Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen

Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen


Log-Analyse und Auswertung: Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 2 von 2 1 2
Alt 23.02.2012, 14:01   #16
casjopaja
 
Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen - Standard

Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen


Hier das Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{992312bc-3176-11e1-b5ed-00164116dbdb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{992312bc-3176-11e1-b5ed-00164116dbdb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{992312bc-3176-11e1-b5ed-00164116dbdb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{992312bc-3176-11e1-b5ed-00164116dbdb}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{992312c4-3176-11e1-b5ed-00164116dbdb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{992312c4-3176-11e1-b5ed-00164116dbdb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{992312c4-3176-11e1-b5ed-00164116dbdb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{992312c4-3176-11e1-b5ed-00164116dbdb}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b975d731-d3f9-11e0-9586-00164116dbdb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b975d731-d3f9-11e0-9586-00164116dbdb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b975d731-d3f9-11e0-9586-00164116dbdb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b975d731-d3f9-11e0-9586-00164116dbdb}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\index.html not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: aif
->Temp folder emptied: 94407 bytes
->Temporary Internet Files folder emptied: 15800749 bytes
->Flash cache emptied: 56823 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: sun
->Temp folder emptied: 15482056 bytes
->Temporary Internet Files folder emptied: 74591667 bytes
->Java cache emptied: 1410120 bytes
->FireFox cache emptied: 54410199 bytes
->Opera cache emptied: 1688587 bytes
->Flash cache emptied: 8390765 bytes
 
User: sun.CONTINUUM
->Temp folder emptied: 49724 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 20083424 bytes
->Flash cache emptied: 56931 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17525024 bytes
RecycleBin emptied: 2603754962 bytes
 
Total Files Cleaned = 2.683,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.1 log created on 02232012_135657

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 23.02.2012, 14:26   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen - Standard

Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________

__________________
Alt 23.02.2012, 15:12   #18
casjopaja
 
Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen - Standard

Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen


Der hat auch nix gefunden
Code:
ATTFilter
15:08:28.0644 4032	TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
15:08:28.0987 4032	============================================================
15:08:28.0987 4032	Current date / time: 2012/02/23 15:08:28.0987
15:08:28.0987 4032	SystemInfo:
15:08:28.0987 4032	
15:08:28.0987 4032	OS Version: 6.1.7601 ServicePack: 1.0
15:08:28.0987 4032	Product type: Workstation
15:08:28.0987 4032	ComputerName: CONTINUUM93
15:08:28.0987 4032	UserName: sun
15:08:28.0987 4032	Windows directory: C:\Windows
15:08:28.0987 4032	System windows directory: C:\Windows
15:08:28.0987 4032	Processor architecture: Intel x86
15:08:28.0987 4032	Number of processors: 2
15:08:28.0987 4032	Page size: 0x1000
15:08:28.0987 4032	Boot type: Normal boot
15:08:28.0987 4032	============================================================
15:08:30.0833 4032	Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
15:08:30.0838 4032	\Device\Harddisk0\DR0:
15:08:30.0838 4032	MBR used
15:08:30.0838 4032	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB092686
15:08:30.0908 4032	Initialize success
15:08:30.0908 4032	============================================================
15:09:28.0118 0884	============================================================
15:09:28.0118 0884	Scan started
15:09:28.0118 0884	Mode: Manual; SigCheck; TDLFS; 
15:09:28.0118 0884	============================================================
15:09:29.0569 0884	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
15:09:29.0694 0884	1394ohci - ok
15:09:29.0772 0884	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:09:29.0819 0884	ACPI - ok
15:09:30.0287 0884	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
15:09:30.0365 0884	AcpiPmi - ok
15:09:30.0567 0884	adfs            (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
15:09:30.0583 0884	adfs - ok
15:09:30.0661 0884	ADIHdAudAddService (6c61bceb60c2c187e6f96001fd69493e) C:\Windows\system32\drivers\ADIHdAud.sys
15:09:30.0723 0884	ADIHdAudAddService - ok
15:09:30.0973 0884	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:09:31.0004 0884	adp94xx - ok
15:09:31.0035 0884	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:09:31.0067 0884	adpahci - ok
15:09:31.0098 0884	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:09:31.0113 0884	adpu320 - ok
15:09:31.0285 0884	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
15:09:31.0347 0884	AFD - ok
15:09:31.0394 0884	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
15:09:31.0410 0884	agp440 - ok
15:09:31.0472 0884	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:09:31.0488 0884	aic78xx - ok
15:09:31.0691 0884	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
15:09:31.0706 0884	aliide - ok
15:09:31.0722 0884	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
15:09:31.0737 0884	amdagp - ok
15:09:31.0769 0884	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
15:09:31.0784 0884	amdide - ok
15:09:31.0847 0884	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:09:31.0925 0884	AmdK8 - ok
15:09:32.0034 0884	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:09:32.0081 0884	AmdPPM - ok
15:09:32.0159 0884	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
15:09:32.0174 0884	amdsata - ok
15:09:32.0221 0884	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:09:32.0252 0884	amdsbs - ok
15:09:32.0283 0884	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
15:09:32.0283 0884	amdxata - ok
15:09:32.0517 0884	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
15:09:32.0564 0884	AppID - ok
15:09:32.0689 0884	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:09:32.0705 0884	arc - ok
15:09:32.0736 0884	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:09:32.0751 0884	arcsas - ok
15:09:32.0892 0884	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:09:33.0032 0884	AsyncMac - ok
15:09:33.0157 0884	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:09:33.0173 0884	atapi - ok
15:09:33.0329 0884	atikmdag        (107d6792a9473b9bfb553b0465460564) C:\Windows\system32\DRIVERS\atikmdag.sys
15:09:33.0453 0884	atikmdag - ok
15:09:33.0687 0884	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
15:09:33.0719 0884	avgntflt - ok
15:09:33.0765 0884	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
15:09:33.0781 0884	avipbb - ok
15:09:33.0812 0884	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
15:09:33.0828 0884	avkmgr - ok
15:09:33.0999 0884	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:09:34.0062 0884	b06bdrv - ok
15:09:34.0109 0884	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:09:34.0124 0884	b57nd60x - ok
15:09:34.0327 0884	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:09:34.0374 0884	Beep - ok
15:09:34.0421 0884	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:09:34.0452 0884	blbdrive - ok
15:09:34.0514 0884	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
15:09:34.0623 0884	bowser - ok
15:09:34.0795 0884	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:09:34.0873 0884	BrFiltLo - ok
15:09:34.0904 0884	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:09:34.0935 0884	BrFiltUp - ok
15:09:34.0982 0884	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:09:35.0045 0884	Brserid - ok
15:09:35.0185 0884	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:09:35.0232 0884	BrSerWdm - ok
15:09:35.0279 0884	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:09:35.0357 0884	BrUsbMdm - ok
15:09:35.0710 0884	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:09:35.0756 0884	BrUsbSer - ok
15:09:35.0850 0884	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:09:35.0897 0884	BTHMODEM - ok
15:09:36.0053 0884	CamDrL          (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\Windows\system32\DRIVERS\Camdrl.sys
15:09:36.0100 0884	CamDrL - ok
15:09:36.0256 0884	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:09:36.0302 0884	cdfs - ok
15:09:36.0396 0884	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
15:09:36.0450 0884	cdrom - ok
15:09:36.0625 0884	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:09:36.0665 0884	circlass - ok
15:09:36.0711 0884	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:09:36.0727 0884	CLFS - ok
15:09:36.0964 0884	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:09:36.0979 0884	CmBatt - ok
15:09:37.0026 0884	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
15:09:37.0042 0884	cmdide - ok
15:09:37.0104 0884	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
15:09:37.0135 0884	CNG - ok
15:09:37.0182 0884	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:09:37.0198 0884	Compbatt - ok
15:09:37.0338 0884	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
15:09:37.0369 0884	CompositeBus - ok
15:09:37.0447 0884	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:09:37.0463 0884	crcdisk - ok
15:09:37.0635 0884	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
15:09:37.0713 0884	CSC - ok
15:09:37.0791 0884	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
15:09:37.0837 0884	DfsC - ok
15:09:38.0025 0884	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:09:38.0087 0884	discache - ok
15:09:38.0134 0884	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:09:38.0149 0884	Disk - ok
15:09:38.0243 0884	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:09:38.0290 0884	drmkaud - ok
15:09:38.0461 0884	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
15:09:38.0508 0884	DXGKrnl - ok
15:09:38.0695 0884	e1express       (e1eee3216482db7db5666125c3969cd0) C:\Windows\system32\DRIVERS\e1e6232.sys
15:09:38.0711 0884	e1express - ok
15:09:38.0867 0884	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:09:38.0976 0884	ebdrv - ok
15:09:39.0210 0884	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:09:39.0241 0884	elxstor - ok
15:09:39.0304 0884	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
15:09:39.0351 0884	ErrDev - ok
15:09:39.0413 0884	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:09:39.0460 0884	exfat - ok
15:09:39.0616 0884	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:09:39.0678 0884	fastfat - ok
15:09:39.0725 0884	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:09:39.0756 0884	fdc - ok
15:09:39.0803 0884	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:09:39.0819 0884	FileInfo - ok
15:09:39.0975 0884	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:09:40.0021 0884	Filetrace - ok
15:09:40.0068 0884	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:09:40.0099 0884	flpydisk - ok
15:09:40.0146 0884	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:09:40.0177 0884	FltMgr - ok
15:09:40.0240 0884	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:09:40.0255 0884	FsDepends - ok
15:09:40.0380 0884	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:09:40.0396 0884	Fs_Rec - ok
15:09:40.0458 0884	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
15:09:40.0489 0884	fvevol - ok
15:09:40.0521 0884	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:09:40.0536 0884	gagp30kx - ok
15:09:40.0599 0884	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:09:40.0614 0884	GEARAspiWDM - ok
15:09:40.0770 0884	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:09:40.0817 0884	hcw85cir - ok
15:09:40.0942 0884	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
15:09:40.0989 0884	HdAudAddService - ok
15:09:41.0067 0884	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
15:09:41.0113 0884	HDAudBus - ok
15:09:41.0145 0884	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:09:41.0160 0884	HidBatt - ok
15:09:41.0269 0884	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:09:41.0316 0884	HidBth - ok
15:09:41.0347 0884	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:09:41.0394 0884	HidIr - ok
15:09:41.0488 0884	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
15:09:41.0503 0884	HidUsb - ok
15:09:41.0659 0884	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
15:09:41.0675 0884	HpSAMD - ok
15:09:41.0737 0884	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
15:09:41.0784 0884	HTTP - ok
15:09:41.0893 0884	hwdatacard      (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:09:41.0956 0884	hwdatacard - ok
15:09:42.0112 0884	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
15:09:42.0127 0884	hwpolicy - ok
15:09:42.0205 0884	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
15:09:42.0237 0884	i8042prt - ok
15:09:42.0361 0884	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
15:09:42.0393 0884	iaStorV - ok
15:09:42.0533 0884	IBMPMDRV        (bf648877413f6160e480814a24942b65) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
15:09:42.0549 0884	IBMPMDRV - ok
15:09:42.0642 0884	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:09:42.0658 0884	iirsp - ok
15:09:42.0736 0884	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
15:09:42.0736 0884	intelide - ok
15:09:42.0845 0884	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:09:42.0876 0884	intelppm - ok
15:09:42.0939 0884	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:09:42.0985 0884	IpFilterDriver - ok
15:09:43.0063 0884	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
15:09:43.0110 0884	IPMIDRV - ok
15:09:43.0219 0884	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:09:43.0266 0884	IPNAT - ok
15:09:43.0329 0884	irda            (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
15:09:43.0422 0884	irda - ok
15:09:43.0563 0884	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:09:43.0594 0884	IRENUM - ok
15:09:43.0656 0884	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
15:09:43.0672 0884	isapnp - ok
15:09:43.0734 0884	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
15:09:43.0750 0884	iScsiPrt - ok
15:09:43.0797 0884	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:09:43.0812 0884	kbdclass - ok
15:09:43.0937 0884	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
15:09:43.0984 0884	kbdhid - ok
15:09:44.0077 0884	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
15:09:44.0093 0884	KSecDD - ok
15:09:44.0140 0884	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
15:09:44.0155 0884	KSecPkg - ok
15:09:44.0327 0884	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:09:44.0389 0884	lltdio - ok
15:09:44.0452 0884	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:09:44.0467 0884	LSI_FC - ok
15:09:44.0514 0884	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:09:44.0530 0884	LSI_SAS - ok
15:09:44.0545 0884	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:09:44.0561 0884	LSI_SAS2 - ok
15:09:44.0592 0884	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:09:44.0608 0884	LSI_SCSI - ok
15:09:44.0733 0884	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:09:44.0779 0884	luafv - ok
15:09:44.0873 0884	LVUSBSta        (64bc29c3a0388bfc580bb8b1346f7659) C:\Windows\system32\drivers\LVUSBSta.sys
15:09:44.0889 0884	LVUSBSta - ok
15:09:44.0951 0884	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
15:09:44.0967 0884	MBAMProtector - ok
15:09:45.0076 0884	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:09:45.0091 0884	megasas - ok
15:09:45.0169 0884	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:09:45.0185 0884	MegaSR - ok
15:09:45.0232 0884	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:09:45.0294 0884	Modem - ok
15:09:45.0419 0884	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:09:45.0450 0884	monitor - ok
15:09:45.0528 0884	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:09:45.0544 0884	mouclass - ok
15:09:45.0575 0884	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:09:45.0622 0884	mouhid - ok
15:09:45.0793 0884	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
15:09:45.0809 0884	mountmgr - ok
15:09:46.0168 0884	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
15:09:46.0183 0884	mpio - ok
15:09:46.0308 0884	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:09:46.0371 0884	mpsdrv - ok
15:09:46.0402 0884	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
15:09:46.0495 0884	MRxDAV - ok
15:09:46.0667 0884	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:09:46.0714 0884	mrxsmb - ok
15:09:46.0776 0884	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:09:46.0807 0884	mrxsmb10 - ok
15:09:46.0854 0884	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:09:46.0885 0884	mrxsmb20 - ok
15:09:47.0041 0884	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
15:09:47.0057 0884	msahci - ok
15:09:47.0119 0884	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
15:09:47.0135 0884	msdsm - ok
15:09:47.0197 0884	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:09:47.0229 0884	Msfs - ok
15:09:47.0260 0884	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:09:47.0307 0884	mshidkmdf - ok
15:09:47.0338 0884	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
15:09:47.0353 0884	msisadrv - ok
15:09:47.0525 0884	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:09:47.0587 0884	MSKSSRV - ok
15:09:47.0619 0884	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:09:47.0650 0884	MSPCLOCK - ok
15:09:47.0697 0884	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:09:47.0759 0884	MSPQM - ok
15:09:47.0806 0884	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:09:47.0821 0884	MsRPC - ok
15:09:47.0962 0884	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
15:09:47.0977 0884	mssmbios - ok
15:09:48.0040 0884	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:09:48.0087 0884	MSTEE - ok
15:09:48.0118 0884	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:09:48.0149 0884	MTConfig - ok
15:09:48.0196 0884	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:09:48.0196 0884	Mup - ok
15:09:48.0383 0884	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:09:48.0414 0884	NativeWifiP - ok
15:09:48.0492 0884	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
15:09:48.0523 0884	NDIS - ok
15:09:48.0711 0884	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:09:48.0757 0884	NdisCap - ok
15:09:48.0804 0884	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:09:48.0867 0884	NdisTapi - ok
15:09:48.0913 0884	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
15:09:48.0945 0884	Ndisuio - ok
15:09:49.0085 0884	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
15:09:49.0132 0884	NdisWan - ok
15:09:49.0179 0884	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
15:09:49.0210 0884	NDProxy - ok
15:09:49.0272 0884	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:09:49.0335 0884	NetBIOS - ok
15:09:49.0475 0884	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
15:09:49.0537 0884	NetBT - ok
15:09:49.0759 0884	netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
15:09:49.0949 0884	netw5v32 - ok
15:09:50.0134 0884	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:09:50.0149 0884	nfrd960 - ok
15:09:50.0192 0884	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:09:50.0252 0884	Npfs - ok
15:09:50.0384 0884	NSCIRDA         (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
15:09:50.0444 0884	NSCIRDA - ok
15:09:50.0569 0884	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:09:50.0624 0884	nsiproxy - ok
15:09:50.0712 0884	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
15:09:50.0767 0884	Ntfs - ok
15:09:50.0899 0884	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:09:50.0950 0884	Null - ok
15:09:51.0035 0884	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
15:09:51.0053 0884	nvraid - ok
15:09:51.0085 0884	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
15:09:51.0105 0884	nvstor - ok
15:09:51.0275 0884	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
15:09:51.0293 0884	nv_agp - ok
15:09:51.0345 0884	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
15:09:51.0385 0884	ohci1394 - ok
15:09:51.0588 0884	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:09:51.0623 0884	Parport - ok
15:09:51.0670 0884	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
15:09:51.0685 0884	partmgr - ok
15:09:51.0713 0884	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:09:51.0753 0884	Parvdm - ok
15:09:51.0805 0884	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
15:09:51.0823 0884	pci - ok
15:09:51.0933 0884	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
15:09:51.0948 0884	pciide - ok
15:09:52.0028 0884	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:09:52.0048 0884	pcmcia - ok
15:09:52.0080 0884	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:09:52.0095 0884	pcw - ok
15:09:52.0138 0884	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:09:52.0210 0884	PEAUTH - ok
15:09:52.0440 0884	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:09:52.0495 0884	PptpMiniport - ok
15:09:52.0525 0884	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:09:52.0565 0884	Processor - ok
15:09:52.0628 0884	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:09:52.0688 0884	Psched - ok
15:09:52.0815 0884	PxHelp20        (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
15:09:52.0830 0884	PxHelp20 - ok
15:09:53.0075 0884	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:09:53.0138 0884	ql2300 - ok
15:09:53.0328 0884	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:09:53.0345 0884	ql40xx - ok
15:09:53.0385 0884	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:09:53.0408 0884	QWAVEdrv - ok
15:09:53.0430 0884	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:09:53.0483 0884	RasAcd - ok
15:09:53.0553 0884	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:09:53.0608 0884	RasAgileVpn - ok
15:09:53.0768 0884	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:09:53.0828 0884	Rasl2tp - ok
15:09:53.0880 0884	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:09:53.0940 0884	RasPppoe - ok
15:09:53.0988 0884	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:09:54.0040 0884	RasSstp - ok
15:09:54.0200 0884	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
15:09:54.0258 0884	rdbss - ok
15:09:54.0300 0884	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:09:54.0345 0884	rdpbus - ok
15:09:54.0393 0884	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:09:54.0448 0884	RDPCDD - ok
15:09:54.0585 0884	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
15:09:54.0613 0884	RDPDR - ok
15:09:54.0678 0884	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:09:54.0725 0884	RDPENCDD - ok
15:09:54.0765 0884	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:09:54.0798 0884	RDPREFMP - ok
15:09:54.0850 0884	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
15:09:54.0888 0884	RDPWD - ok
15:09:55.0055 0884	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
15:09:55.0080 0884	rdyboost - ok
15:09:55.0185 0884	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:09:55.0240 0884	rspndr - ok
15:09:55.0285 0884	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
15:09:55.0343 0884	s3cap - ok
15:09:55.0515 0884	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
15:09:55.0533 0884	sbp2port - ok
15:09:55.0590 0884	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
15:09:55.0643 0884	scfilter - ok
15:09:55.0743 0884	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:09:55.0798 0884	secdrv - ok
15:09:56.0010 0884	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:09:56.0028 0884	Serenum - ok
15:09:56.0060 0884	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:09:56.0098 0884	Serial - ok
15:09:56.0268 0884	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:09:56.0303 0884	sermouse - ok
15:09:56.0648 0884	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
15:09:56.0685 0884	sffdisk - ok
15:09:56.0848 0884	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
15:09:56.0873 0884	sffp_mmc - ok
15:09:56.0893 0884	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
15:09:56.0930 0884	sffp_sd - ok
15:09:56.0978 0884	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:09:56.0995 0884	sfloppy - ok
15:09:57.0068 0884	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
15:09:57.0083 0884	sisagp - ok
15:09:57.0233 0884	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:09:57.0248 0884	SiSRaid2 - ok
15:09:57.0275 0884	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:09:57.0293 0884	SiSRaid4 - ok
15:09:57.0330 0884	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:09:57.0368 0884	Smb - ok
15:09:57.0410 0884	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:09:57.0425 0884	spldr - ok
15:09:57.0498 0884	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
15:09:57.0555 0884	srv - ok
15:09:57.0670 0884	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
15:09:57.0718 0884	srv2 - ok
15:09:57.0798 0884	SrvHsfHDA       (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:09:57.0840 0884	SrvHsfHDA - ok
15:09:57.0995 0884	SrvHsfV92       (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
15:09:58.0060 0884	SrvHsfV92 - ok
15:09:58.0213 0884	SrvHsfWinac     (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
15:09:58.0248 0884	SrvHsfWinac - ok
15:09:58.0295 0884	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
15:09:58.0313 0884	srvnet - ok
15:09:58.0468 0884	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
15:09:58.0495 0884	ssmdrv - ok
15:09:58.0555 0884	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:09:58.0568 0884	stexstor - ok
15:09:58.0638 0884	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
15:09:58.0653 0884	storflt - ok
15:09:58.0688 0884	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
15:09:58.0703 0884	storvsc - ok
15:09:58.0843 0884	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
15:09:58.0858 0884	swenum - ok
15:09:58.0983 0884	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
15:09:59.0045 0884	Tcpip - ok
15:09:59.0250 0884	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
15:09:59.0290 0884	TCPIP6 - ok
15:09:59.0340 0884	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
15:09:59.0395 0884	tcpipreg - ok
15:09:59.0560 0884	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
15:09:59.0610 0884	TDPIPE - ok
15:09:59.0640 0884	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
15:09:59.0700 0884	TDTCP - ok
15:09:59.0748 0884	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
15:09:59.0800 0884	tdx - ok
15:09:59.0943 0884	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
15:09:59.0958 0884	TermDD - ok
15:10:00.0043 0884	TPM             (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
15:10:00.0080 0884	TPM - ok
15:10:00.0155 0884	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:10:00.0205 0884	tssecsrv - ok
15:10:00.0378 0884	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
15:10:00.0433 0884	TsUsbFlt - ok
15:10:00.0505 0884	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
15:10:00.0558 0884	tunnel - ok
15:10:00.0605 0884	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:10:00.0620 0884	uagp35 - ok
15:10:00.0788 0884	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
15:10:00.0848 0884	udfs - ok
15:10:00.0928 0884	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
15:10:00.0943 0884	uliagpkx - ok
15:10:01.0013 0884	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
15:10:01.0030 0884	umbus - ok
15:10:01.0193 0884	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:10:01.0228 0884	UmPass - ok
15:10:01.0308 0884	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
15:10:01.0365 0884	USBAAPL - ok
15:10:01.0520 0884	usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
15:10:01.0565 0884	usbaudio - ok
15:10:01.0643 0884	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
15:10:01.0700 0884	usbccgp - ok
15:10:01.0873 0884	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
15:10:01.0918 0884	usbcir - ok
15:10:01.0945 0884	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
15:10:01.0985 0884	usbehci - ok
15:10:02.0038 0884	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
15:10:02.0080 0884	usbhub - ok
15:10:02.0238 0884	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
15:10:02.0273 0884	usbohci - ok
15:10:02.0338 0884	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:10:02.0378 0884	usbprint - ok
15:10:02.0408 0884	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:10:02.0435 0884	USBSTOR - ok
15:10:02.0558 0884	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:10:02.0575 0884	usbuhci - ok
15:10:02.0640 0884	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
15:10:02.0653 0884	vdrvroot - ok
15:10:02.0725 0884	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:10:02.0790 0884	vga - ok
15:10:02.0828 0884	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:10:02.0865 0884	VgaSave - ok
15:10:03.0015 0884	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
15:10:03.0033 0884	vhdmp - ok
15:10:03.0095 0884	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
15:10:03.0110 0884	viaagp - ok
15:10:03.0163 0884	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:10:03.0203 0884	ViaC7 - ok
15:10:03.0233 0884	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
15:10:03.0248 0884	viaide - ok
15:10:03.0425 0884	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
15:10:03.0445 0884	vmbus - ok
15:10:03.0470 0884	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
15:10:03.0513 0884	VMBusHID - ok
15:10:03.0555 0884	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
15:10:03.0570 0884	volmgr - ok
15:10:03.0630 0884	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:10:03.0653 0884	volmgrx - ok
15:10:03.0795 0884	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
15:10:03.0818 0884	volsnap - ok
15:10:03.0858 0884	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:10:03.0875 0884	vsmraid - ok
15:10:03.0905 0884	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
15:10:03.0963 0884	vwifibus - ok
15:10:04.0125 0884	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:10:04.0163 0884	WacomPen - ok
15:10:04.0230 0884	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:10:04.0265 0884	WANARP - ok
15:10:04.0273 0884	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:10:04.0305 0884	Wanarpv6 - ok
15:10:04.0345 0884	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:10:04.0358 0884	Wd - ok
15:10:04.0400 0884	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:10:04.0428 0884	Wdf01000 - ok
15:10:04.0620 0884	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:10:04.0678 0884	WfpLwf - ok
15:10:04.0710 0884	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:10:04.0723 0884	WIMMount - ok
15:10:04.0830 0884	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
15:10:04.0868 0884	WinUsb - ok
15:10:04.0973 0884	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
15:10:05.0013 0884	WmiAcpi - ok
15:10:05.0093 0884	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:10:05.0145 0884	ws2ifsl - ok
15:10:05.0333 0884	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
15:10:05.0388 0884	WudfPf - ok
15:10:05.0440 0884	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:10:05.0480 0884	WUDFRd - ok
15:10:05.0553 0884	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:10:05.0660 0884	\Device\Harddisk0\DR0 - ok
15:10:05.0673 0884	Boot (0x1200)   (ebc87247b9728d24aed76a6284ae02b0) \Device\Harddisk0\DR0\Partition0
15:10:05.0675 0884	\Device\Harddisk0\DR0\Partition0 - ok
15:10:05.0680 0884	============================================================
15:10:05.0680 0884	Scan finished
15:10:05.0680 0884	============================================================
15:10:05.0700 3604	Detected object count: 0
15:10:05.0700 3604	Actual detected object count: 0
__________________
Alt 23.02.2012, 17:15   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen - Standard

Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.02.2012, 18:07   #20
casjopaja
 
Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen - Standard

Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen


Und das nechste log

[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-02-22.01 - sun 23.02.2012  17:54:17.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2046.1378 [GMT 1:00]
ausgeführt von:: c:\users\sun\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\sun\AppData\Roaming\Ovaci
c:\users\sun\AppData\Roaming\Ovaci\aqdyl.tmp
c:\users\sun\AppData\Roaming\Ovaci\aqdyl.zup
c:\users\sun\Documents\Downloads\CT2776682_BrotherSoft_Extreme.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-23 bis 2012-02-23  ))))))))))))))))))))))))))))))
.
.
2012-02-23 17:01 . 2012-02-23 17:01	--------	d-----w-	c:\users\sun\AppData\Local\temp
2012-02-23 17:01 . 2012-02-23 17:01	--------	d-----w-	c:\users\sun.CONTINUUM\AppData\Local\temp
2012-02-23 12:56 . 2012-02-23 12:56	--------	d-----w-	C:\_OTL
2012-02-21 08:35 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{549E3E58-B510-441B-AE5C-8D1A3CD9B6D6}\mpengine.dll
2012-02-20 10:19 . 2012-02-20 10:19	--------	d-----w-	c:\users\sun\AppData\Roaming\Malwarebytes
2012-02-20 10:18 . 2012-02-20 10:18	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-20 10:18 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-20 10:18 . 2012-02-20 10:19	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-20 08:38 . 2012-02-20 08:38	--------	d-----w-	c:\users\sun\AppData\Roaming\Avira
2012-02-20 08:34 . 2012-01-31 07:56	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-02-20 08:34 . 2012-01-31 07:56	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-20 08:34 . 2011-09-16 15:08	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-02-20 08:34 . 2012-02-20 08:34	--------	d-----w-	c:\programdata\Avira
2012-02-20 08:34 . 2012-02-20 08:34	--------	d-----w-	c:\program files\Avira
2012-02-15 08:09 . 2011-12-30 05:27	478720	----a-w-	c:\windows\system32\timedate.cpl
2012-02-15 08:09 . 2011-12-16 07:52	690688	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-15 08:09 . 2012-01-04 08:58	442880	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-15 08:09 . 2012-01-14 03:35	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-02-13 15:04 . 2012-02-15 08:03	--------	d-----w-	c:\program files\raidcall
2012-01-26 08:40 . 2012-01-26 08:41	--------	d-----w-	c:\program files\iTunes
2012-01-26 08:40 . 2012-01-26 08:40	--------	d-----w-	c:\program files\iPod
2012-01-26 08:30 . 2011-11-17 05:41	67440	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-26 08:30 . 2011-11-17 05:41	134000	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-01-26 08:30 . 2011-11-17 05:39	369352	----a-w-	c:\windows\system32\drivers\cng.sys
2012-01-26 08:30 . 2011-11-17 05:35	314880	----a-w-	c:\windows\system32\webio.dll
2012-01-26 08:30 . 2011-11-17 05:34	15872	----a-w-	c:\windows\system32\sspisrv.dll
2012-01-26 08:30 . 2011-11-17 05:34	100352	----a-w-	c:\windows\system32\sspicli.dll
2012-01-26 08:30 . 2011-11-17 05:34	224768	----a-w-	c:\windows\system32\schannel.dll
2012-01-26 08:30 . 2011-11-17 05:34	22016	----a-w-	c:\windows\system32\secur32.dll
2012-01-26 08:30 . 2011-11-17 05:32	1038848	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-26 08:30 . 2011-11-17 05:29	22528	----a-w-	c:\windows\system32\lsass.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 08:46 . 2011-08-03 07:39	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-29 04:10 . 2011-07-27 10:05	237072	------w-	c:\windows\system32\MpSigStub.exe
2011-12-28 17:33 . 2011-12-28 17:33	621056	----a-w-	c:\windows\system32\drivers\mod7700.sys
2011-12-28 17:33 . 2011-12-28 17:33	23424	----a-w-	c:\windows\system32\drivers\ewdcsc.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\sun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-05-03 4092408]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 WTGService;WTGService;c:\program files\Verbindungsassistent\WTGService.exe [2009-03-03 296400]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 99943317
*Deregistered* - 99943317
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.5 192.168.254.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(540)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Zeit der Fertigstellung: 2012-02-23  18:05:30
ComboFix-quarantined-files.txt  2012-02-23 17:05
.
Vor Suchlauf: 11 Verzeichnis(se), 22.740.529.152 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 22.503.411.712 Bytes frei
.
- - End Of File - - F812B26D7E47703274AA6C39A1524E04
--- --- ---
Alt 23.02.2012, 20:49   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen - Standard

Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen


Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
--> Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen

Alt 24.02.2012, 11:46   #22
casjopaja
 
Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen - Standard

Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen


Oo sorry hab nicht gesehen das die 3. seite dazu gekommen ist ! werde mich sofort dran machen

Alt 24.02.2012, 12:49   #23
casjopaja
 
Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen - Standard

Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen


Hier das GMER Log:
Code:
ATTFilter
GMER Logfile:


	
Code: 

 
ATTFilter


  

	
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-24 12:39:45
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 HTS721010G9SA00 rev.MCZOC10V
Running: kkyrm50h.exe; Driver: C:\Users\sun\AppData\Local\Temp\pxlcykow.sys


---- System - GMER 1.0.15 ----

SSDT            8E9906EE                                                                                                 ZwCreateSection
SSDT            8E9906F8                                                                                                 ZwRequestWaitReplyPort
SSDT            8E9906F3                                                                                                 ZwSetContextThread
SSDT            8E9906FD                                                                                                 ZwSetSecurityObject
SSDT            8E990702                                                                                                 ZwSystemDebugControl
SSDT            8E99068F                                                                                                 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13D1                                                                            82C7D369 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                   82CB6D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                      82CBDEAC 4 Bytes  [EE, 06, 99, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                      82CBE208 4 Bytes  [F8, 06, 99, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                      82CBE24C 4 Bytes  [F3, 06, 99, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                      82CBE2C8 4 Bytes  [FD, 06, 99, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                      82CBE31C 4 Bytes  [02, 07, 99, 8E]
.text           ...                                                                                                      

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                          [74942437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                     [74925600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                    [749256BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                           [749424B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                 [74938514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                   [74934CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                  [7493506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                 [74935144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]        [74936671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                  [7493826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]             [749387BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]           [7493901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                 [7493E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                     [74934BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[2936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [75AEFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[2936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [75AEFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[2936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [75AEFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[2936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [75AEFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004a                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
 
--- --- ---
Und das OSAM Log:

Code:
ATTFilter
OSAM Logfile:


	
Code: 

 
ATTFilter


  

	
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:47:16 on 24.02.2012

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Opera Software Opera Internet Browser 11.61

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Version Cue CS4" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
"SMAX4CP" - "Analog Devices, Inc." - C:\Program Files\Analog Devices\SoundMAX\SMax4.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\sun\AppData\Local\Temp\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"pxlcykow" (pxlcykow) - ? - C:\Users\sun\AppData\Local\Temp\pxlcykow.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{8903F6C9-25E3-40AC-A98F-E6D35CD0469C} "PSPad" - ? - C:\PROGRA~1\PSPADE~1\PSPADS~1.DLL  (File found, but it contains no detailed information)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A} "XnViewShell Class" - ? - C:\Program Files\XnView\ShellEx\XnViewShellExt.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{7530BFB8-7293-4D34-9923-61A11451AFC5} "{7530BFB8-7293-4D34-9923-61A11451AFC5}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.eset.com/special/eos/OnlineScanner.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - ? - C:\Program Files\Java\jre6\bin\jp2ssv.dll  (File not found)
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"CCC.lnk" - "ATI Technologies Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\sun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Adobe_ID0ENQBO" - "Adobe Systems Incorporated" - C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BCSSync" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"StartCCC" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe  (File found, but it contains no detailed information)

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Version Cue CS4" (Adobe Version Cue CS4) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"WTGService" (WTGService) - ? - C:\Program Files\Verbindungsassistent\WTGService.exe  (File found, but it contains no detailed information)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
 
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
asw.... werde ich gleich ausführen und posten

Antwort
Seite 2 von 2 1 2

Themen zu Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen
.dll, administrator, autostart, avg, avira, blackhole, ccc.exe, csrss.exe, datei, dateisystem, desktop, exp/cve-2011-3544, explorer.exe, free, heuristiks/extra, heuristiks/shuriken, lsass.exe, malwarebytes, modul, mom.exe, namen, nt.dll, programm, prozesse, registry, schädlinge, server, services.exe, spoolsv.exe, svchost.exe, taskhost.exe, tr/crypt.ulpm.gen, verweise, windows, winlogon.exe, wmp


« Blackscreen mit Hinweis auf infiziertes System und Zahlungsaufforderung | BOO/TDss.M VIRUS - PC startet nicht - blauer Bildschrim - nur abgesicherter Modus »

Ähnliche Themen: Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen


  1. TR/crypt.ulpm.gm gefunden von AVIRA aber nur in Quarantäne verschoben
    Log-Analyse und Auswertung - 09.01.2015 (11)
  2. Avira Fund: TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 26.07.2013 (3)
  3. Nach "TR/Crypt.ULPM.Gen"-Fund: sicherheitshalber Checkup
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (12)
  4. TR/Trash.Gen sowie EXP/CVE-2011-3544 sowie TR/Crypt.ULPM.Gen
    Log-Analyse und Auswertung - 08.10.2012 (7)
  5. AviraExploitsfunde:EXP/2011-3544.CZ.2; EXP/Java.Ternub.a.6; EXP/Java.Ternub.a.28 &Fund APPL/HideWindows.31232 in C:\Programme\MioNet\cmd.exe
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (33)
  6. Exploits EXP/CVE-2011-3544.BU von Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (37)
  7. Avira Fund EXP/2011-3544.CQ.1
    Log-Analyse und Auswertung - 27.05.2012 (22)
  8. Avira meldet EXP/2011-3544.BW.1 und JAVA/Dldr.OpenS.H
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (5)
  9. TR/Crypt.ULPM.Gen von Avira gefunden-kann nicht gelöscht werden.
    Plagegeister aller Art und deren Bekämpfung - 20.03.2012 (16)
  10. EXP/2011-3544.BU.1 mittels Avira AntiVir gefunden
    Log-Analyse und Auswertung - 19.03.2012 (8)
  11. Avira meldet EXP/2011-3544.BY.1, ist mein System noch sicher?
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (5)
  12. Avira hat TR/Maljava.A.43 und Exploits EXP/CVE-2011-3544.AZ gefunden - und nun?
    Plagegeister aller Art und deren Bekämpfung - 02.03.2012 (33)
  13. tr/crypt.Xpack.gen8,Tr/Psw.zbot.924,EXP/Cve-2011-3544,TR/startPage.eo.1,EXP/Blacole.DU
    Plagegeister aller Art und deren Bekämpfung - 01.03.2012 (28)
  14. 2 Viren gefunden (Exploit) - EXP/CVE-2011-3544.E und EXP/CVE-2011-3544.J
    Plagegeister aller Art und deren Bekämpfung - 20.02.2012 (30)
  15. Avira findet Trojaner TR/Crypt.ULPM.Gen in Webot
    Plagegeister aller Art und deren Bekämpfung - 10.02.2012 (1)
  16. Avira AntiVir Personal - Free Antivirus meldet TR/Crypt.ULPM.Gen, möglicherweise Fehlalarm
    Plagegeister aller Art und deren Bekämpfung - 02.09.2010 (5)
  17. Avira meldet TR/Crypt.ULPM.Gen
    Log-Analyse und Auswertung - 15.03.2009 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen - Hier das Log: Code: Alles auswählen Aufklappen ATTFilter All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{992312bc-3176-11e1-b5ed-00164116dbdb}\ deleted successfully. Registry key - Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen...
Archiv
Du betrachtest: Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129