Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Nach Problemen mit Internetkonnektivität "Getdo (Trojan.Agent)" gefunden (https://www.trojaner-board.de/106282-problemen-internetkonnektivitaet-getdo-trojan-agent-gefunden.html)

ewoks 15.12.2011 19:58
Nach Problemen mit Internetkonnektivität "Getdo (Trojan.Agent)" gefunden
 
Hallo liebe Helfer vom Trojaner-Board,

nachdem der Laptop letztens öfters mal aus dem WLAN geflogen ist, habe ich zum Test einmal Malwarebytes AntiMW im Schnelldurchlauf gemacht und Getdo (Trojan.Agent) gefunden und entfernt.
Anschließend habe ich nach der Anleitung hier noch mehrere Scans von den hier empfohlenen Programmen durchlaufen lassen: ESET, OTL, GMER und abschließend nochmal einen Vollscan mit Malwarebytes AntiMW.
Dabei wurde noch ein Toolbar-Programm gefunden. Alle LOGS im gezippten Anhang.

Ich wäre froh über Hinweise, wie ich weiter verfahren sollte und ob ich die Funde einfach manuell löschen kann etc.

Besten Dank für eure Hilfe!

cosinus 16.12.2011 12:41
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
PRC - [2011.05.06 17:15:20 | 000,532,320 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.05.06 16:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
SRV - [2011.05.06 16:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=827316&p="
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Program Files\Ask.com
C:\Programme\Application Updater
C:\Programme\Common Files\Spigot
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ewoks 16.12.2011 13:05
Besten Dank für das fixe OTL-Script! Was für Funde waren nun auffällig und gefährlich? Oder eher harmlos?
Ich hab's jedenfalls ausgeführt und nach Neustart folgendes Log erhalten:

Code:
All processes killed
========== OTL ==========
No active process named SearchSettings.exe was found!
Process ApplicationUpdater.exe killed successfully!
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Programme\Application Updater\ApplicationUpdater.exe moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "chr-greentree_ff&type=827316" removed from browser.search.param.yahoo-fr
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=827316&p=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
File\Folder C:\Programme\Application Updater not found.
C:\Programme\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Programme\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Programme\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Programme\Common Files\Spigot\Search Settings folder moved successfully.
C:\Programme\Common Files\Spigot folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gerd
->Temp folder emptied: 1728149371 bytes
->Temporary Internet Files folder emptied: 77577778 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37152196 bytes
->Flash cache emptied: 490 bytes
 
User: Home
->Temp folder emptied: 1606156142 bytes
->Temporary Internet Files folder emptied: 63718374 bytes
->Java cache emptied: 17551986 bytes
->FireFox cache emptied: 41599607 bytes
->Flash cache emptied: 507 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45402310 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3.450,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12162011_125333

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Soll ich nochmal einen der Scans drüberlaufen lassen oder wäre somit alles erledigt?
Besten Dank!

cosinus 16.12.2011 13:12
Bitte nun (im normalen Modus!) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

ewoks 16.12.2011 13:35
Ok, nach dem TDSS-Killer-Report angeblich alles soweit in Ordnung:

Code:
13:19:46.0214 0736        TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
13:19:46.0297 0736        ============================================================
13:19:46.0297 0736        Current date / time: 2011/12/16 13:19:46.0297
13:19:46.0297 0736        SystemInfo:
13:19:46.0297 0736       
13:19:46.0297 0736        OS Version: 6.1.7601 ServicePack: 1.0
13:19:46.0297 0736        Product type: Workstation
13:19:46.0298 0736        ComputerName: AKOYA
13:19:46.0298 0736        UserName: Gerd
13:19:46.0298 0736        Windows directory: C:\Windows
13:19:46.0298 0736        System windows directory: C:\Windows
13:19:46.0298 0736        Processor architecture: Intel x86
13:19:46.0298 0736        Number of processors: 4
13:19:46.0298 0736        Page size: 0x1000
13:19:46.0298 0736        Boot type: Normal boot
13:19:46.0298 0736        ============================================================
13:19:46.0749 0736        Initialize success
13:21:19.0135 4592        ============================================================
13:21:19.0135 4592        Scan started
13:21:19.0135 4592        Mode: Manual; SigCheck; TDLFS;
13:21:19.0135 4592        ============================================================
13:21:19.0618 4592        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:21:19.0727 4592        1394ohci - ok
13:21:19.0899 4592        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:21:19.0915 4592        ACPI - ok
13:21:20.0039 4592        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:21:20.0102 4592        AcpiPmi - ok
13:21:20.0445 4592        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:21:20.0461 4592        adp94xx - ok
13:21:20.0601 4592        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:21:20.0601 4592        adpahci - ok
13:21:20.0726 4592        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:21:20.0741 4592        adpu320 - ok
13:21:20.0882 4592        Afc            (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
13:21:20.0913 4592        Afc - ok
13:21:21.0069 4592        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:21:21.0131 4592        AFD - ok
13:21:21.0241 4592        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:21:21.0256 4592        agp440 - ok
13:21:21.0397 4592        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:21:21.0412 4592        aic78xx - ok
13:21:21.0584 4592        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:21:21.0584 4592        aliide - ok
13:21:21.0709 4592        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:21:21.0709 4592        amdagp - ok
13:21:21.0849 4592        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:21:21.0849 4592        amdide - ok
13:21:21.0989 4592        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:21:22.0036 4592        AmdK8 - ok
13:21:22.0177 4592        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:21:22.0223 4592        AmdPPM - ok
13:21:22.0348 4592        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:21:22.0364 4592        amdsata - ok
13:21:22.0489 4592        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:21:22.0504 4592        amdsbs - ok
13:21:22.0598 4592        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:21:22.0613 4592        amdxata - ok
13:21:22.0816 4592        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:21:22.0925 4592        AppID - ok
13:21:23.0097 4592        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:21:23.0113 4592        arc - ok
13:21:23.0237 4592        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:21:23.0237 4592        arcsas - ok
13:21:23.0378 4592        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:21:23.0425 4592        AsyncMac - ok
13:21:23.0581 4592        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:21:23.0596 4592        atapi - ok
13:21:23.0737 4592        AtiHdmiService  (40a07e6916ac098e31a9e39ac202b8a1) C:\Windows\system32\drivers\AtiHdmi.sys
13:21:23.0752 4592        AtiHdmiService - ok
13:21:24.0002 4592        atikmdag        (427c14ea1202c874e3ead16cd2e2778a) C:\Windows\system32\DRIVERS\atikmdag.sys
13:21:24.0142 4592        atikmdag - ok
13:21:24.0283 4592        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
13:21:24.0298 4592        avgntflt - ok
13:21:24.0439 4592        avipbb          (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
13:21:24.0454 4592        avipbb - ok
13:21:24.0595 4592        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
13:21:24.0610 4592        avkmgr - ok
13:21:24.0766 4592        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:21:24.0829 4592        b06bdrv - ok
13:21:24.0969 4592        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:21:25.0000 4592        b57nd60x - ok
13:21:25.0141 4592        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:21:25.0187 4592        Beep - ok
13:21:25.0359 4592        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:21:25.0390 4592        blbdrive - ok
13:21:25.0468 4592        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:21:25.0515 4592        bowser - ok
13:21:25.0609 4592        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:21:25.0687 4592        BrFiltLo - ok
13:21:25.0796 4592        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:21:25.0843 4592        BrFiltUp - ok
13:21:25.0999 4592        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:21:26.0061 4592        Brserid - ok
13:21:26.0155 4592        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:21:26.0186 4592        BrSerWdm - ok
13:21:26.0217 4592        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:21:26.0264 4592        BrUsbMdm - ok
13:21:26.0389 4592        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:21:26.0420 4592        BrUsbSer - ok
13:21:26.0498 4592        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:21:26.0529 4592        BTHMODEM - ok
13:21:26.0685 4592        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:21:26.0763 4592        cdfs - ok
13:21:26.0903 4592        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
13:21:26.0935 4592        cdrom - ok
13:21:27.0075 4592        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:21:27.0122 4592        circlass - ok
13:21:27.0231 4592        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:21:27.0247 4592        CLFS - ok
13:21:27.0418 4592        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:21:27.0434 4592        CmBatt - ok
13:21:27.0496 4592        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:21:27.0512 4592        cmdide - ok
13:21:27.0559 4592        CNG            (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
13:21:27.0574 4592        CNG - ok
13:21:27.0699 4592        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:21:27.0715 4592        Compbatt - ok
13:21:27.0824 4592        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:21:27.0855 4592        CompositeBus - ok
13:21:27.0995 4592        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:21:28.0011 4592        crcdisk - ok
13:21:28.0151 4592        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:21:28.0198 4592        DfsC - ok
13:21:28.0339 4592        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:21:28.0385 4592        discache - ok
13:21:28.0526 4592        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:21:28.0541 4592        Disk - ok
13:21:28.0666 4592        Dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
13:21:28.0697 4592        Dot4 - ok
13:21:28.0853 4592        Dot4Print      (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
13:21:28.0885 4592        Dot4Print - ok
13:21:28.0963 4592        dot4usb        (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
13:21:28.0978 4592        dot4usb - ok
13:21:29.0056 4592        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:21:29.0087 4592        drmkaud - ok
13:21:29.0150 4592        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:21:29.0165 4592        DXGKrnl - ok
13:21:29.0321 4592        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:21:29.0399 4592        ebdrv - ok
13:21:29.0462 4592        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:21:29.0477 4592        elxstor - ok
13:21:29.0524 4592        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:21:29.0555 4592        ErrDev - ok
13:21:29.0618 4592        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:21:29.0665 4592        exfat - ok
13:21:29.0821 4592        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:21:29.0867 4592        fastfat - ok
13:21:30.0008 4592        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:21:30.0039 4592        fdc - ok
13:21:30.0117 4592        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:21:30.0133 4592        FileInfo - ok
13:21:30.0179 4592        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:21:30.0226 4592        Filetrace - ok
13:21:30.0367 4592        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:21:30.0413 4592        flpydisk - ok
13:21:30.0491 4592        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:21:30.0491 4592        FltMgr - ok
13:21:30.0554 4592        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:21:30.0569 4592        FsDepends - ok
13:21:30.0647 4592        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
13:21:30.0647 4592        Fs_Rec - ok
13:21:30.0772 4592        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:21:30.0803 4592        fvevol - ok
13:21:30.0850 4592        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:21:30.0866 4592        gagp30kx - ok
13:21:30.0897 4592        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:21:30.0944 4592        hcw85cir - ok
13:21:31.0022 4592        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
13:21:31.0053 4592        HdAudAddService - ok
13:21:31.0193 4592        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:21:31.0225 4592        HDAudBus - ok
13:21:31.0271 4592        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:21:31.0303 4592        HidBatt - ok
13:21:31.0349 4592        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:21:31.0396 4592        HidBth - ok
13:21:31.0427 4592        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:21:31.0459 4592        HidIr - ok
13:21:31.0615 4592        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
13:21:31.0630 4592        HidUsb - ok
13:21:31.0771 4592        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:21:31.0771 4592        HpSAMD - ok
13:21:31.0849 4592        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:21:31.0895 4592        HTTP - ok
13:21:31.0942 4592        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:21:31.0958 4592        hwpolicy - ok
13:21:32.0005 4592        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:21:32.0051 4592        i8042prt - ok
13:21:32.0176 4592        iaStor          (d5edb998656e6ecf1a17c78dab019a3c) C:\Windows\system32\DRIVERS\iaStor.sys
13:21:32.0207 4592        iaStor - ok
13:21:32.0348 4592        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:21:32.0363 4592        iaStorV - ok
13:21:32.0410 4592        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:21:32.0426 4592        iirsp - ok
13:21:32.0613 4592        IntcAzAudAddService (98b5841cce188b565e0cc460b8fd935f) C:\Windows\system32\drivers\RTKVHDA.sys
13:21:32.0691 4592        IntcAzAudAddService - ok
13:21:32.0722 4592        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:21:32.0738 4592        intelide - ok
13:21:32.0785 4592        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:21:32.0800 4592        intelppm - ok
13:21:32.0831 4592        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:21:32.0878 4592        IpFilterDriver - ok
13:21:32.0941 4592        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:21:32.0941 4592        IPMIDRV - ok
13:21:33.0050 4592        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:21:33.0097 4592        IPNAT - ok
13:21:33.0253 4592        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:21:33.0299 4592        IRENUM - ok
13:21:33.0346 4592        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:21:33.0362 4592        isapnp - ok
13:21:33.0424 4592        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:21:33.0440 4592        iScsiPrt - ok
13:21:33.0502 4592        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
13:21:33.0502 4592        kbdclass - ok
13:21:33.0643 4592        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
13:21:33.0674 4592        kbdhid - ok
13:21:33.0736 4592        KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
13:21:33.0736 4592        KSecDD - ok
13:21:33.0783 4592        KSecPkg        (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
13:21:33.0799 4592        KSecPkg - ok
13:21:33.0861 4592        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:21:33.0908 4592        lltdio - ok
13:21:33.0970 4592        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:21:33.0986 4592        LSI_FC - ok
13:21:34.0017 4592        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:21:34.0033 4592        LSI_SAS - ok
13:21:34.0095 4592        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:21:34.0095 4592        LSI_SAS2 - ok
13:21:34.0142 4592        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:21:34.0157 4592        LSI_SCSI - ok
13:21:34.0220 4592        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:21:34.0267 4592        luafv - ok
13:21:34.0423 4592        MBAMProtector  (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
13:21:34.0438 4592        MBAMProtector - ok
13:21:34.0563 4592        MBAMSwissArmy - ok
13:21:34.0672 4592        mdf16          (b066b4b2910c670530b63d5e924e8a2b) C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys
13:21:34.0688 4592        mdf16 - ok
13:21:34.0813 4592        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:21:34.0813 4592        megasas - ok
13:21:34.0937 4592        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:21:34.0953 4592        MegaSR - ok
13:21:35.0062 4592        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:21:35.0109 4592        Modem - ok
13:21:35.0249 4592        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:21:35.0281 4592        monitor - ok
13:21:35.0390 4592        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
13:21:35.0405 4592        mouclass - ok
13:21:35.0515 4592        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:21:35.0561 4592        mouhid - ok
13:21:35.0671 4592        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:21:35.0686 4592        mountmgr - ok
13:21:35.0811 4592        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:21:35.0811 4592        mpio - ok
13:21:35.0936 4592        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:21:35.0983 4592        mpsdrv - ok
13:21:36.0107 4592        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:21:36.0170 4592        MRxDAV - ok
13:21:36.0310 4592        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:21:36.0373 4592        mrxsmb - ok
13:21:36.0497 4592        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:21:36.0513 4592        mrxsmb10 - ok
13:21:36.0638 4592        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:21:36.0669 4592        mrxsmb20 - ok
13:21:36.0778 4592        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:21:36.0778 4592        msahci - ok
13:21:36.0841 4592        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:21:36.0841 4592        msdsm - ok
13:21:36.0950 4592        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:21:36.0981 4592        Msfs - ok
13:21:37.0090 4592        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:21:37.0137 4592        mshidkmdf - ok
13:21:37.0231 4592        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:21:37.0246 4592        msisadrv - ok
13:21:37.0371 4592        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:21:37.0433 4592        MSKSSRV - ok
13:21:37.0574 4592        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:21:37.0621 4592        MSPCLOCK - ok
13:21:37.0683 4592        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:21:37.0730 4592        MSPQM - ok
13:21:37.0761 4592        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:21:37.0777 4592        MsRPC - ok
13:21:37.0823 4592        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:21:37.0823 4592        mssmbios - ok
13:21:37.0886 4592        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:21:37.0933 4592        MSTEE - ok
13:21:38.0057 4592        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:21:38.0089 4592        MTConfig - ok
13:21:38.0135 4592        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:21:38.0151 4592        Mup - ok
13:21:38.0276 4592        mvd22          (8405a99d3e250eb017fe7a0dc3a9ffc0) C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys
13:21:38.0291 4592        mvd22 - ok
13:21:38.0432 4592        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:21:38.0447 4592        NativeWifiP - ok
13:21:38.0572 4592        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:21:38.0603 4592        NDIS - ok
13:21:38.0681 4592        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:21:38.0728 4592        NdisCap - ok
13:21:38.0822 4592        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:21:38.0869 4592        NdisTapi - ok
13:21:39.0025 4592        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:21:39.0071 4592        Ndisuio - ok
13:21:39.0118 4592        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:21:39.0165 4592        NdisWan - ok
13:21:39.0212 4592        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:21:39.0259 4592        NDProxy - ok
13:21:39.0337 4592        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:21:39.0399 4592        NetBIOS - ok
13:21:39.0524 4592        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:21:39.0555 4592        NetBT - ok
13:21:39.0695 4592        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:21:39.0711 4592        nfrd960 - ok
13:21:39.0805 4592        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:21:39.0851 4592        Npfs - ok
13:21:39.0961 4592        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:21:40.0007 4592        nsiproxy - ok
13:21:40.0117 4592        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:21:40.0179 4592        Ntfs - ok
13:21:40.0241 4592        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:21:40.0273 4592        Null - ok
13:21:40.0335 4592        nusb3hub        (f0cbf252811bc5fc49e7ecca3ee9519f) C:\Windows\system32\DRIVERS\nusb3hub.sys
13:21:40.0382 4592        nusb3hub - ok
13:21:40.0507 4592        nusb3xhc        (bdc5ff9b669b5475e3a6e47e5608205c) C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:21:40.0538 4592        nusb3xhc - ok
13:21:40.0616 4592        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:21:40.0616 4592        nvraid - ok
13:21:40.0663 4592        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:21:40.0678 4592        nvstor - ok
13:21:40.0709 4592        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:21:40.0725 4592        nv_agp - ok
13:21:40.0772 4592        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:21:40.0819 4592        ohci1394 - ok
13:21:40.0865 4592        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:21:40.0897 4592        Parport - ok
13:21:40.0943 4592        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
13:21:40.0959 4592        partmgr - ok
13:21:41.0006 4592        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:21:41.0037 4592        Parvdm - ok
13:21:41.0099 4592        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:21:41.0115 4592        pci - ok
13:21:41.0146 4592        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:21:41.0162 4592        pciide - ok
13:21:41.0209 4592        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:21:41.0224 4592        pcmcia - ok
13:21:41.0271 4592        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:21:41.0271 4592        pcw - ok
13:21:41.0349 4592        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:21:41.0427 4592        PEAUTH - ok
13:21:41.0614 4592        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:21:41.0661 4592        PptpMiniport - ok
13:21:41.0692 4592        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:21:41.0739 4592        Processor - ok
13:21:41.0801 4592        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:21:41.0864 4592        Psched - ok
13:21:41.0989 4592        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:21:42.0035 4592        ql2300 - ok
13:21:42.0098 4592        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:21:42.0113 4592        ql40xx - ok
13:21:42.0191 4592        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:21:42.0207 4592        QWAVEdrv - ok
13:21:42.0285 4592        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:21:42.0347 4592        RasAcd - ok
13:21:42.0410 4592        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:21:42.0425 4592        RasAgileVpn - ok
13:21:42.0457 4592        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:21:42.0519 4592        Rasl2tp - ok
13:21:42.0644 4592        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:21:42.0691 4592        RasPppoe - ok
13:21:42.0706 4592        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:21:42.0753 4592        RasSstp - ok
13:21:42.0800 4592        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:21:42.0847 4592        rdbss - ok
13:21:42.0893 4592        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:21:42.0940 4592        rdpbus - ok
13:21:42.0987 4592        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:21:43.0018 4592        RDPCDD - ok
13:21:43.0143 4592        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:21:43.0190 4592        RDPENCDD - ok
13:21:43.0221 4592        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:21:43.0252 4592        RDPREFMP - ok
13:21:43.0315 4592        RDPWD          (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
13:21:43.0346 4592        RDPWD - ok
13:21:43.0471 4592        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:21:43.0486 4592        rdyboost - ok
13:21:43.0658 4592        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:21:43.0705 4592        rspndr - ok
13:21:43.0845 4592        RSUSBSTOR      (83f7a29b659771e60cd71999ef57aa0c) C:\Windows\system32\Drivers\RtsUStor.sys
13:21:43.0907 4592        RSUSBSTOR - ok
13:21:44.0032 4592        RTL2832UBDA    (9f9acc7e0c86d7f2e29fcb6f949173e1) C:\Windows\system32\drivers\RTL2832UBDA.sys
13:21:44.0048 4592        RTL2832UBDA - ok
13:21:44.0095 4592        RTL2832UUSB    (ad5774a01bd623b4e2ef42b82b13a3f0) C:\Windows\system32\Drivers\RTL2832UUSB.sys
13:21:44.0126 4592        RTL2832UUSB - ok
13:21:44.0126 4592        RTL2832U_IRHID  (636f046efd77b22f7c95716895d172e2) C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys
13:21:44.0188 4592        RTL2832U_IRHID - ok
13:21:44.0297 4592        RTL8167        (bcebd5d1aabce4efb7597635e347c44b) C:\Windows\system32\DRIVERS\Rt86win7.sys
13:21:44.0375 4592        RTL8167 - ok
13:21:44.0516 4592        rtl8192se      (b5e9979fbb26fc059bd87a81f763d5da) C:\Windows\system32\DRIVERS\rtl8192se.sys
13:21:44.0547 4592        rtl8192se - ok
13:21:44.0765 4592        SANDRA          (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\WNt500x86\Sandra.sys
13:21:44.0781 4592        SANDRA - ok
13:21:44.0906 4592        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:21:44.0921 4592        sbp2port - ok
13:21:45.0062 4592        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:21:45.0093 4592        scfilter - ok
13:21:45.0171 4592        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:21:45.0218 4592        secdrv - ok
13:21:45.0280 4592        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:21:45.0311 4592        Serenum - ok
13:21:45.0467 4592        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:21:45.0499 4592        Serial - ok
13:21:45.0545 4592        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:21:45.0577 4592        sermouse - ok
13:21:45.0623 4592        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:21:45.0639 4592        sffdisk - ok
13:21:45.0655 4592        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:21:45.0701 4592        sffp_mmc - ok
13:21:45.0733 4592        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:21:45.0764 4592        sffp_sd - ok
13:21:45.0795 4592        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:21:45.0842 4592        sfloppy - ok
13:21:45.0889 4592        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:21:45.0904 4592        sisagp - ok
13:21:45.0951 4592        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:21:45.0967 4592        SiSRaid2 - ok
13:21:45.0998 4592        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:21:46.0013 4592        SiSRaid4 - ok
13:21:46.0076 4592        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:21:46.0107 4592        Smb - ok
13:21:46.0154 4592        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:21:46.0169 4592        spldr - ok
13:21:46.0247 4592        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:21:46.0294 4592        srv - ok
13:21:46.0341 4592        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:21:46.0372 4592        srv2 - ok
13:21:46.0419 4592        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:21:46.0450 4592        srvnet - ok
13:21:46.0591 4592        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:21:46.0606 4592        ssmdrv - ok
13:21:46.0669 4592        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:21:46.0684 4592        stexstor - ok
13:21:46.0778 4592        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:21:46.0778 4592        swenum - ok
13:21:46.0825 4592        SynTP          (c93aa00fb1386cc00d0a66ba41847421) C:\Windows\system32\DRIVERS\SynTP.sys
13:21:46.0856 4592        SynTP - ok
13:21:47.0012 4592        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
13:21:47.0043 4592        Tcpip - ok
13:21:47.0121 4592        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
13:21:47.0152 4592        TCPIP6 - ok
13:21:47.0215 4592        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:21:47.0261 4592        tcpipreg - ok
13:21:47.0324 4592        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:21:47.0355 4592        TDPIPE - ok
13:21:47.0386 4592        TDTCP          (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
13:21:47.0433 4592        TDTCP - ok
13:21:47.0480 4592        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:21:47.0511 4592        tdx - ok
13:21:47.0558 4592        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:21:47.0573 4592        TermDD - ok
13:21:47.0651 4592        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:21:47.0698 4592        tssecsrv - ok
13:21:47.0839 4592        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:21:47.0870 4592        TsUsbFlt - ok
13:21:47.0948 4592        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:21:47.0995 4592        tunnel - ok
13:21:48.0041 4592        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:21:48.0057 4592        uagp35 - ok
13:21:48.0104 4592        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:21:48.0135 4592        udfs - ok
13:21:48.0275 4592        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:21:48.0291 4592        uliagpkx - ok
13:21:48.0338 4592        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
13:21:48.0369 4592        umbus - ok
13:21:48.0416 4592        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:21:48.0431 4592        UmPass - ok
13:21:48.0478 4592        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
13:21:48.0525 4592        usbccgp - ok
13:21:48.0587 4592        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:21:48.0634 4592        usbcir - ok
13:21:48.0743 4592        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
13:21:48.0775 4592        usbehci - ok
13:21:48.0821 4592        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:21:48.0853 4592        usbhub - ok
13:21:48.0962 4592        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:21:48.0993 4592        usbohci - ok
13:21:49.0040 4592        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:21:49.0087 4592        usbprint - ok
13:21:49.0180 4592        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:21:49.0227 4592        USBSTOR - ok
13:21:49.0274 4592        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
13:21:49.0289 4592        usbuhci - ok
13:21:49.0430 4592        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
13:21:49.0477 4592        usbvideo - ok
13:21:49.0617 4592        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:21:49.0633 4592        vdrvroot - ok
13:21:49.0711 4592        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:21:49.0742 4592        vga - ok
13:21:49.0773 4592        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:21:49.0804 4592        VgaSave - ok
13:21:49.0851 4592        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:21:49.0867 4592        vhdmp - ok
13:21:49.0913 4592        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:21:49.0913 4592        viaagp - ok
13:21:49.0960 4592        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:21:49.0991 4592        ViaC7 - ok
13:21:50.0038 4592        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:21:50.0054 4592        viaide - ok
13:21:50.0085 4592        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:21:50.0101 4592        volmgr - ok
13:21:50.0147 4592        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:21:50.0147 4592        volmgrx - ok
13:21:50.0194 4592        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:21:50.0210 4592        volsnap - ok
13:21:50.0257 4592        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:21:50.0272 4592        vsmraid - ok
13:21:50.0319 4592        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
13:21:50.0350 4592        vwifibus - ok
13:21:50.0381 4592        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
13:21:50.0397 4592        vwififlt - ok
13:21:50.0459 4592        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:21:50.0475 4592        WacomPen - ok
13:21:50.0522 4592        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:21:50.0569 4592        WANARP - ok
13:21:50.0569 4592        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:21:50.0600 4592        Wanarpv6 - ok
13:21:50.0662 4592        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:21:50.0678 4592        Wd - ok
13:21:50.0725 4592        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:21:50.0740 4592        Wdf01000 - ok
13:21:50.0865 4592        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:21:50.0912 4592        WfpLwf - ok
13:21:50.0943 4592        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:21:50.0959 4592        WIMMount - ok
13:21:51.0115 4592        WINUSB          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\drivers\WinUSB.SYS
13:21:51.0146 4592        WINUSB - ok
13:21:51.0193 4592        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:21:51.0224 4592        WmiAcpi - ok
13:21:51.0286 4592        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:21:51.0349 4592        ws2ifsl - ok
13:21:51.0473 4592        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:21:51.0520 4592        WudfPf - ok
13:21:51.0661 4592        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:21:51.0692 4592        WUDFRd - ok
13:21:51.0739 4592        MBR (0x1B8)    (8a1c59e4dfef87510470928550466632) \Device\Harddisk0\DR0
13:21:52.0519 4592        \Device\Harddisk0\DR0 - ok
13:21:52.0550 4592        Boot (0x1200)  (5f595595523fa37504bd811fc1d4b0d7) \Device\Harddisk0\DR0\Partition0
13:21:52.0550 4592        \Device\Harddisk0\DR0\Partition0 - ok
13:21:52.0550 4592        Boot (0x1200)  (4ab78411f6e8f108a0337982af87be4a) \Device\Harddisk0\DR0\Partition1
13:21:52.0565 4592        \Device\Harddisk0\DR0\Partition1 - ok
13:21:52.0597 4592        Boot (0x1200)  (ed89f1fbf3e1ccff6ea6bc9ef29a72df) \Device\Harddisk0\DR0\Partition2
13:21:52.0597 4592        \Device\Harddisk0\DR0\Partition2 - ok
13:21:52.0597 4592        ============================================================
13:21:52.0597 4592        Scan finished
13:21:52.0597 4592        ============================================================
13:21:52.0597 5424        Detected object count: 0
13:21:52.0597 5424        Actual detected object count: 0

cosinus 16.12.2011 13:43
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

ewoks 16.12.2011 14:09
Combofix ist problemlos durchgelaufen und hat folgendes ausgespuckt:
Code:
ComboFix 11-12-16.01 - Gerd 16.12.2011  13:52:33.1.4 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3061.1908 [GMT 1:00]
ausgeführt von:: c:\users\Home\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml14D7.tmp
c:\programdata\xml1564.tmp
c:\programdata\xml15D3.tmp
c:\programdata\xml3004.tmp
c:\programdata\xml3DCB.tmp
c:\programdata\xml3E59.tmp
c:\programdata\xmlB6F0.tmp
c:\programdata\xmlBA5A.tmp
c:\programdata\xmlBAA9.tmp
c:\users\Home\4.0
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-16 bis 2011-12-16  ))))))))))))))))))))))))))))))
.
.
2011-12-16 11:53 . 2011-12-16 11:53        --------        d-----w-        C:\_OTL
2011-12-15 11:35 . 2011-12-15 11:35        --------        d-----w-        c:\program files\ESET
2011-12-15 10:53 . 2011-12-15 10:53        --------        d-----w-        c:\users\Home\AppData\Roaming\Malwarebytes
2011-12-15 08:40 . 2011-12-15 08:40        --------        d-----w-        c:\users\Gerd\AppData\Roaming\Malwarebytes
2011-12-15 08:40 . 2011-12-15 08:40        --------        d-----w-        c:\programdata\Malwarebytes
2011-12-15 08:39 . 2011-12-15 08:40        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-12-15 08:39 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-14 21:14 . 2011-11-24 04:25        2342912        ----a-w-        c:\windows\system32\win32k.sys
2011-12-14 21:14 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-12-14 21:14 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-14 21:13 . 2011-10-26 04:28        38912        ----a-w-        c:\windows\system32\csrsrv.dll
2011-12-14 21:13 . 2011-10-26 04:47        3912560        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-12-14 21:13 . 2011-10-26 04:47        3967856        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-11-20 10:32 . 2011-11-20 10:32        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-11-20 10:32 . 2011-11-20 10:32        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-11-17 18:09 . 2011-11-05 07:10        134104        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 16:21 . 2011-10-04 17:45        134856        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-11-14 18:50 . 2011-06-21 17:51        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-08 12:27 . 2011-10-08 12:27        74752        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2011-10-08 12:27 . 2011-10-08 12:27        161792        ----a-w-        c:\windows\system32\msls31.dll
2011-10-08 12:27 . 2011-10-08 12:27        86528        ----a-w-        c:\windows\system32\iesysprep.dll
2011-10-08 12:27 . 2011-10-08 12:27        76800        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2011-10-08 12:27 . 2011-10-08 12:27        74752        ----a-w-        c:\windows\system32\iesetup.dll
2011-10-08 12:27 . 2011-10-08 12:27        63488        ----a-w-        c:\windows\system32\tdc.ocx
2011-10-08 12:27 . 2011-10-08 12:27        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2011-10-08 12:27 . 2011-10-08 12:27        420864        ----a-w-        c:\windows\system32\vbscript.dll
2011-10-08 12:27 . 2011-10-08 12:27        367104        ----a-w-        c:\windows\system32\html.iec
2011-10-08 12:27 . 2011-10-08 12:27        23552        ----a-w-        c:\windows\system32\licmgr10.dll
2011-10-08 12:27 . 2011-10-08 12:27        152064        ----a-w-        c:\windows\system32\wextract.exe
2011-10-08 12:27 . 2011-10-08 12:27        150528        ----a-w-        c:\windows\system32\iexpress.exe
2011-10-08 12:27 . 2011-10-08 12:27        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2011-10-08 12:27 . 2011-10-08 12:27        35840        ----a-w-        c:\windows\system32\imgutil.dll
2011-10-08 12:27 . 2011-10-08 12:27        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2011-10-08 12:27 . 2011-10-08 12:27        11776        ----a-w-        c:\windows\system32\mshta.exe
2011-10-08 12:27 . 2011-10-08 12:27        101888        ----a-w-        c:\windows\system32\admparse.dll
2011-10-07 14:09 . 2011-10-07 14:09        1092400        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-10-05 16:41 . 2011-10-05 16:41        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-05 16:41 . 2011-10-05 16:41        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-05 16:41 . 2011-10-05 16:41        1166144        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-03 03:06 . 2011-09-25 07:25        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-09-29 16:03 . 2011-11-08 21:08        1290608        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2011-11-05 07:10 . 2011-11-17 18:09        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-22 8120864]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2009-12-22 678432]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-14 1549608]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-17 98304]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-10-8 823296]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-10-8 65536]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-10-8 102400]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-7-22 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 62336]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 141440]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 174592]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-10-05 31872]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-10-26 93344]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-10-26 32800]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\RpcAgentSrv.exe [2009-08-10 93848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-17 172032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-09-23 463824]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SZASSIST;SecretZone Assist Service;c:\program files\Clarus\Samsung SecretZone\SZAssistSVC.exe [2010-08-30 90112]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung SecretZone\mdf16.sys [2010-08-11 18288]
S3 mvd22;mvd22;c:\program files\Clarus\Samsung SecretZone\mvd22.sys [2010-08-11 70512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1009184]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 66363816
*Deregistered* - 66363816
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{49F1D055-E35E-4761-85F2-6948EEE9345A}: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\u1kudspy.default\
FF - prefs.js: browser.startup.homepage -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-IR_SERVER - c:\progra~1\Realtek\REALTE~1\IR_SERVER.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-16  14:02:19
ComboFix-quarantined-files.txt  2011-12-16 13:02
.
Vor Suchlauf: 7 Verzeichnis(se), 337.178.894.336 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 336.774.803.456 Bytes frei
.
- - End Of File - - 5437E612C42C43075A29B83772FB8DBE

cosinus 16.12.2011 14:29
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

ewoks 16.12.2011 16:36
Ok, hier alle drei Ergebnisse.

GMER
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-16 15:03:24
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: i1gzrrin.exe; Driver: C:\Users\Gerd\AppData\Local\Temp\ugtdrpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKey + 13D1                                                                      82E82369 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                            82EBBD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          C:\Windows\system32\DRIVERS\atikmdag.sys                                                          section is writeable [0x91A19000, 0x2CB832, 0xE8000020]
PAGE            peauth.sys                                                                                        9BE3DB9B 72 Bytes  [8E, 5C, A2, E9, 27, 7A, AC, ...]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                    [74522437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]              [74505600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]              [745056BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                    [745224B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]          [74518514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]            [74514CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]            [7451506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]          [74515144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]  [74516671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]            [7451826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]      [745187BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]    [7451901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]          [7451E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]              [74514BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004e                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
OSAM
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:08:10 on 16.12.2011

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 8.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Gerd\AppData\Local\Temp\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\Windows\system32\drivers\mbamswissarmy.sys  (File not found)
"mdf16" (mdf16) - ? - C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys
"mvd22" (mvd22) - ? - C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys
"SANDRA" (SANDRA) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\WNt500x86\Sandra.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"ugtdrpob" (ugtdrpob) - ? - C:\Users\Gerd\AppData\Local\Temp\ugtdrpob.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Samsung Auto Backup Guage.lnk" - "Clarus, Inc." - C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe  (Shortcut exists | File exists)
"Samsung Auto Backup Real-Time Daemon.lnk" - "Clarus, Inc." - C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe  (Shortcut exists | File exists)
"Samsung Auto Backup Scheduler.lnk" - "Clarus, Inc." - C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
"TMMonitor.lnk" - "ArcSoft, Inc." - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"hpqSRMon" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
"IAStorIcon" - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NUSB3MON" - "Renesas Electronics Corporation" - "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"PDVD9LanguageShortcut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"FPR6:" - "FinePrint Software, LLC" - C:\Windows\system32\fpmon6.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"SecretZone Assist Service" (SZASSIST) - "Clarus, Inc." - C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe
"SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\RpcAgentSrv.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR
Code:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-16 15:11:21
-----------------------------
15:11:21.854    OS Version: Windows 6.1.7601 Service Pack 1
15:11:21.854    Number of processors: 4 586 0x2502
15:11:21.854    ComputerName: AKOYA  UserName: Gerd
15:11:24.007    Initialize success
15:14:35.794    AVAST engine defs: 11121600
15:15:21.986    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:15:21.986    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
15:15:22.344    Disk 0 MBR read successfully
15:15:22.360    Disk 0 MBR scan
15:15:22.360    Disk 0 unknown MBR code
15:15:22.625    Disk 0 scanning sectors +976771072
15:15:23.202    Disk 0 scanning C:\Windows\system32\drivers
15:17:20.187    Service scanning
15:17:21.419    Modules scanning
15:19:01.681    Disk 0 trace - called modules:
15:19:01.759    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
15:19:01.759    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e36230]
15:19:01.774    3 CLASSPNP.SYS[8b97659e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862f6028]
15:19:03.490    AVAST engine scan C:\Windows
15:22:18.241    AVAST engine scan C:\Windows\system32
15:34:46.996    AVAST engine scan C:\Windows\system32\drivers
15:39:19.871    AVAST engine scan C:\Users\Gerd
15:49:11.424    AVAST engine scan C:\ProgramData
16:02:22.377    Scan finished successfully
16:32:35.038    Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
16:32:35.038    The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"

cosinus 17.12.2011 20:07
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

ewoks 29.01.2012 16:31
Hallo,

entschuldige die lange Funkstille, aber ich bin jetzt erst wieder bei meinen Eltern vorbeigekommen. Die Sicherung wurde gemacht, anschließend der MBRfix und Log findet sich hier:

Code:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2012-01-29 16:05:37
-----------------------------
16:05:37.563    OS Version: Windows 6.1.7601 Service Pack 1
16:05:37.563    Number of processors: 4 586 0x2502
16:05:37.563    ComputerName: AKOYA  UserName: Gerd
16:06:29.464    Initialize success
16:06:37.108    AVAST engine defs: 12012900
16:06:41.211    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:06:41.211    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
16:06:41.242    Disk 0 MBR read successfully
16:06:41.242    Disk 0 MBR scan
16:06:41.242    Disk 0 Windows 7 default MBR code
16:06:41.242    Disk 0 scanning sectors +976771072
16:06:41.367    Disk 0 scanning C:\Windows\system32\drivers
16:07:17.185    Service scanning
16:07:23.160    Modules scanning
16:07:31.553    Disk 0 trace - called modules:
16:07:31.584    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:07:31.584    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8803c618]
16:07:31.584    3 CLASSPNP.SYS[8bfc559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x864f9028]
16:07:34.314    AVAST engine scan C:\Windows
16:07:38.822    AVAST engine scan C:\Windows\system32
16:11:30.389    AVAST engine scan C:\Windows\system32\drivers
16:11:59.982    AVAST engine scan C:\Users\Gerd
16:12:51.026    AVAST engine scan C:\ProgramData
16:14:07.512    Scan finished successfully
16:26:53.396    Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
16:26:53.396    The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBRfixed.txt"

cosinus 29.01.2012 19:11
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


ewoks 30.01.2012 12:56
Hallo, die Scans haben ein paar Tracking-Cookies und einen Toolbar gefunden.

MBAM:
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122802

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

29.01.2012 20:03:21
mbam-log-2012-01-29 (20-03-21).txt

Scan type: Full scan (C:\|)
Objects scanned: 310778
Time elapsed: 32 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
SUPERAntiSpyware:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/29/2012 at 09:04 PM

Application Version : 5.0.1142

Core Rules Database Version : 8178
Trace Rules Database Version: 5990

Scan type      : Complete Scan
Total Scan Time : 00:50:40

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Limited User

Memory items scanned      : 889
Memory threats detected  : 0
Registry items scanned    : 26582
Registry threats detected : 0
File items scanned        : 46778
File threats detected    : 24

Adware.Tracking Cookie
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\home@adx.chip[2].txt [ /adx.chip ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\home@smartadserver[1].txt [ /smartadserver ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\home@webmasterplan[2].txt [ /webmasterplan ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\YGD5FS0B.txt [ /atdmt.com ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\479MF03H.txt [ /ad.yieldmanager.com ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\3SHZCFE2.txt [ /xiti.com ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\HEF4ML7W.txt [ /doubleclick.net ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\URPVIKQT.txt [ /imrworldwide.com ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\AOH2REQJ.txt [ /casalemedia.com ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\3AG6FBR9.txt [ /msnportal.112.2o7.net ]
        C:\USERS\GERD\AppData\Roaming\Microsoft\Windows\Cookies\Low\gerd@stat.aldi[1].txt [ Cookie:gerd@stat.aldi.com/ ]
        C:\USERS\GERD\AppData\Roaming\Microsoft\Windows\Cookies\Low\gerd@doubleclick[1].txt [ Cookie:gerd@doubleclick.net/ ]
        C:\USERS\GERD\AppData\Roaming\Microsoft\Windows\Cookies\Low\8K3WEMIY.txt [ Cookie:gerd@fl01.ct2.comclick.com/ ]
        C:\USERS\GERD\AppData\Roaming\Microsoft\Windows\Cookies\Low\FAVM2MTE.txt [ Cookie:gerd@adfarm1.adition.com/ ]
        C:\USERS\HOME\Cookies\YGD5FS0B.txt [ Cookie:home@atdmt.com/ ]
        C:\USERS\HOME\Cookies\479MF03H.txt [ Cookie:home@ad.yieldmanager.com/ ]
        C:\USERS\HOME\Cookies\3SHZCFE2.txt [ Cookie:home@xiti.com/ ]
        C:\USERS\HOME\Cookies\HEF4ML7W.txt [ Cookie:home@doubleclick.net/ ]
        C:\USERS\HOME\Cookies\home@smartadserver[1].txt [ Cookie:home@smartadserver.com/ ]
        C:\USERS\HOME\Cookies\home@webmasterplan[2].txt [ Cookie:home@webmasterplan.com/ ]
        C:\USERS\HOME\Cookies\URPVIKQT.txt [ Cookie:home@imrworldwide.com/cgi-bin ]
        C:\USERS\HOME\Cookies\home@adx.chip[2].txt [ Cookie:home@adx.chip.de/ ]
        C:\USERS\HOME\Cookies\AOH2REQJ.txt [ Cookie:home@casalemedia.com/ ]
        C:\USERS\HOME\Cookies\3AG6FBR9.txt [ Cookie:home@msnportal.112.2o7.net/ ]
ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=039b7ebe62287e4fb55002f6be68ed38
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-15 05:02:44
# local_time=2011-12-15 06:02:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 6198735 6198735 0 0
# compatibility_mode=5893 16776574 100 94 8621457 75580267 0 0
# compatibility_mode=8192 67108863 100 0 3744 3744 0 0
# scanned=188465
# found=6
# cleaned=0
# scan_time=19488
C:\Program Files\Application Updater\ApplicationUpdater.exe        probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Gerd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQT5PB0U\pdfforgeToolbar[1].msi        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Installer\845963.msi        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
${Memory}        a variant of Win32/Adware.Toolbar.Dealio application        00000000000000000000000000000000        I
esets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=039b7ebe62287e4fb55002f6be68ed38
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-29 08:15:39
# local_time=2012-01-29 09:15:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 10117522 10117522 0 0
# compatibility_mode=5893 16776574 100 94 12540244 79499054 0 0
# compatibility_mode=8192 67108863 100 0 3922531 3922531 0 0
# scanned=13073
# found=0
# cleaned=0
# scan_time=275
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=039b7ebe62287e4fb55002f6be68ed38
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-30 11:37:55
# local_time=2012-01-30 12:37:55 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 10168168 10168168 0 0
# compatibility_mode=5893 16776574 100 94 12590890 79549700 0 0
# compatibility_mode=8192 67108863 100 0 3973177 3973177 0 0
# scanned=184466
# found=4
# cleaned=0
# scan_time=4965
C:\Windows\Installer\845963.msi        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\12162011_125333\C_Programme\Application Updater\ApplicationUpdater.exe        probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\12162011_125333\C_Programme\Common Files\Spigot\Search Settings\SearchSettings.exe        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\12162011_125333\C_Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

cosinus 30.01.2012 12:58
Das ist ok. In C:\Qoobox bzw. C:\_OTL (Q-Ordner von CF und OTL) sind die Schädlinge isoliert und gut aufgehoben.
Der Rest ist nur Cookies, weg damit. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

ewoks 30.01.2012 13:05
Sehr gut! Soweit funktioniert alles und keine Auffälligkeiten. Cookies sind gelöscht und ich würde dann das halbe Dutzend an Scannern wieder deinstallieren, wenn wir soweit alles abgecheckt hätten?!


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:38 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55