0201 3508 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
19:05:15.0216 3508 usbscan - ok
19:05:15.0279 3508 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:05:15.0341 3508 USBSTOR - ok
19:05:15.0357 3508 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
19:05:15.0404 3508 usbuhci - ok
19:05:15.0451 3508 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:05:15.0466 3508 vdrvroot - ok
19:05:15.0529 3508 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:05:15.0560 3508 vga - ok
19:05:15.0576 3508 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:05:15.0607 3508 VgaSave - ok
19:05:15.0623 3508 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:05:15.0654 3508 vhdmp - ok
19:05:15.0685 3508 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:05:15.0701 3508 viaagp - ok
19:05:15.0763 3508 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:05:15.0779 3508 ViaC7 - ok
19:05:15.0794 3508 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:05:15.0810 3508 viaide - ok
19:05:15.0826 3508 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:05:15.0841 3508 volmgr - ok
19:05:15.0857 3508 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:05:15.0888 3508 volmgrx - ok
19:05:15.0951 3508 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:05:15.0966 3508 volsnap - ok
19:05:16.0029 3508 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:05:16.0044 3508 vsmraid - ok
19:05:16.0060 3508 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:05:16.0091 3508 vwifibus - ok
19:05:16.0154 3508 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
19:05:16.0169 3508 vwififlt - ok
19:05:16.0201 3508 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:05:16.0232 3508 WacomPen - ok
19:05:16.0279 3508 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:05:16.0310 3508 WANARP - ok
19:05:16.0310 3508 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:05:16.0341 3508 Wanarpv6 - ok
19:05:16.0373 3508 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:05:16.0388 3508 Wd - ok
19:05:16.0419 3508 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:05:16.0435 3508 Wdf01000 - ok
19:05:16.0560 3508 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:05:16.0591 3508 WfpLwf - ok
19:05:16.0623 3508 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:05:16.0638 3508 WIMMount - ok
19:05:16.0685 3508 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:05:16.0716 3508 WmiAcpi - ok
19:05:16.0826 3508 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:05:16.0873 3508 ws2ifsl - ok
19:05:16.0919 3508 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:05:16.0966 3508 WudfPf - ok
19:05:16.0982 3508 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:05:17.0044 3508 WUDFRd - ok
19:05:17.0091 3508 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:05:17.0232 3508 \Device\Harddisk0\DR0 - ok
19:05:17.0248 3508 Boot (0x1200) (59d0ba52875339f46879bc5f800e688a) \Device\Harddisk0\DR0\Partition0
19:05:17.0248 3508 \Device\Harddisk0\DR0\Partition0 - ok
19:05:17.0263 3508 Boot (0x1200) (f77d1d7bde9157351d016d602220329e) \Device\Harddisk0\DR0\Partition1
19:05:17.0279 3508 \Device\Harddisk0\DR0\Partition1 - ok
19:05:17.0279 3508 ============================================================
19:05:17.0279 3508 Scan finished
19:05:17.0279 3508 ============================================================
19:05:17.0294 2288 Detected object count: 1
19:05:17.0294 2288 Actual detected object count: 1
19:08:26.0958 2288 EAPPkt ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:26.0958 2288 EAPPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
16.03.2012, 19:29
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 EUR Trojaner / ubd.exe Auch unauffällig. Müssen wir tiefer graben?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2012, 22:09
| #9 |
| | 50 EUR Trojaner / ubd.exe Von mir aus eher nicht. Mein Eindruck ist mittlerweile das der Rechner mit hoher Wahrscheinlichkeit sauber ist. Wenn du das auch so siehst sind wir durch. Vielen Dank nochmal, Spende ist unterwegs, Klaus |
|
| Themen zu 50 EUR Trojaner / ubd.exe |
| acrobat update, administrator, adobe, antivirus, avira, bonjour, dateisystem, defender, desinfec't, eset nod32, explorer, extension.mismatch, firefox, gmer.log, google, heuristiks/extra, heuristiks/shuriken, home, kaspersky, log, mozilla, netgear, ordner, pdf, picasa, plug-in, prozess, realtek, rescue cd, scan, svchost.exe, temp, trojaner, usb, usb 2.0, vista, windows 7 home, windows 7 home premium, wmp |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
