Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   50 EUR Trojaner / ubd.exe (https://www.trojaner-board.de/111194-50-eur-trojaner-ubd-exe.html)

Hammerstein 09.03.2012 18:46
50 EUR Trojaner / ubd.exe
 
Guten Tag,

ich habe z.Z. den Rechner eines Freundes zwecks "Entwanzung" hier stehen. Er hat vor einer Weile die bekannte 50 EUR Zahlungaufforderung beim Systemstart gehabt. Er hat dann eine Zeit lang mit dem (parallel installierten) alten Win XP gearbeitet. Nach einer Weile lief auch das Win7 wieder (soweit kenne ich das leider nur als mündliche Schilderung).

Ich habe erstmal die Desinfec't 2011 CD laufen lassen (genauer: Avira Antivirus und Bitdefender). Leider hat sie sich in unregelmäßigen Abständen aufgehängt, so das ich nicht mehr genau weiß was wo gefunden wurde (es wurden diverse Dateien angemeckert, soweit ich mich erinnere im Java cache und im temp Ordner). Die betroffenen Dateien habe ich gelöscht.

Im Anschuss habe ich die aktuelle Kaspersky Rescue CD im Textmodus laufen lassen. Dabei wurde Nichts mehr gefunden.

Das System läuft jetzt wieder (XP und 7), aber ich traue dem Braten nicht ganz. Stutzig gemacht hat mich der Prozess "ubd.exe" im Taskmanager. Lt. Google könnte er zu Apple ITunes bzw. dem IPod Support gehören. Hier im Board gabe es aber auch einen Hinweis auf einen Trojaner/Downloader. Also habe ich (zusätzlich zum bereits vorhandenen NOD32) Malwarebytes Anti-Malware installiert und einen vollständigen Scan ausgeführt. Log:

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.09.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Georg :: GEORGS-PC [Administrator]

Schutz: Aktiviert

09.03.2012 15:51:39
mbam-log-2012-03-09 (17-09-31).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 366541
Laufzeit: 1 Stunde(n), 16 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
c:\users\georg\appdata\local\temp\qtinstallcode.log (Extension.Mismatch) -> Keine Aktion durchgeführt.

(Ende)

Vermutlich eher unkritisch. Trotzdem würde ich mich sehr freuen wenn sich das jemand ansehen könnte der richtig Ahnung von der Materie hat.

DDS Log:

.DDS Logfile:
Code:
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_31
Run by Georg at 17:25:40 on 2012-03-09
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.958.283 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wg111v~1.lnk - c:\program files\netgear\wg111v2 configuration utility\RtlWake.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{80E7C3D2-16F0-4229-B2DE-D93A18881F54} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DF7F8843-065F-48CA-B475-E779C2DD6CD4} : DhcpNameServer = 192.168.178.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\georg\appdata\roaming\mozilla\firefox\profiles\1ohbrm5s.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2011-11-20 66048]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-12-21 95384]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-9 652360]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-9 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2011-11-20 167808]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2011-11-20 167808]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-6 52224]
.
=============== Created Last 30 ================
.
2012-03-09 14:46:37        --------        d-----w-        c:\users\georg\appdata\roaming\Malwarebytes
2012-03-09 14:46:31        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-09 14:46:30        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-09 14:46:30        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-09 14:27:29        56200        ----a-w-        c:\programdata\microsoft\windows defender\definition updates\{e0322189-384e-47a6-a7cd-457929ca3018}\offreg.dll
2012-03-09 14:09:40        --------        d-----w-        c:\users\georg\appdata\local\WindowsUpdate
2012-03-09 13:57:28        476904        ----a-w-        c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2012-03-09 13:40:22        626688        ----a-w-        c:\program files\mozilla firefox\msvcr80.dll
2012-03-09 13:40:22        548864        ----a-w-        c:\program files\mozilla firefox\msvcp80.dll
2012-03-09 13:40:22        479232        ----a-w-        c:\program files\mozilla firefox\msvcm80.dll
2012-03-09 13:40:22        45016        ----a-w-        c:\program files\mozilla firefox\mozutils.dll
2012-03-09 11:03:51        --------        d-----w-        c:\program files\iPod
2012-03-09 11:03:43        --------        d-----w-        c:\program files\iTunes
2012-03-09 10:14:45        6552120        ----a-w-        c:\programdata\microsoft\windows defender\definition updates\{e0322189-384e-47a6-a7cd-457929ca3018}\mpengine.dll
2012-02-16 09:47:20        478720        ----a-w-        c:\windows\system32\timedate.cpl
2012-02-16 09:47:01        690688        ----a-w-        c:\windows\system32\msvcrt.dll
2012-02-16 09:46:51        442880        ----a-w-        c:\windows\system32\ntshrui.dll
2012-02-16 09:46:48        2343424        ----a-w-        c:\windows\system32\win32k.sys
.
==================== Find3M  ====================
.
2012-03-09 13:57:10        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-09 13:48:07        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18:36        237072        ------w-        c:\windows\system32\MpSigStub.exe
2011-12-14 03:04:54        1798656        ----a-w-        c:\windows\system32\jscript9.dll
2011-12-14 02:57:18        1127424        ----a-w-        c:\windows\system32\wininet.dll
2011-12-14 02:56:58        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
.
============= FINISH: 17:26:03,39 ===============
--- --- ---
Vor dem GMER Scan habe ich per Taskmanger einige Dienst/Prozesse gestoppt: AntiMalware, alle Apple Dienste, Java und Adode Updater (NOD32 ließ sich nicht stoppen).

DDS attach.log und GMER.log im Anhang.

Danke, Klaus

cosinus 12.03.2012 16:01
Zitat:
(zusätzlich zum bereits vorhandenen NOD32)
Hast du die Logs von NOD32 noch?

Hammerstein 13.03.2012 21:47
Hallo,

das hier habe bzgl. Logs gefunden:

Einen Eintrage im Log das NOD32 On Access Scanners (der einzige Eintrag, passt zeitlich ungefähr zum Auftreten des Problems):

Code:
02.02.2012 12:06:26        Echtzeit-Dateischutz        Datei        C:\USERS\GEORG\APPDATA\ROAMING\MICROSOFT\DLLHSTS.EXE        möglicherweise Variante von Win32/Agent.DGHWBLW Trojaner        Gesäubert durch Löschen - in Quarantäne kopiert        Georgs-PC\Georg        Ereignis aufgetreten beim Versuch, die Datei zu öffnen durch die Anwendung: C:\Windows\System32\WerFault.exe.
Ein Avira Log (von einem Durgang mit der Desinfec't 2011, da ist sie so lang gelaufen das ich das auf einen USB Stick retten konnte):

Code:
Avira / Linux Version 1.9.152.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.

engine set:        8.2.10.8
VDF Version:        7.11.24.194

key file:          /AntiVir/rescue_cd.key
registered user:    AntiVir Rescue System
serial number:      0000149995
key expires:        Mär 27 2013

Scan start time: Di 06 Mär 2012 20:21:50 CET
Command line: /AntiVir/scancl --showall --recursion --log=/tmp/avira.log --defaultaction=ignore /media/503016EE3016DB34

auto excluding /sys from scanning (is a special fs)
auto excluding /proc from scanning (is a special fs)
WARNING: [Config file '/AntiVir/scancl.conf' is missing] Initialization
 
 /media/503016EE3016DB34/Users/Georg/AppData/Local/Temp/0.14909437958645233.exe
 Date: 05.01.2012 Time: 22:11:42  Size: 109056
 ALERT: [TR/Ransom.EJ.48] /media/503016EE3016DB34/Users/Georg/AppData/Local/Temp/0.14909437958645233.exe <<< Is the Trojan horse TR/Ransom.EJ.48
 
 /media/503016EE3016DB34/Users/Georg/AppData/Local/Temp/jar_cache3152356552050803454.tmp
 Date: 05.12.2011 Time: 23:34:12  Size: 47608
 ALERT: [TR/Kazy.4733621] /media/503016EE3016DB34/Users/Georg/AppData/Local/Temp/jar_cache3152356552050803454.tmp <<< Is the Trojan horse TR/Kazy.4733621

 /media/503016EE3016DB34/Users/Georg/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/44/44abd6c-18d8e506
 Date: 05.01.2012 Time: 22:11:41  Size: 109056
 ALERT: [TR/Ransom.EJ.48] /media/503016EE3016DB34/Users/Georg/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/44/44abd6c-18d8e506 <<< Is the Trojan horse TR/Ransom.EJ.48

 /media/503016EE3016DB34/Users/Georg/Lokale Einstellungen/Temp/0.14909437958645233.exe
 Date: 05.01.2012 Time: 22:11:42  Size: 109056
 ALERT: [TR/Ransom.EJ.48] /media/503016EE3016DB34/Users/Georg/Lokale Einstellungen/Temp/0.14909437958645233.exe <<< Is the Trojan horse TR/Ransom.EJ.48

 /media/503016EE3016DB34/Users/Georg/Lokale Einstellungen/Temp/jar_cache3152356552050803454.tmp
 Date: 05.12.2011 Time: 23:34:12  Size: 47608
 ALERT: [TR/Kazy.4733621] /media/503016EE3016DB34/Users/Georg/Lokale Einstellungen/Temp/jar_cache3152356552050803454.tmp <<< Is the Trojan horse TR/Kazy.4733621

 /media/503016EE3016DB34/Documents and Settings/Georg/AppData/Local/Temp/0.14909437958645233.exe
 Date: 05.01.2012 Time: 22:11:42  Size: 109056
 ALERT: [TR/Ransom.EJ.48] /media/503016EE3016DB34/Documents and Settings/Georg/AppData/Local/Temp/0.14909437958645233.exe <<< Is the Trojan horse TR/Ransom.EJ.48

 /media/503016EE3016DB34/Documents and Settings/Georg/AppData/Local/Temp/jar_cache3152356552050803454.tmp
 Date: 05.12.2011 Time: 23:34:12  Size: 47608
 ALERT: [TR/Kazy.4733621] /media/503016EE3016DB34/Documents and Settings/Georg/AppData/Local/Temp/jar_cache3152356552050803454.tmp <<< Is the Trojan horse TR/Kazy.4733621

 /media/503016EE3016DB34/Documents and Settings/Georg/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/44/44abd6c-18d8e506
 Date: 05.01.2012 Time: 22:11:41  Size: 109056
 ALERT: [TR/Ransom.EJ.48] /media/503016EE3016DB34/Documents and Settings/Georg/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/44/44abd6c-18d8e506 <<< Is the Trojan horse TR/Ransom.EJ.48

 /media/503016EE3016DB34/Documents and Settings/Georg/Lokale Einstellungen/Temp/0.14909437958645233.exe
 Date: 05.01.2012 Time: 22:11:42  Size: 109056
 ALERT: [TR/Ransom.EJ.48] /media/503016EE3016DB34/Documents and Settings/Georg/Lokale Einstellungen/Temp/0.14909437958645233.exe <<< Is the Trojan horse TR/Ransom.EJ.48

 /media/503016EE3016DB34/Documents and Settings/Georg/Lokale Einstellungen/Temp/jar_cache3152356552050803454.tmp
 Date: 05.12.2011 Time: 23:34:12  Size: 47608
 ALERT: [TR/Kazy.4733621] /media/503016EE3016DB34/Documents and Settings/Georg/Lokale Einstellungen/Temp/jar_cache3152356552050803454.tmp <<< Is the Trojan horse TR/Kazy.4733621

 /media/503016EE3016DB34/Dokumente und Einstellungen/Georg/AppData/Local/Temp/0.14909437958645233.exe
 Date: 05.01.2012 Time: 22:11:42  Size: 109056
 ALERT: [TR/Ransom.EJ.48] /media/503016EE3016DB34/Dokumente und Einstellungen/Georg/AppData/Local/Temp/0.14909437958645233.exe <<< Is the Trojan horse TR/Ransom.EJ.48

 /media/503016EE3016DB34/Dokumente und Einstellungen/Georg/AppData/Local/Temp/jar_cache3152356552050803454.tmp
 Date: 05.12.2011 Time: 23:34:12  Size: 47608
 ALERT: [TR/Kazy.4733621] /media/503016EE3016DB34/Dokumente und Einstellungen/Georg/AppData/Local/Temp/jar_cache3152356552050803454.tmp <<< Is the Trojan horse TR/Kazy.4733621
 
 /media/503016EE3016DB34/Dokumente und Einstellungen/Georg/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/44/44abd6c-18d8e506
 Date: 05.01.2012 Time: 22:11:41  Size: 109056
 ALERT: [TR/Ransom.EJ.48] /media/503016EE3016DB34/Dokumente und Einstellungen/Georg/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/44/44abd6c-18d8e506 <<< Is the Trojan horse TR/Ransom.EJ.48

 /media/503016EE3016DB34/Dokumente und Einstellungen/Georg/Lokale Einstellungen/Temp/0.14909437958645233.exe
 Date: 05.01.2012 Time: 22:11:42  Size: 109056
 ALERT: [TR/Ransom.EJ.48] /media/503016EE3016DB34/Dokumente und Einstellungen/Georg/Lokale Einstellungen/Temp/0.14909437958645233.exe <<< Is the Trojan horse TR/Ransom.EJ.48

 /media/503016EE3016DB34/Dokumente und Einstellungen/Georg/Lokale Einstellungen/Temp/jar_cache3152356552050803454.tmp
 Date: 05.12.2011 Time: 23:34:12  Size: 47608
 ALERT: [TR/Kazy.4733621] /media/503016EE3016DB34/Dokumente und Einstellungen/Georg/Lokale Einstellungen/Temp/jar_cache3152356552050803454.tmp <<< Is the Trojan horse TR/Kazy.4733621


Statistics :               
    Directories............... : 57402
    Files..................... : 277360
        Infected.............. : 15
            Ignored........... : 15
        Warnings.............. : 0
        Suspicious............ : 0
    Infections................ : 15
    Time...................... : 02:01:36
Das Antimalware Log:

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.09.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Georg :: GEORGS-PC [Administrator]

Schutz: Aktiviert

09.03.2012 15:51:39
mbam-log-2012-03-09 (15-51-39).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 366541
Laufzeit: 1 Stunde(n), 16 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
c:\users\georg\appdata\local\temp\qtinstallcode.log (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Die udb.exe habe ich an virustotal verfüttert -> keine Beanstandung.

Danke + ich hoffe das hilft dir weiter, Klaus

cosinus 14.03.2012 15:08
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Hammerstein 15.03.2012 21:46
Hallo,

und bitte sehr. OTL.txt:

OTL Logfile:
Code:
OTL logfile created on: 15.03.2012 20:52:29 - Run 1
OTL by OldTimer - Version 3.2.37.0    Folder = C:\Users\Georg\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
958,49 Mb Total Physical Memory | 294,68 Mb Available Physical Memory | 30,74% Memory free
1,94 Gb Paging File | 1,20 Gb Available in Paging File | 62,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 836,48 Gb Total Space | 728,36 Gb Free Space | 87,08% Space Free | Partition Type: NTFS
Drive D: | 94,99 Gb Total Space | 8,41 Gb Free Space | 8,85% Space Free | Partition Type: NTFS
 
Computer Name: GEORGS-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.15 20:49:46 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Downloads\OTL.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.09 13:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011.01.12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2006.04.06 20:19:28 | 000,745,472 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006.04.06 20:19:28 | 000,745,472 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.09 13:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.01.12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\athur.sys -- (athur)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.12.21 15:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010.12.21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.12.21 13:47:38 | 000,095,384 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.07.10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.13 23:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.03.27 17:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2006.03.27 17:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTL8187)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\..\SearchScopes\{0BE04A77-80D0-4353-B40C-DB57019FF9EB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3300651777-261631593-639968072-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.09 14:40:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.09 15:13:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.03.06 21:08:10 | 000,000,000 | ---D | M]
 
[2011.03.22 21:43:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\mozilla\Extensions
[2011.03.22 21:43:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.03.09 14:40:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\1ohbrm5s.default\extensions
[2012.03.09 14:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.09 14:57:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\GEORG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1OHBRM5S.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.09 14:40:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.09 14:57:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.09 14:40:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.09 14:40:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.09 14:40:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.09 14:40:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.09 14:40:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.09 14:40:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-3300651777-261631593-639968072-1000..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3300651777-261631593-639968072-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3300651777-261631593-639968072-1000\..Trusted Domains: microsoft.com ([*.update] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3300651777-261631593-639968072-1000\..Trusted Domains: microsoft.com ([*.update] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3300651777-261631593-639968072-1000\..Trusted Domains: microsoft.com ([update] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3300651777-261631593-639968072-1000\..Trusted Domains: microsoft.com ([update] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3300651777-261631593-639968072-1000\..Trusted Domains: windowsupdate.com ([download] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80E7C3D2-16F0-4229-B2DE-D93A18881F54}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF7F8843-065F-48CA-B475-E779C2DD6CD4}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.08.20 01:58:30 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.09 15:46:37 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\Malwarebytes
[2012.03.09 15:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.09 15:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.09 15:46:30 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.09 15:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.09 15:09:40 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Local\WindowsUpdate
[2012.03.09 14:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.03.09 14:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.03.09 14:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.03.09 14:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.03.09 12:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.09 12:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.09 12:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.15 20:54:07 | 002,076,840 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.15 20:54:07 | 001,030,302 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.15 20:54:07 | 000,570,360 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.15 20:54:07 | 000,501,866 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.15 20:48:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.15 20:48:37 | 753,786,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.13 21:17:45 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.13 21:17:45 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.13 21:10:20 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.09 18:36:37 | 000,000,907 | ---- | M] () -- C:\Users\Georg\Documents\gmer.zip
[2012.03.09 18:36:20 | 000,001,268 | ---- | M] () -- C:\Users\Georg\Documents\Attach.zip
[2012.03.09 17:37:08 | 000,000,465 | ---- | M] () -- C:\Users\Georg\Desktop\Verwaltung - Verknüpfung.lnk
[2012.03.09 17:19:31 | 000,000,000 | ---- | M] () -- C:\Users\Georg\defogger_reenable
[2012.03.09 17:08:03 | 000,007,634 | ---- | M] () -- C:\Users\Georg\AppData\Local\resmon.resmoncfg
[2012.03.09 15:46:32 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.09 14:52:48 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.03.09 12:06:24 | 000,001,768 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2012.03.09 12:04:38 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2012.03.09 18:36:37 | 000,000,907 | ---- | C] () -- C:\Users\Georg\Documents\gmer.zip
[2012.03.09 18:36:20 | 000,001,268 | ---- | C] () -- C:\Users\Georg\Documents\Attach.zip
[2012.03.09 17:37:08 | 000,000,465 | ---- | C] () -- C:\Users\Georg\Desktop\Verwaltung - Verknüpfung.lnk
[2012.03.09 17:19:31 | 000,000,000 | ---- | C] () -- C:\Users\Georg\defogger_reenable
[2012.03.09 15:46:32 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.09 14:52:48 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.03.09 14:52:48 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.03.09 12:04:38 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.09.15 00:37:20 | 000,000,404 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.03.24 18:08:39 | 000,003,584 | ---- | C] () -- C:\Users\Georg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.16 22:25:15 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe
[2011.03.10 22:34:49 | 000,007,634 | ---- | C] () -- C:\Users\Georg\AppData\Local\resmon.resmoncfg
[2011.03.09 21:16:01 | 000,307,200 | ---- | C] () -- C:\Windows\SetACL.exe
 
========== LOP Check ==========
 
[2011.03.18 21:18:04 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Canneverbe Limited
[2011.12.12 20:49:54 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Canon
[2011.09.15 00:50:53 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\freac
[2011.09.15 00:27:34 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\gnupg
[2011.03.17 22:12:52 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\SharePod
[2011.03.16 22:25:35 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\SoftMaker
[2011.03.14 22:58:57 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\TeamViewer
[2011.03.22 21:43:20 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\TomTom
[2011.11.20 17:05:44 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.03.09 22:26:49 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Adobe
[2012.03.09 15:14:07 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Apple Computer
[2011.03.18 21:18:04 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Canneverbe Limited
[2011.12.12 20:49:54 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Canon
[2011.12.05 09:47:57 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\dvdcss
[2011.09.15 00:50:53 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\freac
[2011.09.15 00:27:34 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\gnupg
[2011.03.06 19:45:30 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Identities
[2011.03.09 21:24:02 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Macromedia
[2012.03.09 15:46:37 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Media Center Programs
[2012.02.02 12:06:26 | 000,000,000 | --SD | M] -- C:\Users\Georg\AppData\Roaming\Microsoft
[2011.03.06 21:16:11 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Mozilla
[2011.03.17 22:12:52 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\SharePod
[2011.03.16 22:25:35 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\SoftMaker
[2011.03.14 22:58:57 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\TeamViewer
[2011.03.22 21:43:20 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\TomTom
[2012.02.08 16:28:32 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---


Die Extras.txt habe ich angehängt (falls sie auch benötigt wird).


Gruss, Klaus

cosinus 16.03.2012 00:03
Ist ziemlich unauffällig...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hammerstein 16.03.2012 19:16
Hallo Arne,

danke für die erste Einschätzung. Anbei das TDSS-Killer Log. Ich habe nach der angemeckerten Datei EAPPkt gegoogelt -> die könnte zum normalerweise benutzten, aber z.Z. nicht angeschlossenen Netgear WLan Stick gehören.

Gruss, Klaus

Code:
19:03:30.0253 2104        TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
19:03:30.0582 2104        ============================================================
19:03:30.0582 2104        Current date / time: 2012/03/16 19:03:30.0582
19:03:30.0582 2104        SystemInfo:
19:03:30.0582 2104       
19:03:30.0582 2104        OS Version: 6.1.7601 ServicePack: 1.0
19:03:30.0582 2104        Product type: Workstation
19:03:30.0582 2104        ComputerName: GEORGS-PC
19:03:30.0582 2104        UserName: Georg
19:03:30.0582 2104        Windows directory: C:\Windows
19:03:30.0582 2104        System windows directory: C:\Windows
19:03:30.0582 2104        Processor architecture: Intel x86
19:03:30.0582 2104        Number of processors: 2
19:03:30.0582 2104        Page size: 0x1000
19:03:30.0582 2104        Boot type: Normal boot
19:03:30.0582 2104        ============================================================
19:03:31.0800 2104        Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:03:31.0816 2104        \Device\Harddisk0\DR0:
19:03:31.0816 2104        MBR used
19:03:31.0816 2104        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0xBDFA470
19:03:31.0816 2104        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xBE12000, BlocksNum 0x688F4000
19:03:31.0910 2104        Initialize success
19:03:31.0910 2104        ============================================================
19:04:56.0375 3508        ============================================================
19:04:56.0375 3508        Scan started
19:04:56.0375 3508        Mode: Manual; SigCheck; TDLFS;
19:04:56.0375 3508        ============================================================
19:04:57.0735 3508        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:04:57.0907 3508        1394ohci - ok
19:04:57.0985 3508        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:04:58.0000 3508        ACPI - ok
19:04:58.0047 3508        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:04:58.0094 3508        AcpiPmi - ok
19:04:58.0204 3508        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:04:58.0219 3508        adp94xx - ok
19:04:58.0250 3508        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:04:58.0282 3508        adpahci - ok
19:04:58.0313 3508        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:04:58.0329 3508        adpu320 - ok
19:04:58.0391 3508        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:04:58.0454 3508        AFD - ok
19:04:58.0547 3508        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:04:58.0547 3508        agp440 - ok
19:04:58.0610 3508        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:04:58.0610 3508        aic78xx - ok
19:04:58.0654 3508        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:04:58.0669 3508        aliide - ok
19:04:58.0685 3508        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:04:58.0701 3508        amdagp - ok
19:04:58.0779 3508        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:04:58.0779 3508        amdide - ok
19:04:58.0810 3508        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:04:58.0873 3508        AmdK8 - ok
19:04:58.0904 3508        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:04:58.0919 3508        AmdPPM - ok
19:04:59.0013 3508        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:04:59.0029 3508        amdsata - ok
19:04:59.0060 3508        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:04:59.0076 3508        amdsbs - ok
19:04:59.0107 3508        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:04:59.0107 3508        amdxata - ok
19:04:59.0154 3508        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:04:59.0248 3508        AppID - ok
19:04:59.0388 3508        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:04:59.0404 3508        arc - ok
19:04:59.0419 3508        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:04:59.0435 3508        arcsas - ok
19:04:59.0466 3508        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:04:59.0576 3508        AsyncMac - ok
19:04:59.0661 3508        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:04:59.0676 3508        atapi - ok
19:04:59.0708 3508        athur - ok
19:04:59.0770 3508        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:04:59.0817 3508        b06bdrv - ok
19:04:59.0895 3508        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:04:59.0911 3508        b57nd60x - ok
19:04:59.0958 3508        bcm4sbxp        (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
19:04:59.0989 3508        bcm4sbxp - ok
19:05:00.0036 3508        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:05:00.0067 3508        Beep - ok
19:05:00.0098 3508        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:05:00.0114 3508        blbdrive - ok
19:05:00.0223 3508        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:05:00.0254 3508        bowser - ok
19:05:00.0286 3508        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:05:00.0333 3508        BrFiltLo - ok
19:05:00.0348 3508        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:05:00.0379 3508        BrFiltUp - ok
19:05:00.0458 3508        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:05:00.0504 3508        Brserid - ok
19:05:00.0520 3508        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:05:00.0551 3508        BrSerWdm - ok
19:05:00.0567 3508        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:05:00.0598 3508        BrUsbMdm - ok
19:05:00.0678 3508        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:05:00.0709 3508        BrUsbSer - ok
19:05:00.0741 3508        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:05:00.0756 3508        BTHMODEM - ok
19:05:00.0803 3508        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:05:00.0834 3508        cdfs - ok
19:05:00.0928 3508        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
19:05:00.0959 3508        cdrom - ok
19:05:01.0006 3508        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:05:01.0053 3508        circlass - ok
19:05:01.0084 3508        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:05:01.0100 3508        CLFS - ok
19:05:01.0194 3508        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:05:01.0209 3508        CmBatt - ok
19:05:01.0225 3508        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:05:01.0241 3508        cmdide - ok
19:05:01.0272 3508        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
19:05:01.0319 3508        CNG - ok
19:05:01.0350 3508        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:05:01.0366 3508        Compbatt - ok
19:05:01.0428 3508        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:05:01.0459 3508        CompositeBus - ok
19:05:01.0491 3508        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:05:01.0506 3508        crcdisk - ok
19:05:01.0569 3508        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:05:01.0616 3508        DfsC - ok
19:05:01.0663 3508        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:05:01.0709 3508        discache - ok
19:05:01.0788 3508        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:05:01.0803 3508        Disk - ok
19:05:01.0850 3508        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:05:01.0881 3508        drmkaud - ok
19:05:01.0944 3508        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:05:01.0959 3508        DXGKrnl - ok
19:05:02.0053 3508        eamonm          (04cba07e73f152970fc34d66d3892e2a) C:\Windows\system32\DRIVERS\eamonm.sys
19:05:02.0428 3508        eamonm - ok
19:05:02.0522 3508        EAPPkt          (efacd8d57a42a93e244a0dbd357e8cb8) C:\Windows\system32\DRIVERS\EAPPkt.sys
19:05:02.0538 3508        EAPPkt ( UnsignedFile.Multi.Generic ) - warning
19:05:02.0538 3508        EAPPkt - detected UnsignedFile.Multi.Generic (1)
19:05:02.0631 3508        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:05:02.0709 3508        ebdrv - ok
19:05:02.0741 3508        ehdrv          (fe7824239d132ad9ebd8645fe1199b30) C:\Windows\system32\DRIVERS\ehdrv.sys
19:05:02.0756 3508        ehdrv - ok
19:05:02.0866 3508        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:05:02.0897 3508        elxstor - ok
19:05:02.0928 3508        epfwwfpr        (ddb45f6371714601a43e8be38145be18) C:\Windows\system32\DRIVERS\epfwwfpr.sys
19:05:02.0944 3508        epfwwfpr - ok
19:05:02.0959 3508        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:05:02.0991 3508        ErrDev - ok
19:05:03.0100 3508        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:05:03.0131 3508        exfat - ok
19:05:03.0163 3508        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:05:03.0194 3508        fastfat - ok
19:05:03.0225 3508        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:05:03.0256 3508        fdc - ok
19:05:03.0272 3508        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:05:03.0288 3508        FileInfo - ok
19:05:03.0366 3508        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:05:03.0428 3508        Filetrace - ok
19:05:03.0444 3508        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:05:03.0475 3508        flpydisk - ok
19:05:03.0506 3508        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:05:03.0522 3508        FltMgr - ok
19:05:03.0538 3508        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:05:03.0553 3508        FsDepends - ok
19:05:03.0616 3508        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:05:03.0631 3508        Fs_Rec - ok
19:05:03.0663 3508        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:05:03.0678 3508        fvevol - ok
19:05:03.0714 3508        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:05:03.0730 3508        gagp30kx - ok
19:05:03.0777 3508        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:05:03.0777 3508        GEARAspiWDM - ok
19:05:03.0855 3508        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:05:03.0917 3508        hcw85cir - ok
19:05:03.0964 3508        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:05:03.0996 3508        HdAudAddService - ok
19:05:04.0027 3508        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:05:04.0058 3508        HDAudBus - ok
19:05:04.0136 3508        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:05:04.0167 3508        HidBatt - ok
19:05:04.0183 3508        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:05:04.0214 3508        HidBth - ok
19:05:04.0246 3508        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:05:04.0261 3508        HidIr - ok
19:05:04.0339 3508        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
19:05:04.0355 3508        HidUsb - ok
19:05:04.0386 3508        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:05:04.0402 3508        HpSAMD - ok
19:05:04.0449 3508        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:05:04.0496 3508        HTTP - ok
19:05:04.0527 3508        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:05:04.0527 3508        hwpolicy - ok
19:05:04.0605 3508        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
19:05:04.0636 3508        i8042prt - ok
19:05:04.0683 3508        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:05:04.0714 3508        iaStorV - ok
19:05:04.0747 3508        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:05:04.0762 3508        iirsp - ok
19:05:04.0793 3508        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:05:04.0793 3508        intelide - ok
19:05:04.0872 3508        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:05:04.0903 3508        intelppm - ok
19:05:04.0918 3508        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:05:04.0965 3508        IpFilterDriver - ok
19:05:05.0012 3508        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:05:05.0028 3508        IPMIDRV - ok
19:05:05.0106 3508        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:05:05.0153 3508        IPNAT - ok
19:05:05.0200 3508        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:05:05.0231 3508        IRENUM - ok
19:05:05.0262 3508        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:05:05.0278 3508        isapnp - ok
19:05:05.0340 3508        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:05:05.0372 3508        iScsiPrt - ok
19:05:05.0387 3508        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:05:05.0403 3508        kbdclass - ok
19:05:05.0434 3508        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
19:05:05.0465 3508        kbdhid - ok
19:05:05.0481 3508        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
19:05:05.0497 3508        KSecDD - ok
19:05:05.0559 3508        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
19:05:05.0575 3508        KSecPkg - ok
19:05:05.0637 3508        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:05:05.0684 3508        lltdio - ok
19:05:05.0731 3508        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:05:05.0731 3508        LSI_FC - ok
19:05:05.0762 3508        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:05:05.0778 3508        LSI_SAS - ok
19:05:05.0856 3508        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:05:05.0856 3508        LSI_SAS2 - ok
19:05:05.0887 3508        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:05:05.0887 3508        LSI_SCSI - ok
19:05:05.0934 3508        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:05:05.0965 3508        luafv - ok
19:05:06.0075 3508        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
19:05:06.0106 3508        MBAMProtector - ok
19:05:06.0137 3508        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:05:06.0153 3508        megasas - ok
19:05:06.0168 3508        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:05:06.0184 3508        MegaSR - ok
19:05:06.0215 3508        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:05:06.0262 3508        Modem - ok
19:05:06.0340 3508        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:05:06.0372 3508        monitor - ok
19:05:06.0403 3508        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
19:05:06.0418 3508        mouclass - ok
19:05:06.0434 3508        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:05:06.0465 3508        mouhid - ok
19:05:06.0497 3508        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:05:06.0512 3508        mountmgr - ok
19:05:06.0575 3508        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:05:06.0590 3508        mpio - ok
19:05:06.0622 3508        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:05:06.0668 3508        mpsdrv - ok
19:05:06.0684 3508        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:05:06.0731 3508        MRxDAV - ok
19:05:06.0762 3508        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:05:06.0809 3508        mrxsmb - ok
19:05:06.0903 3508        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:05:06.0950 3508        mrxsmb10 - ok
19:05:06.0965 3508        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:05:06.0981 3508        mrxsmb20 - ok
19:05:07.0012 3508        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:05:07.0012 3508        msahci - ok
19:05:07.0043 3508        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:05:07.0075 3508        msdsm - ok
19:05:07.0168 3508        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:05:07.0200 3508        Msfs - ok
19:05:07.0215 3508        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:05:07.0262 3508        mshidkmdf - ok
19:05:07.0278 3508        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:05:07.0309 3508        msisadrv - ok
19:05:07.0403 3508        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:05:07.0434 3508        MSKSSRV - ok
19:05:07.0465 3508        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:05:07.0497 3508        MSPCLOCK - ok
19:05:07.0497 3508        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:05:07.0543 3508        MSPQM - ok
19:05:07.0559 3508        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:05:07.0575 3508        MsRPC - ok
19:05:07.0606 3508        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:05:07.0622 3508        mssmbios - ok
19:05:07.0700 3508        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:05:07.0731 3508        MSTEE - ok
19:05:07.0762 3508        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:05:07.0778 3508        MTConfig - ok
19:05:07.0809 3508        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:05:07.0825 3508        Mup - ok
19:05:07.0887 3508        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:05:07.0918 3508        NativeWifiP - ok
19:05:07.0981 3508        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:05:08.0012 3508        NDIS - ok
19:05:08.0043 3508        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:05:08.0090 3508        NdisCap - ok
19:05:08.0153 3508        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:05:08.0200 3508        NdisTapi - ok
19:05:08.0247 3508        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:05:08.0278 3508        Ndisuio - ok
19:05:08.0309 3508        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:05:08.0340 3508        NdisWan - ok
19:05:08.0356 3508        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:05:08.0403 3508        NDProxy - ok
19:05:08.0481 3508        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:05:08.0528 3508        NetBIOS - ok
19:05:08.0543 3508        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:05:08.0590 3508        NetBT - ok
19:05:08.0637 3508        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:05:08.0653 3508        nfrd960 - ok
19:05:08.0747 3508        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:05:08.0795 3508        Npfs - ok
19:05:08.0811 3508        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:05:08.0858 3508        nsiproxy - ok
19:05:08.0920 3508        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:05:08.0952 3508        Ntfs - ok
19:05:08.0983 3508        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:05:09.0014 3508        Null - ok
19:05:09.0280 3508        nvlddmkm        (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:05:09.0545 3508        nvlddmkm - ok
19:05:09.0639 3508        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:05:09.0655 3508        nvraid - ok
19:05:09.0670 3508        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:05:09.0686 3508        nvstor - ok
19:05:09.0717 3508        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:05:09.0733 3508        nv_agp - ok
19:05:09.0749 3508        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:05:09.0764 3508        ohci1394 - ok
19:05:09.0811 3508        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:05:09.0827 3508        Parport - ok
19:05:09.0905 3508        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
19:05:09.0920 3508        partmgr - ok
19:05:09.0936 3508        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:05:09.0952 3508        Parvdm - ok
19:05:09.0999 3508        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:05:10.0014 3508        pci - ok
19:05:10.0030 3508        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:05:10.0030 3508        pciide - ok
19:05:10.0061 3508        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:05:10.0077 3508        pcmcia - ok
19:05:10.0155 3508        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:05:10.0170 3508        pcw - ok
19:05:10.0186 3508        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:05:10.0249 3508        PEAUTH - ok
19:05:10.0327 3508        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:05:10.0374 3508        PptpMiniport - ok
19:05:10.0436 3508        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:05:10.0483 3508        Processor - ok
19:05:10.0514 3508        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:05:10.0545 3508        Psched - ok
19:05:10.0592 3508        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:05:10.0639 3508        ql2300 - ok
19:05:10.0702 3508        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:05:10.0717 3508        ql40xx - ok
19:05:10.0733 3508        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:05:10.0764 3508        QWAVEdrv - ok
19:05:10.0780 3508        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:05:10.0811 3508        RasAcd - ok
19:05:10.0842 3508        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:05:10.0874 3508        RasAgileVpn - ok
19:05:10.0920 3508        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:05:10.0952 3508        Rasl2tp - ok
19:05:11.0030 3508        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:05:11.0077 3508        RasPppoe - ok
19:05:11.0092 3508        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:05:11.0124 3508        RasSstp - ok
19:05:11.0155 3508        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:05:11.0202 3508        rdbss - ok
19:05:11.0264 3508        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:05:11.0295 3508        rdpbus - ok
19:05:11.0389 3508        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:05:11.0436 3508        RDPCDD - ok
19:05:11.0452 3508        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:05:11.0499 3508        RDPENCDD - ok
19:05:11.0514 3508        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:05:11.0545 3508        RDPREFMP - ok
19:05:11.0624 3508        RDPWD          (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
19:05:11.0686 3508        RDPWD - ok
19:05:11.0717 3508        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:05:11.0733 3508        rdyboost - ok
19:05:11.0864 3508        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:05:11.0911 3508        rspndr - ok
19:05:11.0942 3508        RTL8187        (691db86b09e13ca5d3e8881141738cc5) C:\Windows\system32\DRIVERS\wg111v2.sys
19:05:12.0004 3508        RTL8187 - ok
19:05:12.0004 3508        RTLWUSB        (691db86b09e13ca5d3e8881141738cc5) C:\Windows\system32\DRIVERS\wg111v2.sys
19:05:12.0036 3508        RTLWUSB - ok
19:05:12.0114 3508        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:05:12.0129 3508        sbp2port - ok
19:05:12.0161 3508        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:05:12.0208 3508        scfilter - ok
19:05:12.0254 3508        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:05:12.0301 3508        secdrv - ok
19:05:12.0395 3508        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:05:12.0411 3508        Serenum - ok
19:05:12.0442 3508        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:05:12.0458 3508        Serial - ok
19:05:12.0489 3508        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:05:12.0504 3508        sermouse - ok
19:05:12.0551 3508        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:05:12.0567 3508        sffdisk - ok
19:05:12.0645 3508        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:05:12.0676 3508        sffp_mmc - ok
19:05:12.0692 3508        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:05:12.0739 3508        sffp_sd - ok
19:05:12.0754 3508        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:05:12.0786 3508        sfloppy - ok
19:05:12.0879 3508        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:05:12.0879 3508        sisagp - ok
19:05:12.0911 3508        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:05:12.0926 3508        SiSRaid2 - ok
19:05:12.0942 3508        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:05:12.0958 3508        SiSRaid4 - ok
19:05:12.0989 3508        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:05:13.0036 3508        Smb - ok
19:05:13.0129 3508        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:05:13.0145 3508        spldr - ok
19:05:13.0192 3508        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:05:13.0254 3508        srv - ok
19:05:13.0286 3508        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:05:13.0317 3508        srv2 - ok
19:05:13.0379 3508        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:05:13.0411 3508        srvnet - ok
19:05:13.0442 3508        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:05:13.0458 3508        stexstor - ok
19:05:13.0504 3508        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:05:13.0504 3508        swenum - ok
19:05:13.0629 3508        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
19:05:13.0676 3508        Tcpip - ok
19:05:13.0708 3508        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
19:05:13.0739 3508        TCPIP6 - ok
19:05:13.0770 3508        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:05:13.0801 3508        tcpipreg - ok
19:05:13.0841 3508        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:05:13.0857 3508        TDPIPE - ok
19:05:13.0935 3508        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
19:05:13.0966 3508        TDTCP - ok
19:05:13.0982 3508        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:05:14.0029 3508        tdx - ok
19:05:14.0060 3508        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:05:14.0076 3508        TermDD - ok
19:05:14.0216 3508        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:05:14.0263 3508        tssecsrv - ok
19:05:14.0294 3508        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:05:14.0341 3508        TsUsbFlt - ok
19:05:14.0373 3508        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:05:14.0404 3508        tunnel - ok
19:05:14.0482 3508        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:05:14.0498 3508        uagp35 - ok
19:05:14.0529 3508        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:05:14.0576 3508        udfs - ok
19:05:14.0623 3508        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:05:14.0638 3508        uliagpkx - ok
19:05:14.0654 3508        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:05:14.0669 3508        umbus - ok
19:05:14.0748 3508        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:05:14.0763 3508        UmPass - ok
19:05:14.0810 3508        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:05:14.0841 3508        usbccgp - ok
19:05:14.0857 3508        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:05:14.0888 3508        usbcir - ok
19:05:14.0919 3508        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:05:14.0951 3508        usbehci - ok
19:05:15.0029 3508        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:05:15.0044 3508        usbhub - ok
19:05:15.0076 3508        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
19:05:15.0107 3508        usbohci - ok
19:05:15.0138 3508        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:05:15.0154 3508        usbprint - ok
19:05:15.0201 3508        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
19:05:15.0216 3508        usbscan - ok
19:05:15.0279 3508        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:05:15.0341 3508        USBSTOR - ok
19:05:15.0357 3508        usbuhci        (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
19:05:15.0404 3508        usbuhci - ok
19:05:15.0451 3508        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:05:15.0466 3508        vdrvroot - ok
19:05:15.0529 3508        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:05:15.0560 3508        vga - ok
19:05:15.0576 3508        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:05:15.0607 3508        VgaSave - ok
19:05:15.0623 3508        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:05:15.0654 3508        vhdmp - ok
19:05:15.0685 3508        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:05:15.0701 3508        viaagp - ok
19:05:15.0763 3508        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:05:15.0779 3508        ViaC7 - ok
19:05:15.0794 3508        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:05:15.0810 3508        viaide - ok
19:05:15.0826 3508        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:05:15.0841 3508        volmgr - ok
19:05:15.0857 3508        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:05:15.0888 3508        volmgrx - ok
19:05:15.0951 3508        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:05:15.0966 3508        volsnap - ok
19:05:16.0029 3508        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:05:16.0044 3508        vsmraid - ok
19:05:16.0060 3508        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:05:16.0091 3508        vwifibus - ok
19:05:16.0154 3508        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
19:05:16.0169 3508        vwififlt - ok
19:05:16.0201 3508        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:05:16.0232 3508        WacomPen - ok
19:05:16.0279 3508        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:05:16.0310 3508        WANARP - ok
19:05:16.0310 3508        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:05:16.0341 3508        Wanarpv6 - ok
19:05:16.0373 3508        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:05:16.0388 3508        Wd - ok
19:05:16.0419 3508        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:05:16.0435 3508        Wdf01000 - ok
19:05:16.0560 3508        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:05:16.0591 3508        WfpLwf - ok
19:05:16.0623 3508        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:05:16.0638 3508        WIMMount - ok
19:05:16.0685 3508        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:05:16.0716 3508        WmiAcpi - ok
19:05:16.0826 3508        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:05:16.0873 3508        ws2ifsl - ok
19:05:16.0919 3508        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:05:16.0966 3508        WudfPf - ok
19:05:16.0982 3508        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:05:17.0044 3508        WUDFRd - ok
19:05:17.0091 3508        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:05:17.0232 3508        \Device\Harddisk0\DR0 - ok
19:05:17.0248 3508        Boot (0x1200)  (59d0ba52875339f46879bc5f800e688a) \Device\Harddisk0\DR0\Partition0
19:05:17.0248 3508        \Device\Harddisk0\DR0\Partition0 - ok
19:05:17.0263 3508        Boot (0x1200)  (f77d1d7bde9157351d016d602220329e) \Device\Harddisk0\DR0\Partition1
19:05:17.0279 3508        \Device\Harddisk0\DR0\Partition1 - ok
19:05:17.0279 3508        ============================================================
19:05:17.0279 3508        Scan finished
19:05:17.0279 3508        ============================================================
19:05:17.0294 2288        Detected object count: 1
19:05:17.0294 2288        Actual detected object count: 1
19:08:26.0958 2288        EAPPkt ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:26.0958 2288        EAPPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 16.03.2012 19:29
Auch unauffällig.
Müssen wir tiefer graben?

Hammerstein 16.03.2012 22:09
Von mir aus eher nicht. Mein Eindruck ist mittlerweile das der Rechner mit hoher Wahrscheinlichkeit sauber ist. Wenn du das auch so siehst sind wir durch.

Vielen Dank nochmal, Spende ist unterwegs, Klaus


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:41 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129