Hallo liebe Helfer vom Trojaner-Board,

nachdem der Laptop letztens öfters mal aus dem WLAN geflogen ist, habe ich zum Test einmal Malwarebytes AntiMW im Schnelldurchlauf gemacht und Getdo (Trojan.Agent) gefunden und entfernt.
Anschließend habe ich nach der Anleitung hier noch mehrere Scans von den hier empfohlenen Programmen durchlaufen lassen: ESET, OTL, GMER und abschließend nochmal einen Vollscan mit Malwarebytes AntiMW.
Dabei wurde noch ein Toolbar-Programm gefunden. Alle LOGS im gezippten Anhang.

Ich wäre froh über Hinweise, wie ich weiter verfahren sollte und ob ich die Funde einfach manuell löschen kann etc.

Besten Dank für eure Hilfe!

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code: Alles auswählenAufklappen

ATTFilter

:OTL
PRC - [2011.05.06 17:15:20 | 000,532,320 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.05.06 16:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
SRV - [2011.05.06 16:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=827316&p="
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Program Files\Ask.com
C:\Programme\Application Updater
C:\Programme\Common Files\Spigot
:Commands
[emptytemp]
[resethosts]
         

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Besten Dank für das fixe OTL-Script! Was für Funde waren nun auffällig und gefährlich? Oder eher harmlos?
Ich hab's jedenfalls ausgeführt und nach Neustart folgendes Log erhalten:

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
No active process named SearchSettings.exe was found!
Process ApplicationUpdater.exe killed successfully!
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Programme\Application Updater\ApplicationUpdater.exe moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "chr-greentree_ff&type=827316" removed from browser.search.param.yahoo-fr
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=827316&p=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
File\Folder C:\Programme\Application Updater not found.
C:\Programme\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Programme\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Programme\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Programme\Common Files\Spigot\Search Settings folder moved successfully.
C:\Programme\Common Files\Spigot folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gerd
->Temp folder emptied: 1728149371 bytes
->Temporary Internet Files folder emptied: 77577778 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37152196 bytes
->Flash cache emptied: 490 bytes
 
User: Home
->Temp folder emptied: 1606156142 bytes
->Temporary Internet Files folder emptied: 63718374 bytes
->Java cache emptied: 17551986 bytes
->FireFox cache emptied: 41599607 bytes
->Flash cache emptied: 507 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45402310 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3.450,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12162011_125333

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Soll ich nochmal einen der Scans drüberlaufen lassen oder wäre somit alles erledigt?
Besten Dank!

Bitte nun (im normalen Modus!) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Ok, nach dem TDSS-Killer-Report angeblich alles soweit in Ordnung:

Code: Alles auswählenAufklappen

ATTFilter

13:19:46.0214 0736	TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
13:19:46.0297 0736	============================================================
13:19:46.0297 0736	Current date / time: 2011/12/16 13:19:46.0297
13:19:46.0297 0736	SystemInfo:
13:19:46.0297 0736	
13:19:46.0297 0736	OS Version: 6.1.7601 ServicePack: 1.0
13:19:46.0297 0736	Product type: Workstation
13:19:46.0298 0736	ComputerName: AKOYA
13:19:46.0298 0736	UserName: Gerd
13:19:46.0298 0736	Windows directory: C:\Windows
13:19:46.0298 0736	System windows directory: C:\Windows
13:19:46.0298 0736	Processor architecture: Intel x86
13:19:46.0298 0736	Number of processors: 4
13:19:46.0298 0736	Page size: 0x1000
13:19:46.0298 0736	Boot type: Normal boot
13:19:46.0298 0736	============================================================
13:19:46.0749 0736	Initialize success
13:21:19.0135 4592	============================================================
13:21:19.0135 4592	Scan started
13:21:19.0135 4592	Mode: Manual; SigCheck; TDLFS; 
13:21:19.0135 4592	============================================================
13:21:19.0618 4592	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:21:19.0727 4592	1394ohci - ok
13:21:19.0899 4592	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:21:19.0915 4592	ACPI - ok
13:21:20.0039 4592	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:21:20.0102 4592	AcpiPmi - ok
13:21:20.0445 4592	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:21:20.0461 4592	adp94xx - ok
13:21:20.0601 4592	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:21:20.0601 4592	adpahci - ok
13:21:20.0726 4592	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:21:20.0741 4592	adpu320 - ok
13:21:20.0882 4592	Afc             (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
13:21:20.0913 4592	Afc - ok
13:21:21.0069 4592	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:21:21.0131 4592	AFD - ok
13:21:21.0241 4592	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:21:21.0256 4592	agp440 - ok
13:21:21.0397 4592	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:21:21.0412 4592	aic78xx - ok
13:21:21.0584 4592	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:21:21.0584 4592	aliide - ok
13:21:21.0709 4592	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:21:21.0709 4592	amdagp - ok
13:21:21.0849 4592	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:21:21.0849 4592	amdide - ok
13:21:21.0989 4592	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:21:22.0036 4592	AmdK8 - ok
13:21:22.0177 4592	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:21:22.0223 4592	AmdPPM - ok
13:21:22.0348 4592	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:21:22.0364 4592	amdsata - ok
13:21:22.0489 4592	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:21:22.0504 4592	amdsbs - ok
13:21:22.0598 4592	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:21:22.0613 4592	amdxata - ok
13:21:22.0816 4592	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:21:22.0925 4592	AppID - ok
13:21:23.0097 4592	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:21:23.0113 4592	arc - ok
13:21:23.0237 4592	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:21:23.0237 4592	arcsas - ok
13:21:23.0378 4592	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:21:23.0425 4592	AsyncMac - ok
13:21:23.0581 4592	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:21:23.0596 4592	atapi - ok
13:21:23.0737 4592	AtiHdmiService  (40a07e6916ac098e31a9e39ac202b8a1) C:\Windows\system32\drivers\AtiHdmi.sys
13:21:23.0752 4592	AtiHdmiService - ok
13:21:24.0002 4592	atikmdag        (427c14ea1202c874e3ead16cd2e2778a) C:\Windows\system32\DRIVERS\atikmdag.sys
13:21:24.0142 4592	atikmdag - ok
13:21:24.0283 4592	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
13:21:24.0298 4592	avgntflt - ok
13:21:24.0439 4592	avipbb          (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
13:21:24.0454 4592	avipbb - ok
13:21:24.0595 4592	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
13:21:24.0610 4592	avkmgr - ok
13:21:24.0766 4592	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:21:24.0829 4592	b06bdrv - ok
13:21:24.0969 4592	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:21:25.0000 4592	b57nd60x - ok
13:21:25.0141 4592	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:21:25.0187 4592	Beep - ok
13:21:25.0359 4592	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:21:25.0390 4592	blbdrive - ok
13:21:25.0468 4592	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:21:25.0515 4592	bowser - ok
13:21:25.0609 4592	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:21:25.0687 4592	BrFiltLo - ok
13:21:25.0796 4592	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:21:25.0843 4592	BrFiltUp - ok
13:21:25.0999 4592	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:21:26.0061 4592	Brserid - ok
13:21:26.0155 4592	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:21:26.0186 4592	BrSerWdm - ok
13:21:26.0217 4592	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:21:26.0264 4592	BrUsbMdm - ok
13:21:26.0389 4592	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:21:26.0420 4592	BrUsbSer - ok
13:21:26.0498 4592	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:21:26.0529 4592	BTHMODEM - ok
13:21:26.0685 4592	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:21:26.0763 4592	cdfs - ok
13:21:26.0903 4592	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
13:21:26.0935 4592	cdrom - ok
13:21:27.0075 4592	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:21:27.0122 4592	circlass - ok
13:21:27.0231 4592	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:21:27.0247 4592	CLFS - ok
13:21:27.0418 4592	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:21:27.0434 4592	CmBatt - ok
13:21:27.0496 4592	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:21:27.0512 4592	cmdide - ok
13:21:27.0559 4592	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
13:21:27.0574 4592	CNG - ok
13:21:27.0699 4592	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:21:27.0715 4592	Compbatt - ok
13:21:27.0824 4592	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:21:27.0855 4592	CompositeBus - ok
13:21:27.0995 4592	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:21:28.0011 4592	crcdisk - ok
13:21:28.0151 4592	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:21:28.0198 4592	DfsC - ok
13:21:28.0339 4592	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:21:28.0385 4592	discache - ok
13:21:28.0526 4592	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:21:28.0541 4592	Disk - ok
13:21:28.0666 4592	Dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
13:21:28.0697 4592	Dot4 - ok
13:21:28.0853 4592	Dot4Print       (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
13:21:28.0885 4592	Dot4Print - ok
13:21:28.0963 4592	dot4usb         (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
13:21:28.0978 4592	dot4usb - ok
13:21:29.0056 4592	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:21:29.0087 4592	drmkaud - ok
13:21:29.0150 4592	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:21:29.0165 4592	DXGKrnl - ok
13:21:29.0321 4592	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:21:29.0399 4592	ebdrv - ok
13:21:29.0462 4592	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:21:29.0477 4592	elxstor - ok
13:21:29.0524 4592	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:21:29.0555 4592	ErrDev - ok
13:21:29.0618 4592	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:21:29.0665 4592	exfat - ok
13:21:29.0821 4592	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:21:29.0867 4592	fastfat - ok
13:21:30.0008 4592	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:21:30.0039 4592	fdc - ok
13:21:30.0117 4592	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:21:30.0133 4592	FileInfo - ok
13:21:30.0179 4592	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:21:30.0226 4592	Filetrace - ok
13:21:30.0367 4592	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:21:30.0413 4592	flpydisk - ok
13:21:30.0491 4592	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:21:30.0491 4592	FltMgr - ok
13:21:30.0554 4592	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:21:30.0569 4592	FsDepends - ok
13:21:30.0647 4592	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
13:21:30.0647 4592	Fs_Rec - ok
13:21:30.0772 4592	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:21:30.0803 4592	fvevol - ok
13:21:30.0850 4592	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:21:30.0866 4592	gagp30kx - ok
13:21:30.0897 4592	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:21:30.0944 4592	hcw85cir - ok
13:21:31.0022 4592	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
13:21:31.0053 4592	HdAudAddService - ok
13:21:31.0193 4592	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:21:31.0225 4592	HDAudBus - ok
13:21:31.0271 4592	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:21:31.0303 4592	HidBatt - ok
13:21:31.0349 4592	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:21:31.0396 4592	HidBth - ok
13:21:31.0427 4592	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:21:31.0459 4592	HidIr - ok
13:21:31.0615 4592	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
13:21:31.0630 4592	HidUsb - ok
13:21:31.0771 4592	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:21:31.0771 4592	HpSAMD - ok
13:21:31.0849 4592	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:21:31.0895 4592	HTTP - ok
13:21:31.0942 4592	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:21:31.0958 4592	hwpolicy - ok
13:21:32.0005 4592	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:21:32.0051 4592	i8042prt - ok
13:21:32.0176 4592	iaStor          (d5edb998656e6ecf1a17c78dab019a3c) C:\Windows\system32\DRIVERS\iaStor.sys
13:21:32.0207 4592	iaStor - ok
13:21:32.0348 4592	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:21:32.0363 4592	iaStorV - ok
13:21:32.0410 4592	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:21:32.0426 4592	iirsp - ok
13:21:32.0613 4592	IntcAzAudAddService (98b5841cce188b565e0cc460b8fd935f) C:\Windows\system32\drivers\RTKVHDA.sys
13:21:32.0691 4592	IntcAzAudAddService - ok
13:21:32.0722 4592	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:21:32.0738 4592	intelide - ok
13:21:32.0785 4592	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:21:32.0800 4592	intelppm - ok
13:21:32.0831 4592	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:21:32.0878 4592	IpFilterDriver - ok
13:21:32.0941 4592	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:21:32.0941 4592	IPMIDRV - ok
13:21:33.0050 4592	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:21:33.0097 4592	IPNAT - ok
13:21:33.0253 4592	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:21:33.0299 4592	IRENUM - ok
13:21:33.0346 4592	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:21:33.0362 4592	isapnp - ok
13:21:33.0424 4592	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:21:33.0440 4592	iScsiPrt - ok
13:21:33.0502 4592	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
13:21:33.0502 4592	kbdclass - ok
13:21:33.0643 4592	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
13:21:33.0674 4592	kbdhid - ok
13:21:33.0736 4592	KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
13:21:33.0736 4592	KSecDD - ok
13:21:33.0783 4592	KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
13:21:33.0799 4592	KSecPkg - ok
13:21:33.0861 4592	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:21:33.0908 4592	lltdio - ok
13:21:33.0970 4592	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:21:33.0986 4592	LSI_FC - ok
13:21:34.0017 4592	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:21:34.0033 4592	LSI_SAS - ok
13:21:34.0095 4592	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:21:34.0095 4592	LSI_SAS2 - ok
13:21:34.0142 4592	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:21:34.0157 4592	LSI_SCSI - ok
13:21:34.0220 4592	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:21:34.0267 4592	luafv - ok
13:21:34.0423 4592	MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
13:21:34.0438 4592	MBAMProtector - ok
13:21:34.0563 4592	MBAMSwissArmy - ok
13:21:34.0672 4592	mdf16           (b066b4b2910c670530b63d5e924e8a2b) C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys
13:21:34.0688 4592	mdf16 - ok
13:21:34.0813 4592	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:21:34.0813 4592	megasas - ok
13:21:34.0937 4592	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:21:34.0953 4592	MegaSR - ok
13:21:35.0062 4592	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:21:35.0109 4592	Modem - ok
13:21:35.0249 4592	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:21:35.0281 4592	monitor - ok
13:21:35.0390 4592	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
13:21:35.0405 4592	mouclass - ok
13:21:35.0515 4592	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:21:35.0561 4592	mouhid - ok
13:21:35.0671 4592	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:21:35.0686 4592	mountmgr - ok
13:21:35.0811 4592	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:21:35.0811 4592	mpio - ok
13:21:35.0936 4592	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:21:35.0983 4592	mpsdrv - ok
13:21:36.0107 4592	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:21:36.0170 4592	MRxDAV - ok
13:21:36.0310 4592	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:21:36.0373 4592	mrxsmb - ok
13:21:36.0497 4592	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:21:36.0513 4592	mrxsmb10 - ok
13:21:36.0638 4592	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:21:36.0669 4592	mrxsmb20 - ok
13:21:36.0778 4592	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:21:36.0778 4592	msahci - ok
13:21:36.0841 4592	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:21:36.0841 4592	msdsm - ok
13:21:36.0950 4592	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:21:36.0981 4592	Msfs - ok
13:21:37.0090 4592	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:21:37.0137 4592	mshidkmdf - ok
13:21:37.0231 4592	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:21:37.0246 4592	msisadrv - ok
13:21:37.0371 4592	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:21:37.0433 4592	MSKSSRV - ok
13:21:37.0574 4592	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:21:37.0621 4592	MSPCLOCK - ok
13:21:37.0683 4592	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:21:37.0730 4592	MSPQM - ok
13:21:37.0761 4592	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:21:37.0777 4592	MsRPC - ok
13:21:37.0823 4592	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:21:37.0823 4592	mssmbios - ok
13:21:37.0886 4592	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:21:37.0933 4592	MSTEE - ok
13:21:38.0057 4592	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:21:38.0089 4592	MTConfig - ok
13:21:38.0135 4592	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:21:38.0151 4592	Mup - ok
13:21:38.0276 4592	mvd22           (8405a99d3e250eb017fe7a0dc3a9ffc0) C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys
13:21:38.0291 4592	mvd22 - ok
13:21:38.0432 4592	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:21:38.0447 4592	NativeWifiP - ok
13:21:38.0572 4592	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:21:38.0603 4592	NDIS - ok
13:21:38.0681 4592	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:21:38.0728 4592	NdisCap - ok
13:21:38.0822 4592	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:21:38.0869 4592	NdisTapi - ok
13:21:39.0025 4592	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:21:39.0071 4592	Ndisuio - ok
13:21:39.0118 4592	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:21:39.0165 4592	NdisWan - ok
13:21:39.0212 4592	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:21:39.0259 4592	NDProxy - ok
13:21:39.0337 4592	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:21:39.0399 4592	NetBIOS - ok
13:21:39.0524 4592	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:21:39.0555 4592	NetBT - ok
13:21:39.0695 4592	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:21:39.0711 4592	nfrd960 - ok
13:21:39.0805 4592	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:21:39.0851 4592	Npfs - ok
13:21:39.0961 4592	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:21:40.0007 4592	nsiproxy - ok
13:21:40.0117 4592	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:21:40.0179 4592	Ntfs - ok
13:21:40.0241 4592	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:21:40.0273 4592	Null - ok
13:21:40.0335 4592	nusb3hub        (f0cbf252811bc5fc49e7ecca3ee9519f) C:\Windows\system32\DRIVERS\nusb3hub.sys
13:21:40.0382 4592	nusb3hub - ok
13:21:40.0507 4592	nusb3xhc        (bdc5ff9b669b5475e3a6e47e5608205c) C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:21:40.0538 4592	nusb3xhc - ok
13:21:40.0616 4592	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:21:40.0616 4592	nvraid - ok
13:21:40.0663 4592	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:21:40.0678 4592	nvstor - ok
13:21:40.0709 4592	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:21:40.0725 4592	nv_agp - ok
13:21:40.0772 4592	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:21:40.0819 4592	ohci1394 - ok
13:21:40.0865 4592	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:21:40.0897 4592	Parport - ok
13:21:40.0943 4592	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
13:21:40.0959 4592	partmgr - ok
13:21:41.0006 4592	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:21:41.0037 4592	Parvdm - ok
13:21:41.0099 4592	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:21:41.0115 4592	pci - ok
13:21:41.0146 4592	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:21:41.0162 4592	pciide - ok
13:21:41.0209 4592	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:21:41.0224 4592	pcmcia - ok
13:21:41.0271 4592	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:21:41.0271 4592	pcw - ok
13:21:41.0349 4592	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:21:41.0427 4592	PEAUTH - ok
13:21:41.0614 4592	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:21:41.0661 4592	PptpMiniport - ok
13:21:41.0692 4592	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:21:41.0739 4592	Processor - ok
13:21:41.0801 4592	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:21:41.0864 4592	Psched - ok
13:21:41.0989 4592	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:21:42.0035 4592	ql2300 - ok
13:21:42.0098 4592	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:21:42.0113 4592	ql40xx - ok
13:21:42.0191 4592	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:21:42.0207 4592	QWAVEdrv - ok
13:21:42.0285 4592	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:21:42.0347 4592	RasAcd - ok
13:21:42.0410 4592	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:21:42.0425 4592	RasAgileVpn - ok
13:21:42.0457 4592	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:21:42.0519 4592	Rasl2tp - ok
13:21:42.0644 4592	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:21:42.0691 4592	RasPppoe - ok
13:21:42.0706 4592	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:21:42.0753 4592	RasSstp - ok
13:21:42.0800 4592	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:21:42.0847 4592	rdbss - ok
13:21:42.0893 4592	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:21:42.0940 4592	rdpbus - ok
13:21:42.0987 4592	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:21:43.0018 4592	RDPCDD - ok
13:21:43.0143 4592	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:21:43.0190 4592	RDPENCDD - ok
13:21:43.0221 4592	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:21:43.0252 4592	RDPREFMP - ok
13:21:43.0315 4592	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
13:21:43.0346 4592	RDPWD - ok
13:21:43.0471 4592	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:21:43.0486 4592	rdyboost - ok
13:21:43.0658 4592	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:21:43.0705 4592	rspndr - ok
13:21:43.0845 4592	RSUSBSTOR       (83f7a29b659771e60cd71999ef57aa0c) C:\Windows\system32\Drivers\RtsUStor.sys
13:21:43.0907 4592	RSUSBSTOR - ok
13:21:44.0032 4592	RTL2832UBDA     (9f9acc7e0c86d7f2e29fcb6f949173e1) C:\Windows\system32\drivers\RTL2832UBDA.sys
13:21:44.0048 4592	RTL2832UBDA - ok
13:21:44.0095 4592	RTL2832UUSB     (ad5774a01bd623b4e2ef42b82b13a3f0) C:\Windows\system32\Drivers\RTL2832UUSB.sys
13:21:44.0126 4592	RTL2832UUSB - ok
13:21:44.0126 4592	RTL2832U_IRHID  (636f046efd77b22f7c95716895d172e2) C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys
13:21:44.0188 4592	RTL2832U_IRHID - ok
13:21:44.0297 4592	RTL8167         (bcebd5d1aabce4efb7597635e347c44b) C:\Windows\system32\DRIVERS\Rt86win7.sys
13:21:44.0375 4592	RTL8167 - ok
13:21:44.0516 4592	rtl8192se       (b5e9979fbb26fc059bd87a81f763d5da) C:\Windows\system32\DRIVERS\rtl8192se.sys
13:21:44.0547 4592	rtl8192se - ok
13:21:44.0765 4592	SANDRA          (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\WNt500x86\Sandra.sys
13:21:44.0781 4592	SANDRA - ok
13:21:44.0906 4592	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:21:44.0921 4592	sbp2port - ok
13:21:45.0062 4592	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:21:45.0093 4592	scfilter - ok
13:21:45.0171 4592	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:21:45.0218 4592	secdrv - ok
13:21:45.0280 4592	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:21:45.0311 4592	Serenum - ok
13:21:45.0467 4592	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:21:45.0499 4592	Serial - ok
13:21:45.0545 4592	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:21:45.0577 4592	sermouse - ok
13:21:45.0623 4592	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:21:45.0639 4592	sffdisk - ok
13:21:45.0655 4592	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:21:45.0701 4592	sffp_mmc - ok
13:21:45.0733 4592	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:21:45.0764 4592	sffp_sd - ok
13:21:45.0795 4592	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:21:45.0842 4592	sfloppy - ok
13:21:45.0889 4592	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:21:45.0904 4592	sisagp - ok
13:21:45.0951 4592	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:21:45.0967 4592	SiSRaid2 - ok
13:21:45.0998 4592	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:21:46.0013 4592	SiSRaid4 - ok
13:21:46.0076 4592	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:21:46.0107 4592	Smb - ok
13:21:46.0154 4592	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:21:46.0169 4592	spldr - ok
13:21:46.0247 4592	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:21:46.0294 4592	srv - ok
13:21:46.0341 4592	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:21:46.0372 4592	srv2 - ok
13:21:46.0419 4592	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:21:46.0450 4592	srvnet - ok
13:21:46.0591 4592	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:21:46.0606 4592	ssmdrv - ok
13:21:46.0669 4592	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:21:46.0684 4592	stexstor - ok
13:21:46.0778 4592	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:21:46.0778 4592	swenum - ok
13:21:46.0825 4592	SynTP           (c93aa00fb1386cc00d0a66ba41847421) C:\Windows\system32\DRIVERS\SynTP.sys
13:21:46.0856 4592	SynTP - ok
13:21:47.0012 4592	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
13:21:47.0043 4592	Tcpip - ok
13:21:47.0121 4592	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
13:21:47.0152 4592	TCPIP6 - ok
13:21:47.0215 4592	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:21:47.0261 4592	tcpipreg - ok
13:21:47.0324 4592	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:21:47.0355 4592	TDPIPE - ok
13:21:47.0386 4592	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
13:21:47.0433 4592	TDTCP - ok
13:21:47.0480 4592	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:21:47.0511 4592	tdx - ok
13:21:47.0558 4592	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:21:47.0573 4592	TermDD - ok
13:21:47.0651 4592	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:21:47.0698 4592	tssecsrv - ok
13:21:47.0839 4592	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:21:47.0870 4592	TsUsbFlt - ok
13:21:47.0948 4592	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:21:47.0995 4592	tunnel - ok
13:21:48.0041 4592	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:21:48.0057 4592	uagp35 - ok
13:21:48.0104 4592	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:21:48.0135 4592	udfs - ok
13:21:48.0275 4592	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:21:48.0291 4592	uliagpkx - ok
13:21:48.0338 4592	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
13:21:48.0369 4592	umbus - ok
13:21:48.0416 4592	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:21:48.0431 4592	UmPass - ok
13:21:48.0478 4592	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
13:21:48.0525 4592	usbccgp - ok
13:21:48.0587 4592	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:21:48.0634 4592	usbcir - ok
13:21:48.0743 4592	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
13:21:48.0775 4592	usbehci - ok
13:21:48.0821 4592	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:21:48.0853 4592	usbhub - ok
13:21:48.0962 4592	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:21:48.0993 4592	usbohci - ok
13:21:49.0040 4592	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:21:49.0087 4592	usbprint - ok
13:21:49.0180 4592	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:21:49.0227 4592	USBSTOR - ok
13:21:49.0274 4592	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
13:21:49.0289 4592	usbuhci - ok
13:21:49.0430 4592	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
13:21:49.0477 4592	usbvideo - ok
13:21:49.0617 4592	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:21:49.0633 4592	vdrvroot - ok
13:21:49.0711 4592	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:21:49.0742 4592	vga - ok
13:21:49.0773 4592	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:21:49.0804 4592	VgaSave - ok
13:21:49.0851 4592	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:21:49.0867 4592	vhdmp - ok
13:21:49.0913 4592	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:21:49.0913 4592	viaagp - ok
13:21:49.0960 4592	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:21:49.0991 4592	ViaC7 - ok
13:21:50.0038 4592	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:21:50.0054 4592	viaide - ok
13:21:50.0085 4592	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:21:50.0101 4592	volmgr - ok
13:21:50.0147 4592	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:21:50.0147 4592	volmgrx - ok
13:21:50.0194 4592	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:21:50.0210 4592	volsnap - ok
13:21:50.0257 4592	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:21:50.0272 4592	vsmraid - ok
13:21:50.0319 4592	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
13:21:50.0350 4592	vwifibus - ok
13:21:50.0381 4592	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
13:21:50.0397 4592	vwififlt - ok
13:21:50.0459 4592	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:21:50.0475 4592	WacomPen - ok
13:21:50.0522 4592	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:21:50.0569 4592	WANARP - ok
13:21:50.0569 4592	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:21:50.0600 4592	Wanarpv6 - ok
13:21:50.0662 4592	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:21:50.0678 4592	Wd - ok
13:21:50.0725 4592	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:21:50.0740 4592	Wdf01000 - ok
13:21:50.0865 4592	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:21:50.0912 4592	WfpLwf - ok
13:21:50.0943 4592	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:21:50.0959 4592	WIMMount - ok
13:21:51.0115 4592	WINUSB          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\drivers\WinUSB.SYS
13:21:51.0146 4592	WINUSB - ok
13:21:51.0193 4592	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:21:51.0224 4592	WmiAcpi - ok
13:21:51.0286 4592	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:21:51.0349 4592	ws2ifsl - ok
13:21:51.0473 4592	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:21:51.0520 4592	WudfPf - ok
13:21:51.0661 4592	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:21:51.0692 4592	WUDFRd - ok
13:21:51.0739 4592	MBR (0x1B8)     (8a1c59e4dfef87510470928550466632) \Device\Harddisk0\DR0
13:21:52.0519 4592	\Device\Harddisk0\DR0 - ok
13:21:52.0550 4592	Boot (0x1200)   (5f595595523fa37504bd811fc1d4b0d7) \Device\Harddisk0\DR0\Partition0
13:21:52.0550 4592	\Device\Harddisk0\DR0\Partition0 - ok
13:21:52.0550 4592	Boot (0x1200)   (4ab78411f6e8f108a0337982af87be4a) \Device\Harddisk0\DR0\Partition1
13:21:52.0565 4592	\Device\Harddisk0\DR0\Partition1 - ok
13:21:52.0597 4592	Boot (0x1200)   (ed89f1fbf3e1ccff6ea6bc9ef29a72df) \Device\Harddisk0\DR0\Partition2
13:21:52.0597 4592	\Device\Harddisk0\DR0\Partition2 - ok
13:21:52.0597 4592	============================================================
13:21:52.0597 4592	Scan finished
13:21:52.0597 4592	============================================================
13:21:52.0597 5424	Detected object count: 0
13:21:52.0597 5424	Actual detected object count: 0
         

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop.

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix ist problemlos durchgelaufen und hat folgendes ausgespuckt:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 11-12-16.01 - Gerd 16.12.2011  13:52:33.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3061.1908 [GMT 1:00]
ausgeführt von:: c:\users\Home\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml14D7.tmp
c:\programdata\xml1564.tmp
c:\programdata\xml15D3.tmp
c:\programdata\xml3004.tmp
c:\programdata\xml3DCB.tmp
c:\programdata\xml3E59.tmp
c:\programdata\xmlB6F0.tmp
c:\programdata\xmlBA5A.tmp
c:\programdata\xmlBAA9.tmp
c:\users\Home\4.0
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-16 bis 2011-12-16  ))))))))))))))))))))))))))))))
.
.
2011-12-16 11:53 . 2011-12-16 11:53	--------	d-----w-	C:\_OTL
2011-12-15 11:35 . 2011-12-15 11:35	--------	d-----w-	c:\program files\ESET
2011-12-15 10:53 . 2011-12-15 10:53	--------	d-----w-	c:\users\Home\AppData\Roaming\Malwarebytes
2011-12-15 08:40 . 2011-12-15 08:40	--------	d-----w-	c:\users\Gerd\AppData\Roaming\Malwarebytes
2011-12-15 08:40 . 2011-12-15 08:40	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-15 08:39 . 2011-12-15 08:40	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-12-15 08:39 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-14 21:14 . 2011-11-24 04:25	2342912	----a-w-	c:\windows\system32\win32k.sys
2011-12-14 21:14 . 2011-11-05 04:26	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-14 21:14 . 2011-10-15 05:38	534528	----a-w-	c:\windows\system32\EncDec.dll
2011-12-14 21:13 . 2011-10-26 04:28	38912	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-14 21:13 . 2011-10-26 04:47	3912560	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-14 21:13 . 2011-10-26 04:47	3967856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-11-20 10:32 . 2011-11-20 10:32	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-11-20 10:32 . 2011-11-20 10:32	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-11-17 18:09 . 2011-11-05 07:10	134104	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 16:21 . 2011-10-04 17:45	134856	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-14 18:50 . 2011-06-21 17:51	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-08 12:27 . 2011-10-08 12:27	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-10-08 12:27 . 2011-10-08 12:27	161792	----a-w-	c:\windows\system32\msls31.dll
2011-10-08 12:27 . 2011-10-08 12:27	86528	----a-w-	c:\windows\system32\iesysprep.dll
2011-10-08 12:27 . 2011-10-08 12:27	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-10-08 12:27 . 2011-10-08 12:27	74752	----a-w-	c:\windows\system32\iesetup.dll
2011-10-08 12:27 . 2011-10-08 12:27	63488	----a-w-	c:\windows\system32\tdc.ocx
2011-10-08 12:27 . 2011-10-08 12:27	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-10-08 12:27 . 2011-10-08 12:27	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-10-08 12:27 . 2011-10-08 12:27	367104	----a-w-	c:\windows\system32\html.iec
2011-10-08 12:27 . 2011-10-08 12:27	23552	----a-w-	c:\windows\system32\licmgr10.dll
2011-10-08 12:27 . 2011-10-08 12:27	152064	----a-w-	c:\windows\system32\wextract.exe
2011-10-08 12:27 . 2011-10-08 12:27	150528	----a-w-	c:\windows\system32\iexpress.exe
2011-10-08 12:27 . 2011-10-08 12:27	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-10-08 12:27 . 2011-10-08 12:27	35840	----a-w-	c:\windows\system32\imgutil.dll
2011-10-08 12:27 . 2011-10-08 12:27	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2011-10-08 12:27 . 2011-10-08 12:27	11776	----a-w-	c:\windows\system32\mshta.exe
2011-10-08 12:27 . 2011-10-08 12:27	101888	----a-w-	c:\windows\system32\admparse.dll
2011-10-07 14:09 . 2011-10-07 14:09	1092400	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-10-05 16:41 . 2011-10-05 16:41	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-05 16:41 . 2011-10-05 16:41	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-05 16:41 . 2011-10-05 16:41	1166144	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-03 03:06 . 2011-09-25 07:25	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-09-29 16:03 . 2011-11-08 21:08	1290608	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-05 07:10 . 2011-11-17 18:09	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-22 8120864]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2009-12-22 678432]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-14 1549608]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-17 98304]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-10-8 823296]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-10-8 65536]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-10-8 102400]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-7-22 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 62336]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 141440]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 174592]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-10-05 31872]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-10-26 93344]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-10-26 32800]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\RpcAgentSrv.exe [2009-08-10 93848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-17 172032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-09-23 463824]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SZASSIST;SecretZone Assist Service;c:\program files\Clarus\Samsung SecretZone\SZAssistSVC.exe [2010-08-30 90112]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung SecretZone\mdf16.sys [2010-08-11 18288]
S3 mvd22;mvd22;c:\program files\Clarus\Samsung SecretZone\mvd22.sys [2010-08-11 70512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1009184]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 66363816
*Deregistered* - 66363816
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{49F1D055-E35E-4761-85F2-6948EEE9345A}: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\u1kudspy.default\
FF - prefs.js: browser.startup.homepage - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-IR_SERVER - c:\progra~1\Realtek\REALTE~1\IR_SERVER.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-16  14:02:19
ComboFix-quarantined-files.txt  2011-12-16 13:02
.
Vor Suchlauf: 7 Verzeichnis(se), 337.178.894.336 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 336.774.803.456 Bytes frei
.
- - End Of File - - 5437E612C42C43075A29B83772FB8DBE
         

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

• Starte die aswMBR.exe - (aswMBR.exe Anleitung)
  Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
  Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS-Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Ok, hier alle drei Ergebnisse.

GMER

Code: Alles auswählenAufklappen

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-16 15:03:24
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: i1gzrrin.exe; Driver: C:\Users\Gerd\AppData\Local\Temp\ugtdrpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13D1                                                                      82E82369 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                             82EBBD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                           section is writeable [0x91A19000, 0x2CB832, 0xE8000020]
PAGE            peauth.sys                                                                                         9BE3DB9B 72 Bytes  [8E, 5C, A2, E9, 27, 7A, AC, ...]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                    [74522437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]               [74505600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]              [745056BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                     [745224B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]           [74518514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]             [74514CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]            [7451506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]           [74515144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]  [74516671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]            [7451826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]       [745187BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]     [7451901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]           [7451E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]               [74514BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                             rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                             rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                             rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                             rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004e                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         

OSAM

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:08:10 on 16.12.2011

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 8.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Gerd\AppData\Local\Temp\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\Windows\system32\drivers\mbamswissarmy.sys  (File not found)
"mdf16" (mdf16) - ? - C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys
"mvd22" (mvd22) - ? - C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys
"SANDRA" (SANDRA) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\WNt500x86\Sandra.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"ugtdrpob" (ugtdrpob) - ? - C:\Users\Gerd\AppData\Local\Temp\ugtdrpob.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Samsung Auto Backup Guage.lnk" - "Clarus, Inc." - C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe  (Shortcut exists | File exists)
"Samsung Auto Backup Real-Time Daemon.lnk" - "Clarus, Inc." - C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe  (Shortcut exists | File exists)
"Samsung Auto Backup Scheduler.lnk" - "Clarus, Inc." - C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
"TMMonitor.lnk" - "ArcSoft, Inc." - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"hpqSRMon" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
"IAStorIcon" - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NUSB3MON" - "Renesas Electronics Corporation" - "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"PDVD9LanguageShortcut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"FPR6:" - "FinePrint Software, LLC" - C:\Windows\system32\fpmon6.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"SecretZone Assist Service" (SZASSIST) - "Clarus, Inc." - C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe
"SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\RpcAgentSrv.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

aswMBR

Code: Alles auswählenAufklappen

ATTFilter

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-16 15:11:21
-----------------------------
15:11:21.854    OS Version: Windows 6.1.7601 Service Pack 1
15:11:21.854    Number of processors: 4 586 0x2502
15:11:21.854    ComputerName: AKOYA  UserName: Gerd
15:11:24.007    Initialize success
15:14:35.794    AVAST engine defs: 11121600
15:15:21.986    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:15:21.986    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
15:15:22.344    Disk 0 MBR read successfully
15:15:22.360    Disk 0 MBR scan
15:15:22.360    Disk 0 unknown MBR code
15:15:22.625    Disk 0 scanning sectors +976771072
15:15:23.202    Disk 0 scanning C:\Windows\system32\drivers
15:17:20.187    Service scanning
15:17:21.419    Modules scanning
15:19:01.681    Disk 0 trace - called modules:
15:19:01.759    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
15:19:01.759    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e36230]
15:19:01.774    3 CLASSPNP.SYS[8b97659e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862f6028]
15:19:03.490    AVAST engine scan C:\Windows
15:22:18.241    AVAST engine scan C:\Windows\system32
15:34:46.996    AVAST engine scan C:\Windows\system32\drivers
15:39:19.871    AVAST engine scan C:\Users\Gerd
15:49:11.424    AVAST engine scan C:\ProgramData
16:02:22.377    Scan finished successfully
16:32:35.038    Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
16:32:35.038    The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"
         

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Hallo,

entschuldige die lange Funkstille, aber ich bin jetzt erst wieder bei meinen Eltern vorbeigekommen. Die Sicherung wurde gemacht, anschließend der MBRfix und Log findet sich hier:

Code: Alles auswählenAufklappen

ATTFilter

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2012-01-29 16:05:37
-----------------------------
16:05:37.563    OS Version: Windows 6.1.7601 Service Pack 1
16:05:37.563    Number of processors: 4 586 0x2502
16:05:37.563    ComputerName: AKOYA  UserName: Gerd
16:06:29.464    Initialize success
16:06:37.108    AVAST engine defs: 12012900
16:06:41.211    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:06:41.211    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
16:06:41.242    Disk 0 MBR read successfully
16:06:41.242    Disk 0 MBR scan
16:06:41.242    Disk 0 Windows 7 default MBR code
16:06:41.242    Disk 0 scanning sectors +976771072
16:06:41.367    Disk 0 scanning C:\Windows\system32\drivers
16:07:17.185    Service scanning
16:07:23.160    Modules scanning
16:07:31.553    Disk 0 trace - called modules:
16:07:31.584    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
16:07:31.584    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8803c618]
16:07:31.584    3 CLASSPNP.SYS[8bfc559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x864f9028]
16:07:34.314    AVAST engine scan C:\Windows
16:07:38.822    AVAST engine scan C:\Windows\system32
16:11:30.389    AVAST engine scan C:\Windows\system32\drivers
16:11:59.982    AVAST engine scan C:\Users\Gerd
16:12:51.026    AVAST engine scan C:\ProgramData
16:14:07.512    Scan finished successfully
16:26:53.396    Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
16:26:53.396    The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBRfixed.txt"
         

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hallo, die Scans haben ein paar Tracking-Cookies und einen Toolbar gefunden.

MBAM:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122802

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

29.01.2012 20:03:21
mbam-log-2012-01-29 (20-03-21).txt

Scan type: Full scan (C:\|)
Objects scanned: 310778
Time elapsed: 32 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
         

SUPERAntiSpyware:

Code: Alles auswählenAufklappen

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/29/2012 at 09:04 PM

Application Version : 5.0.1142

Core Rules Database Version : 8178
Trace Rules Database Version: 5990

Scan type       : Complete Scan
Total Scan Time : 00:50:40

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Limited User

Memory items scanned      : 889
Memory threats detected   : 0
Registry items scanned    : 26582
Registry threats detected : 0
File items scanned        : 46778
File threats detected     : 24

Adware.Tracking Cookie
	C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\home@adx.chip[2].txt [ /adx.chip ]
	C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\home@smartadserver[1].txt [ /smartadserver ]
	C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\home@webmasterplan[2].txt [ /webmasterplan ]
	C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\YGD5FS0B.txt [ /atdmt.com ]
	C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\479MF03H.txt [ /ad.yieldmanager.com ]
	C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\3SHZCFE2.txt [ /xiti.com ]
	C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\HEF4ML7W.txt [ /doubleclick.net ]
	C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\URPVIKQT.txt [ /imrworldwide.com ]
	C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\AOH2REQJ.txt [ /casalemedia.com ]
	C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\3AG6FBR9.txt [ /msnportal.112.2o7.net ]
	C:\USERS\GERD\AppData\Roaming\Microsoft\Windows\Cookies\Low\gerd@stat.aldi[1].txt [ Cookie:gerd@stat.aldi.com/ ]
	C:\USERS\GERD\AppData\Roaming\Microsoft\Windows\Cookies\Low\gerd@doubleclick[1].txt [ Cookie:gerd@doubleclick.net/ ]
	C:\USERS\GERD\AppData\Roaming\Microsoft\Windows\Cookies\Low\8K3WEMIY.txt [ Cookie:gerd@fl01.ct2.comclick.com/ ]
	C:\USERS\GERD\AppData\Roaming\Microsoft\Windows\Cookies\Low\FAVM2MTE.txt [ Cookie:gerd@adfarm1.adition.com/ ]
	C:\USERS\HOME\Cookies\YGD5FS0B.txt [ Cookie:home@atdmt.com/ ]
	C:\USERS\HOME\Cookies\479MF03H.txt [ Cookie:home@ad.yieldmanager.com/ ]
	C:\USERS\HOME\Cookies\3SHZCFE2.txt [ Cookie:home@xiti.com/ ]
	C:\USERS\HOME\Cookies\HEF4ML7W.txt [ Cookie:home@doubleclick.net/ ]
	C:\USERS\HOME\Cookies\home@smartadserver[1].txt [ Cookie:home@smartadserver.com/ ]
	C:\USERS\HOME\Cookies\home@webmasterplan[2].txt [ Cookie:home@webmasterplan.com/ ]
	C:\USERS\HOME\Cookies\URPVIKQT.txt [ Cookie:home@imrworldwide.com/cgi-bin ]
	C:\USERS\HOME\Cookies\home@adx.chip[2].txt [ Cookie:home@adx.chip.de/ ]
	C:\USERS\HOME\Cookies\AOH2REQJ.txt [ Cookie:home@casalemedia.com/ ]
	C:\USERS\HOME\Cookies\3AG6FBR9.txt [ Cookie:home@msnportal.112.2o7.net/ ]
         

ESET:

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=039b7ebe62287e4fb55002f6be68ed38
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-15 05:02:44
# local_time=2011-12-15 06:02:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 6198735 6198735 0 0
# compatibility_mode=5893 16776574 100 94 8621457 75580267 0 0
# compatibility_mode=8192 67108863 100 0 3744 3744 0 0
# scanned=188465
# found=6
# cleaned=0
# scan_time=19488
C:\Program Files\Application Updater\ApplicationUpdater.exe	probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Gerd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQT5PB0U\pdfforgeToolbar[1].msi	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\845963.msi	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
${Memory}	a variant of Win32/Adware.Toolbar.Dealio application	00000000000000000000000000000000	I
esets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=039b7ebe62287e4fb55002f6be68ed38
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-29 08:15:39
# local_time=2012-01-29 09:15:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 10117522 10117522 0 0
# compatibility_mode=5893 16776574 100 94 12540244 79499054 0 0
# compatibility_mode=8192 67108863 100 0 3922531 3922531 0 0
# scanned=13073
# found=0
# cleaned=0
# scan_time=275
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=039b7ebe62287e4fb55002f6be68ed38
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-30 11:37:55
# local_time=2012-01-30 12:37:55 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 10168168 10168168 0 0
# compatibility_mode=5893 16776574 100 94 12590890 79549700 0 0
# compatibility_mode=8192 67108863 100 0 3973177 3973177 0 0
# scanned=184466
# found=4
# cleaned=0
# scan_time=4965
C:\Windows\Installer\845963.msi	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles\12162011_125333\C_Programme\Application Updater\ApplicationUpdater.exe	probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles\12162011_125333\C_Programme\Common Files\Spigot\Search Settings\SearchSettings.exe	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles\12162011_125333\C_Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
         

Das ist ok. In C:\Qoobox bzw. C:\_OTL (Q-Ordner von CF und OTL) sind die Schädlinge isoliert und gut aufgehoben.
Der Rest ist nur Cookies, weg damit. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Sehr gut! Soweit funktioniert alles und keine Auffälligkeiten. Cookies sind gelöscht und ich würde dann das halbe Dutzend an Scannern wieder deinstallieren, wenn wir soweit alles abgecheckt hätten?!