| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.07.2012, 09:38
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.07.2012, 11:48
| #17 |
 | TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? So langsam habe ich wieder Hoffnung.
__________________Code:
ATTFilter # AdwCleaner v1.702 - Logfile created 07/19/2012 at 12:42:15
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : *** - HOME-PC
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\***\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\***\AppData\Roaming\Babylon
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\Conduit
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\ConduitCommon
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\ConduitEngine
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\extensions\staged
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files\Funmoods
File Deleted : C:\Users\***\AppData\Local\funmoods.crx
***** [Registry] *****
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v12.0 (de)
Profile name : default
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\prefs.js
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\user.js ... Deleted !
Deleted : user_pref("CT2269050..clientLogIsEnabled", false);
Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "19-7-2012");
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DialogsGetterLastCheckTime", "Mon Jul 16 2012 17:39:53 GMT+0200");
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Fri Aug 13 2010 21:01:14 GMT+0200");
Deleted : user_pref("CT2269050.FirstServerDate", "7-8-2010");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.HasUserGlobalKeys", true);
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2269050.InstalledDate", "Sat Aug 07 2010 11:22:43 GMT+0200");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Jul 18 2012 17:39:54 GMT+0200");
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_2.7.0.14", "Fri Aug 13 2010 19:51:55 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.12.0.7", "Fri Apr 27 2012 15:24:51 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 16:18:37 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.13.0.6", "Fri Jun 29 2012 13:21:31 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.14.1.0", "Thu Jul 19 2012 11:20:04 GMT+0200");
Deleted : user_pref("CT2269050.LatestVersion", "3.13.0.6");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.LoginCache", 4);
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Fri Aug 13 2010 13:29:24 GMT+0200");
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Jul 18 2012 17:39:53 GMT+0200");
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Wed Jul 18 2012 17:39:53 GMT+0200");
Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Thu Jul 19 2012 11:20:03 GMT+0200");
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1341904940");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sat Aug 07 2010 11:22:42 GMT+0200");
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Deleted : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2269050.UserID", "UN33306201193065366");
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Fri Aug 13 2010 20:52:15 GMT+0200");
Deleted : user_pref("CT2269050.WeatherUnit", "C");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.clientLogIsEnabled", true);
Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.initDone", true);
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.revertSettingsEnabled", true);
Deleted : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.testingCtid", "");
Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Wed Jul 18 2012 17:39:54 GMT+0200");
Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2269050.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=666138&fid=661999", "\"0\""[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"229[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "data:text/plain,keyword.URL=hxxp://de.se[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Jun 10 2011 19:57:46 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 21 2011 14:39:22 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 21 2011 14:39:14 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{b72c522d-5b31-4697-a4eb-a8127ee59c27}");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Aug 13 2010 13:29:24 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "ba0e873b-c11f-4406-ad87-803a6db52242");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon Jun 06 2011 11:47:31 GMT+0200");
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Mar 30 2011 19:17:17 GMT+0200");
Deleted : user_pref("ConduitEngine.FirstServerDate", "03/30/2011 20");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Mar 30 2011 19:17:18 GMT+0200");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Mar 30 2011 19:17:17 GMT+0200");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Mar 30 2011 22:18:13 GMT+0200");
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Mar 30 2011 22:18:13 GMT+0200");
Deleted : user_pref("ConduitEngine.UserID", "UN28008922307916746");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Mar 30 2011 19:17:17 GMT+0200");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Mar 30 2011 19:17:18 GMT+0200");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 1);
Deleted : user_pref("extensions.enabledAddons", "{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6,{46551EC9-40F0-4[...]
Deleted : user_pref("extensions.funmoods.aflt", "softpb");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "DE");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", false);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "8792D0984B691D42120CC75DB7078E3C");
Deleted : user_pref("extensions.funmoods.hmpg", false);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=softpb&chnl=softpb&cd=2Xz[...]
Deleted : user_pref("extensions.funmoods.id", "06265E62502E2CCF");
Deleted : user_pref("extensions.funmoods.instlDay", "15540");
Deleted : user_pref("extensions.funmoods.instlRef", "softpb");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2211:19:54");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", false);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=softpb&chnl=softpb&cd=2[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=softpb&chnl=softpb&cd[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2211:19:54");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", false);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2211:19:54");
Profile name : default
File : C:\Users\Nadja\AppData\Roaming\Mozilla\Firefox\Profiles\r58ep3d6.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [14971 octets] - [18/07/2012 18:35:10]
AdwCleaner[S1].txt - [21927 octets] - [19/07/2012 12:42:15]
########## EOF - C:\AdwCleaner[S1].txt - [22056 octets] ##########
|
|
19.07.2012, 19:10
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
19.07.2012, 19:44
| #19 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? Auch erledigt! Code:
ATTFilter 20:38:33.0729 3788 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
20:38:33.0760 3788 ============================================================
20:38:33.0760 3788 Current date / time: 2012/07/19 20:38:33.0760
20:38:33.0760 3788 SystemInfo:
20:38:33.0760 3788
20:38:33.0760 3788 OS Version: 6.1.7601 ServicePack: 1.0
20:38:33.0760 3788 Product type: Workstation
20:38:33.0760 3788 ComputerName: HOME-PC
20:38:33.0760 3788 UserName: ***
20:38:33.0760 3788 Windows directory: C:\Windows
20:38:33.0760 3788 System windows directory: C:\Windows
20:38:33.0760 3788 Processor architecture: Intel x86
20:38:33.0760 3788 Number of processors: 2
20:38:33.0760 3788 Page size: 0x1000
20:38:33.0760 3788 Boot type: Normal boot
20:38:33.0760 3788 ============================================================
20:38:34.0525 3788 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:38:34.0525 3788 ============================================================
20:38:34.0540 3788 \Device\Harddisk0\DR0:
20:38:34.0540 3788 MBR partitions:
20:38:34.0540 3788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x38FFD000
20:38:34.0540 3788 ============================================================
20:38:34.0572 3788 C: <-> \Device\Harddisk0\DR0\Partition0
20:38:34.0572 3788 ============================================================
20:38:34.0572 3788 Initialize success
20:38:34.0572 3788 ============================================================
20:38:49.0922 2672 ============================================================
20:38:49.0922 2672 Scan started
20:38:49.0922 2672 Mode: Manual; SigCheck; TDLFS;
20:38:49.0922 2672 ============================================================
20:38:51.0030 2672 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
20:38:51.0201 2672 1394ohci - ok
20:38:51.0310 2672 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
20:38:51.0326 2672 ACPI - ok
20:38:51.0388 2672 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
20:38:51.0498 2672 AcpiPmi - ok
20:38:51.0638 2672 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:38:51.0654 2672 adp94xx - ok
20:38:51.0700 2672 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:38:51.0732 2672 adpahci - ok
20:38:51.0810 2672 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:38:51.0841 2672 adpu320 - ok
20:38:51.0888 2672 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
20:38:51.0981 2672 AeLookupSvc - ok
20:38:52.0090 2672 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
20:38:52.0200 2672 AFD - ok
20:38:52.0387 2672 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
20:38:52.0512 2672 AgereSoftModem - ok
20:38:52.0574 2672 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
20:38:52.0590 2672 agp440 - ok
20:38:52.0683 2672 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:38:52.0714 2672 aic78xx - ok
20:38:52.0839 2672 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
20:38:52.0917 2672 ALG - ok
20:38:53.0026 2672 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
20:38:53.0042 2672 aliide - ok
20:38:53.0104 2672 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe
20:38:53.0167 2672 AMD External Events Utility - ok
20:38:53.0198 2672 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
20:38:53.0214 2672 amdagp - ok
20:38:53.0260 2672 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
20:38:53.0292 2672 amdide - ok
20:38:53.0354 2672 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:38:53.0432 2672 AmdK8 - ok
20:38:53.0448 2672 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:38:53.0494 2672 AmdPPM - ok
20:38:53.0588 2672 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
20:38:53.0604 2672 amdsata - ok
20:38:53.0650 2672 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:38:53.0682 2672 amdsbs - ok
20:38:53.0697 2672 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
20:38:53.0713 2672 amdxata - ok
20:38:53.0916 2672 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:38:53.0947 2672 AntiVirSchedulerService - ok
20:38:53.0978 2672 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:38:53.0994 2672 AntiVirService - ok
20:38:54.0056 2672 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
20:38:54.0181 2672 AppID - ok
20:38:54.0228 2672 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
20:38:54.0290 2672 AppIDSvc - ok
20:38:54.0368 2672 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
20:38:54.0430 2672 Appinfo - ok
20:38:54.0508 2672 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
20:38:54.0540 2672 AppMgmt - ok
20:38:54.0618 2672 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:38:54.0633 2672 arc - ok
20:38:54.0649 2672 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:38:54.0664 2672 arcsas - ok
20:38:54.0680 2672 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:38:54.0805 2672 AsyncMac - ok
20:38:54.0867 2672 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
20:38:54.0883 2672 atapi - ok
20:38:54.0992 2672 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
20:38:55.0070 2672 athr - ok
20:38:55.0382 2672 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
20:38:55.0741 2672 atikmdag - ok
20:38:55.0959 2672 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
20:38:56.0037 2672 AudioEndpointBuilder - ok
20:38:56.0053 2672 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
20:38:56.0084 2672 Audiosrv - ok
20:38:56.0178 2672 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
20:38:56.0209 2672 avgntflt - ok
20:38:56.0240 2672 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
20:38:56.0256 2672 avipbb - ok
20:38:56.0271 2672 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
20:38:56.0287 2672 avkmgr - ok
20:38:56.0349 2672 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
20:38:56.0396 2672 AxInstSV - ok
20:38:56.0474 2672 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:38:56.0521 2672 b06bdrv - ok
20:38:56.0568 2672 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:38:56.0583 2672 b57nd60x - ok
20:38:56.0646 2672 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
20:38:56.0708 2672 BDESVC - ok
20:38:56.0770 2672 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:38:56.0833 2672 Beep - ok
20:38:56.0926 2672 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
20:38:57.0004 2672 BFE - ok
20:38:57.0067 2672 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
20:38:57.0114 2672 BITS - ok
20:38:57.0129 2672 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:38:57.0176 2672 blbdrive - ok
20:38:57.0207 2672 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
20:38:57.0285 2672 bowser - ok
20:38:57.0301 2672 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:38:57.0316 2672 BrFiltLo - ok
20:38:57.0363 2672 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:38:57.0426 2672 BrFiltUp - ok
20:38:57.0488 2672 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
20:38:57.0566 2672 Browser - ok
20:38:57.0597 2672 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:38:57.0644 2672 Brserid - ok
20:38:57.0660 2672 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:38:57.0675 2672 BrSerWdm - ok
20:38:57.0722 2672 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:38:57.0769 2672 BrUsbMdm - ok
20:38:57.0769 2672 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:38:57.0800 2672 BrUsbSer - ok
20:38:57.0831 2672 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:38:57.0862 2672 BTHMODEM - ok
20:38:57.0940 2672 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
20:38:58.0003 2672 bthserv - ok
20:38:58.0081 2672 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:38:58.0159 2672 cdfs - ok
20:38:58.0237 2672 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
20:38:58.0284 2672 cdrom - ok
20:38:58.0362 2672 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
20:38:58.0424 2672 CertPropSvc - ok
20:38:58.0502 2672 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:38:58.0518 2672 circlass - ok
20:38:58.0580 2672 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:38:58.0596 2672 CLFS - ok
20:38:58.0720 2672 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:38:58.0752 2672 clr_optimization_v2.0.50727_32 - ok
20:38:58.0830 2672 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:38:58.0861 2672 clr_optimization_v4.0.30319_32 - ok
20:38:58.0908 2672 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:38:58.0954 2672 CmBatt - ok
20:38:59.0001 2672 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
20:38:59.0017 2672 cmdide - ok
20:38:59.0064 2672 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
20:38:59.0095 2672 CNG - ok
20:38:59.0095 2672 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:38:59.0110 2672 Compbatt - ok
20:38:59.0188 2672 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
20:38:59.0235 2672 CompositeBus - ok
20:38:59.0266 2672 COMSysApp - ok
20:38:59.0313 2672 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:38:59.0344 2672 crcdisk - ok
20:38:59.0407 2672 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
20:38:59.0469 2672 CryptSvc - ok
20:38:59.0532 2672 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
20:38:59.0610 2672 CSC - ok
20:38:59.0641 2672 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
20:38:59.0703 2672 CscService - ok
20:38:59.0734 2672 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
20:38:59.0781 2672 DcomLaunch - ok
20:38:59.0828 2672 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
20:38:59.0890 2672 defragsvc - ok
20:38:59.0984 2672 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
20:39:00.0031 2672 DfsC - ok
20:39:00.0046 2672 dgderdrv - ok
20:39:00.0124 2672 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
20:39:00.0187 2672 Dhcp - ok
20:39:00.0218 2672 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:39:00.0280 2672 discache - ok
20:39:00.0327 2672 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:39:00.0358 2672 Disk - ok
20:39:00.0390 2672 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
20:39:00.0405 2672 DKbFltr - ok
20:39:00.0452 2672 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
20:39:00.0499 2672 Dnscache - ok
20:39:00.0546 2672 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
20:39:00.0624 2672 dot3svc - ok
20:39:00.0655 2672 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
20:39:00.0717 2672 DPS - ok
20:39:00.0780 2672 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:39:00.0842 2672 drmkaud - ok
20:39:00.0904 2672 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
20:39:00.0936 2672 DXGKrnl - ok
20:39:00.0998 2672 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
20:39:01.0076 2672 EapHost - ok
20:39:01.0279 2672 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:39:01.0372 2672 ebdrv - ok
20:39:01.0528 2672 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
20:39:01.0575 2672 EFS - ok
20:39:01.0700 2672 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
20:39:01.0762 2672 ehRecvr - ok
20:39:01.0840 2672 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
20:39:01.0856 2672 ehSched - ok
20:39:01.0981 2672 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:39:02.0012 2672 elxstor - ok
20:39:02.0230 2672 ePowerSvc (2072cbe938dd355c4a52e9a4dcf5439f) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
20:39:02.0262 2672 ePowerSvc - ok
20:39:02.0308 2672 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
20:39:02.0355 2672 ErrDev - ok
20:39:02.0418 2672 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
20:39:02.0464 2672 EventSystem - ok
20:39:02.0511 2672 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:39:02.0574 2672 exfat - ok
20:39:02.0605 2672 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:39:02.0652 2672 fastfat - ok
20:39:02.0745 2672 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
20:39:02.0808 2672 Fax - ok
20:39:02.0823 2672 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:39:02.0839 2672 fdc - ok
20:39:02.0901 2672 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
20:39:02.0964 2672 fdPHost - ok
20:39:02.0995 2672 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
20:39:03.0057 2672 FDResPub - ok
20:39:03.0073 2672 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:39:03.0088 2672 FileInfo - ok
20:39:03.0135 2672 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:39:03.0213 2672 Filetrace - ok
20:39:03.0229 2672 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:39:03.0260 2672 flpydisk - ok
20:39:03.0307 2672 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:39:03.0322 2672 FltMgr - ok
20:39:03.0385 2672 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
20:39:03.0447 2672 FontCache - ok
20:39:03.0588 2672 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:39:03.0603 2672 FontCache3.0.0.0 - ok
20:39:03.0619 2672 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:39:03.0650 2672 FsDepends - ok
20:39:03.0712 2672 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
20:39:03.0744 2672 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
20:39:03.0744 2672 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
20:39:03.0790 2672 FsUsbExService (f96c429788350db4ba6771c3034dfd88) C:\Windows\system32\FsUsbExService.Exe
20:39:03.0806 2672 FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
20:39:03.0806 2672 FsUsbExService - detected UnsignedFile.Multi.Generic (1)
20:39:03.0853 2672 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
20:39:03.0868 2672 Fs_Rec - ok
20:39:03.0931 2672 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
20:39:03.0962 2672 fvevol - ok
20:39:04.0024 2672 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:39:04.0040 2672 gagp30kx - ok
20:39:04.0118 2672 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
20:39:04.0196 2672 gpsvc - ok
20:39:04.0305 2672 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:39:04.0321 2672 gusvc - ok
20:39:04.0368 2672 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:39:04.0414 2672 hcw85cir - ok
20:39:04.0492 2672 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
20:39:04.0539 2672 HDAudBus - ok
20:39:04.0570 2672 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:39:04.0617 2672 HidBatt - ok
20:39:04.0648 2672 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:39:04.0695 2672 HidBth - ok
20:39:04.0773 2672 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:39:04.0789 2672 HidIr - ok
20:39:04.0836 2672 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
20:39:04.0882 2672 hidserv - ok
20:39:04.0960 2672 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
20:39:04.0976 2672 HidUsb - ok
20:39:05.0023 2672 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
20:39:05.0085 2672 hkmsvc - ok
20:39:05.0132 2672 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
20:39:05.0179 2672 HomeGroupListener - ok
20:39:05.0226 2672 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
20:39:05.0257 2672 HomeGroupProvider - ok
20:39:05.0335 2672 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
20:39:05.0366 2672 HpSAMD - ok
20:39:05.0413 2672 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
20:39:05.0444 2672 HTTP - ok
20:39:05.0506 2672 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
20:39:05.0522 2672 hwpolicy - ok
20:39:05.0569 2672 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
20:39:05.0600 2672 i8042prt - ok
20:39:05.0647 2672 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
20:39:05.0662 2672 iaStor - ok
20:39:05.0740 2672 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
20:39:05.0772 2672 iaStorV - ok
20:39:05.0959 2672 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:39:05.0990 2672 idsvc - ok
20:39:06.0037 2672 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:39:06.0068 2672 iirsp - ok
20:39:06.0130 2672 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
20:39:06.0208 2672 IKEEXT - ok
20:39:06.0364 2672 IntcAzAudAddService (ffb0b713a54dd05193dbcd0b790b37ee) C:\Windows\system32\drivers\RTKVHDA.sys
20:39:06.0411 2672 IntcAzAudAddService - ok
20:39:06.0598 2672 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
20:39:06.0630 2672 intelide - ok
20:39:06.0692 2672 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:39:06.0708 2672 intelppm - ok
20:39:06.0770 2672 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
20:39:06.0832 2672 IPBusEnum - ok
20:39:06.0848 2672 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:39:06.0895 2672 IpFilterDriver - ok
20:39:06.0957 2672 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
20:39:07.0004 2672 iphlpsvc - ok
20:39:07.0051 2672 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
20:39:07.0082 2672 IPMIDRV - ok
20:39:07.0113 2672 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:39:07.0191 2672 IPNAT - ok
20:39:07.0254 2672 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:39:07.0285 2672 IRENUM - ok
20:39:07.0300 2672 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
20:39:07.0316 2672 isapnp - ok
20:39:07.0363 2672 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
20:39:07.0378 2672 iScsiPrt - ok
20:39:07.0441 2672 k57nd60x (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
20:39:07.0503 2672 k57nd60x - ok
20:39:07.0534 2672 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
20:39:07.0550 2672 kbdclass - ok
20:39:07.0612 2672 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
20:39:07.0644 2672 kbdhid - ok
20:39:07.0690 2672 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:39:07.0722 2672 KeyIso - ok
20:39:07.0753 2672 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
20:39:07.0753 2672 KSecDD - ok
20:39:07.0768 2672 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
20:39:07.0784 2672 KSecPkg - ok
20:39:07.0846 2672 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
20:39:07.0878 2672 KtmRm - ok
20:39:07.0940 2672 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
20:39:08.0002 2672 LanmanServer - ok
20:39:08.0096 2672 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
20:39:08.0174 2672 LanmanWorkstation - ok
20:39:08.0252 2672 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:39:08.0330 2672 lltdio - ok
20:39:08.0424 2672 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
20:39:08.0470 2672 lltdsvc - ok
20:39:08.0470 2672 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
20:39:08.0533 2672 lmhosts - ok
20:39:08.0595 2672 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:39:08.0626 2672 LSI_FC - ok
20:39:08.0658 2672 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:39:08.0689 2672 LSI_SAS - ok
20:39:08.0704 2672 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:39:08.0720 2672 LSI_SAS2 - ok
20:39:08.0736 2672 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:39:08.0751 2672 LSI_SCSI - ok
20:39:08.0767 2672 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:39:08.0798 2672 luafv - ok
20:39:08.0845 2672 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
20:39:08.0876 2672 Mcx2Svc - ok
20:39:08.0892 2672 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:39:08.0907 2672 megasas - ok
20:39:08.0938 2672 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:39:08.0954 2672 MegaSR - ok
20:39:09.0110 2672 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:39:09.0126 2672 Microsoft Office Groove Audit Service - ok
20:39:09.0172 2672 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:39:09.0235 2672 MMCSS - ok
20:39:09.0266 2672 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:39:09.0313 2672 Modem - ok
20:39:09.0375 2672 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:39:09.0422 2672 monitor - ok
20:39:09.0500 2672 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
20:39:09.0531 2672 mouclass - ok
20:39:09.0547 2672 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:39:09.0578 2672 mouhid - ok
20:39:09.0625 2672 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
20:39:09.0625 2672 mountmgr - ok
20:39:09.0672 2672 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:39:09.0687 2672 MozillaMaintenance - ok
20:39:09.0734 2672 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
20:39:09.0750 2672 mpio - ok
20:39:09.0796 2672 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:39:09.0859 2672 mpsdrv - ok
20:39:09.0921 2672 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
20:39:10.0015 2672 MpsSvc - ok
20:39:10.0062 2672 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
20:39:10.0077 2672 MRxDAV - ok
20:39:10.0124 2672 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:39:10.0155 2672 mrxsmb - ok
20:39:10.0186 2672 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:39:10.0233 2672 mrxsmb10 - ok
20:39:10.0249 2672 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:39:10.0296 2672 mrxsmb20 - ok
20:39:10.0327 2672 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
20:39:10.0342 2672 msahci - ok
20:39:10.0405 2672 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
20:39:10.0420 2672 msdsm - ok
20:39:10.0467 2672 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
20:39:10.0530 2672 MSDTC - ok
20:39:10.0592 2672 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:39:10.0654 2672 Msfs - ok
20:39:10.0654 2672 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:39:10.0701 2672 mshidkmdf - ok
20:39:10.0748 2672 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
20:39:10.0764 2672 msisadrv - ok
20:39:10.0826 2672 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
20:39:10.0888 2672 MSiSCSI - ok
20:39:10.0888 2672 msiserver - ok
20:39:10.0982 2672 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:39:11.0044 2672 MSKSSRV - ok
20:39:11.0076 2672 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:39:11.0122 2672 MSPCLOCK - ok
20:39:11.0154 2672 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:39:11.0216 2672 MSPQM - ok
20:39:11.0232 2672 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:39:11.0247 2672 MsRPC - ok
20:39:11.0294 2672 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
20:39:11.0310 2672 mssmbios - ok
20:39:11.0372 2672 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:39:11.0419 2672 MSTEE - ok
20:39:11.0434 2672 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:39:11.0450 2672 MTConfig - ok
20:39:11.0466 2672 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:39:11.0466 2672 Mup - ok
20:39:11.0528 2672 mwlPSDFilter (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
20:39:11.0559 2672 mwlPSDFilter - ok
20:39:11.0559 2672 mwlPSDNServ (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
20:39:11.0575 2672 mwlPSDNServ - ok
20:39:11.0590 2672 mwlPSDVDisk (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
20:39:11.0606 2672 mwlPSDVDisk - ok
20:39:11.0762 2672 MWLService (fd257cd94057d02108b954156d7b2770) C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
20:39:11.0778 2672 MWLService - ok
20:39:11.0840 2672 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
20:39:11.0902 2672 napagent - ok
20:39:11.0996 2672 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:39:12.0027 2672 NativeWifiP - ok
20:39:12.0074 2672 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
20:39:12.0090 2672 NDIS - ok
20:39:12.0105 2672 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:39:12.0152 2672 NdisCap - ok
20:39:12.0183 2672 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:39:12.0246 2672 NdisTapi - ok
20:39:12.0308 2672 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
20:39:12.0355 2672 Ndisuio - ok
20:39:12.0402 2672 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
20:39:12.0464 2672 NdisWan - ok
20:39:12.0495 2672 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
20:39:12.0558 2672 NDProxy - ok
20:39:12.0620 2672 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:39:12.0667 2672 NetBIOS - ok
20:39:12.0714 2672 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
20:39:12.0776 2672 NetBT - ok
20:39:12.0807 2672 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:39:12.0823 2672 Netlogon - ok
20:39:12.0901 2672 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
20:39:12.0979 2672 Netman - ok
20:39:13.0010 2672 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
20:39:13.0057 2672 netprofm - ok
20:39:13.0213 2672 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:39:13.0228 2672 NetTcpPortSharing - ok
20:39:13.0291 2672 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:39:13.0306 2672 nfrd960 - ok
20:39:13.0353 2672 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
20:39:13.0416 2672 NlaSvc - ok
20:39:13.0447 2672 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:39:13.0509 2672 Npfs - ok
20:39:13.0556 2672 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
20:39:13.0587 2672 nsi - ok
20:39:13.0603 2672 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:39:13.0650 2672 nsiproxy - ok
20:39:13.0728 2672 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
20:39:13.0774 2672 Ntfs - ok
20:39:13.0930 2672 NTI IScheduleSvc (944e3911888b9fffd843b91c8abbd3f6) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
20:39:13.0946 2672 NTI IScheduleSvc - ok
20:39:13.0977 2672 NTIBackupSvc (973dcb15731339fca176e534055cf115) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
20:39:13.0993 2672 NTIBackupSvc - ok
20:39:14.0180 2672 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys
20:39:14.0196 2672 NTIDrvr - ok
20:39:14.0211 2672 NTISchedulerSvc (58751f9248d50bce1053976c9e2f0859) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
20:39:14.0227 2672 NTISchedulerSvc - ok
20:39:14.0274 2672 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:39:14.0336 2672 Null - ok
20:39:14.0383 2672 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
20:39:14.0398 2672 nvraid - ok
20:39:14.0414 2672 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
20:39:14.0430 2672 nvstor - ok
20:39:14.0445 2672 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
20:39:14.0461 2672 nv_agp - ok
20:39:14.0586 2672 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:39:14.0601 2672 odserv - ok
20:39:14.0648 2672 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
20:39:14.0695 2672 ohci1394 - ok
20:39:14.0757 2672 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:39:14.0804 2672 ose - ok
20:39:14.0851 2672 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:39:14.0898 2672 p2pimsvc - ok
20:39:14.0960 2672 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
20:39:14.0976 2672 p2psvc - ok
20:39:15.0038 2672 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:39:15.0069 2672 Parport - ok
20:39:15.0116 2672 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
20:39:15.0132 2672 partmgr - ok
20:39:15.0147 2672 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:39:15.0210 2672 Parvdm - ok
20:39:15.0241 2672 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
20:39:15.0272 2672 PcaSvc - ok
20:39:15.0319 2672 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
20:39:15.0334 2672 pci - ok
20:39:15.0350 2672 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
20:39:15.0366 2672 pciide - ok
20:39:15.0412 2672 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:39:15.0444 2672 pcmcia - ok
20:39:15.0444 2672 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:39:15.0459 2672 pcw - ok
20:39:15.0506 2672 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:39:15.0568 2672 PEAUTH - ok
20:39:15.0693 2672 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
20:39:15.0756 2672 PeerDistSvc - ok
20:39:15.0865 2672 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
20:39:15.0943 2672 pla - ok
20:39:16.0146 2672 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
20:39:16.0177 2672 PlugPlay - ok
20:39:16.0224 2672 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
20:39:16.0270 2672 PNRPAutoReg - ok
20:39:16.0302 2672 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:39:16.0333 2672 PNRPsvc - ok
20:39:16.0395 2672 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
20:39:16.0473 2672 PolicyAgent - ok
20:39:16.0520 2672 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
20:39:16.0551 2672 Power - ok
20:39:16.0660 2672 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:39:16.0707 2672 PptpMiniport - ok
20:39:16.0723 2672 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:39:16.0754 2672 Processor - ok
20:39:16.0785 2672 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
20:39:16.0832 2672 ProfSvc - ok
20:39:16.0863 2672 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:39:16.0879 2672 ProtectedStorage - ok
20:39:16.0910 2672 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:39:16.0941 2672 Psched - ok
20:39:17.0004 2672 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:39:17.0050 2672 ql2300 - ok
20:39:17.0238 2672 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:39:17.0253 2672 ql40xx - ok
20:39:17.0316 2672 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
20:39:17.0347 2672 QWAVE - ok
20:39:17.0362 2672 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:39:17.0378 2672 QWAVEdrv - ok
20:39:17.0472 2672 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
20:39:17.0487 2672 RapiMgr - ok
20:39:17.0503 2672 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:39:17.0550 2672 RasAcd - ok
20:39:17.0628 2672 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:39:17.0706 2672 RasAgileVpn - ok
20:39:17.0737 2672 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
20:39:17.0784 2672 RasAuto - ok
20:39:17.0830 2672 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:39:17.0877 2672 Rasl2tp - ok
20:39:17.0924 2672 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
20:39:17.0971 2672 RasMan - ok
20:39:18.0002 2672 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:39:18.0064 2672 RasPppoe - ok
20:39:18.0080 2672 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:39:18.0142 2672 RasSstp - ok
20:39:18.0174 2672 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
20:39:18.0236 2672 rdbss - ok
20:39:18.0283 2672 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:39:18.0298 2672 rdpbus - ok
20:39:18.0345 2672 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:39:18.0408 2672 RDPCDD - ok
20:39:18.0454 2672 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
20:39:18.0470 2672 RDPDR - ok
20:39:18.0501 2672 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:39:18.0548 2672 RDPENCDD - ok
20:39:18.0564 2672 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:39:18.0595 2672 RDPREFMP - ok
20:39:18.0657 2672 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
20:39:18.0704 2672 RdpVideoMiniport - ok
20:39:18.0735 2672 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
20:39:18.0782 2672 RDPWD - ok
20:39:18.0860 2672 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
20:39:18.0876 2672 rdyboost - ok
20:39:18.0922 2672 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
20:39:18.0985 2672 RemoteAccess - ok
20:39:19.0032 2672 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
20:39:19.0063 2672 RemoteRegistry - ok
20:39:19.0063 2672 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
20:39:19.0125 2672 RpcEptMapper - ok
20:39:19.0141 2672 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
20:39:19.0188 2672 RpcLocator - ok
20:39:19.0250 2672 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
20:39:19.0297 2672 RpcSs - ok
20:39:19.0390 2672 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:39:19.0437 2672 rspndr - ok
20:39:19.0515 2672 RTHDMIAzAudService (4a8393f03cb2f40e08126d83916c5633) C:\Windows\system32\drivers\RtHDMIV.sys
20:39:19.0531 2672 RTHDMIAzAudService - ok
20:39:19.0578 2672 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
20:39:19.0624 2672 s3cap - ok
20:39:19.0687 2672 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:39:19.0718 2672 SamSs - ok
20:39:19.0734 2672 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
20:39:19.0749 2672 sbp2port - ok
20:39:19.0812 2672 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
20:39:19.0858 2672 SCardSvr - ok
20:39:19.0905 2672 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
20:39:19.0983 2672 scfilter - ok
20:39:20.0046 2672 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
20:39:20.0092 2672 Schedule - ok
20:39:20.0155 2672 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
20:39:20.0186 2672 SCPolicySvc - ok
20:39:20.0217 2672 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
20:39:20.0264 2672 SDRSVC - ok
20:39:20.0326 2672 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:39:20.0373 2672 secdrv - ok
20:39:20.0420 2672 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
20:39:20.0482 2672 seclogon - ok
20:39:20.0498 2672 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
20:39:20.0529 2672 SENS - ok
20:39:20.0545 2672 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
20:39:20.0592 2672 SensrSvc - ok
20:39:20.0607 2672 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:39:20.0654 2672 Serenum - ok
20:39:20.0685 2672 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:39:20.0716 2672 Serial - ok
20:39:20.0763 2672 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:39:20.0779 2672 sermouse - ok
20:39:20.0841 2672 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
20:39:20.0888 2672 SessionEnv - ok
20:39:20.0935 2672 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
20:39:20.0966 2672 sffdisk - ok
20:39:20.0966 2672 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
20:39:20.0997 2672 sffp_mmc - ok
20:39:20.0997 2672 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
20:39:21.0013 2672 sffp_sd - ok
20:39:21.0060 2672 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:39:21.0075 2672 sfloppy - ok
20:39:21.0153 2672 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
20:39:21.0216 2672 SharedAccess - ok
20:39:21.0325 2672 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
20:39:21.0372 2672 ShellHWDetection - ok
20:39:21.0403 2672 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
20:39:21.0434 2672 sisagp - ok
20:39:21.0450 2672 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:39:21.0465 2672 SiSRaid2 - ok
20:39:21.0481 2672 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:39:21.0496 2672 SiSRaid4 - ok
20:39:21.0559 2672 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:39:21.0606 2672 Smb - ok
20:39:21.0684 2672 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
20:39:21.0699 2672 SNMPTRAP - ok
20:39:21.0715 2672 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:39:21.0730 2672 spldr - ok
20:39:21.0793 2672 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
20:39:21.0840 2672 Spooler - ok
20:39:22.0027 2672 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
20:39:22.0120 2672 sppsvc - ok
20:39:22.0292 2672 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
20:39:22.0370 2672 sppuinotify - ok
20:39:22.0464 2672 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
20:39:22.0526 2672 srv - ok
20:39:22.0557 2672 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
20:39:22.0620 2672 srv2 - ok
20:39:22.0651 2672 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
20:39:22.0698 2672 srvnet - ok
20:39:22.0744 2672 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
20:39:22.0822 2672 SSDPSRV - ok
20:39:22.0854 2672 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:39:22.0869 2672 ssmdrv - ok
20:39:22.0885 2672 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
20:39:22.0932 2672 SstpSvc - ok
20:39:23.0025 2672 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
20:39:23.0056 2672 StarOpen ( UnsignedFile.Multi.Generic ) - warning
20:39:23.0056 2672 StarOpen - detected UnsignedFile.Multi.Generic (1)
20:39:23.0103 2672 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:39:23.0134 2672 stexstor - ok
20:39:23.0197 2672 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
20:39:23.0275 2672 StiSvc - ok
20:39:23.0306 2672 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
20:39:23.0322 2672 storflt - ok
20:39:23.0337 2672 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
20:39:23.0353 2672 storvsc - ok
20:39:23.0400 2672 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
20:39:23.0431 2672 swenum - ok
20:39:23.0493 2672 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
20:39:23.0540 2672 swprv - ok
20:39:23.0556 2672 Synth3dVsc - ok
20:39:23.0602 2672 SynTP (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
20:39:23.0634 2672 SynTP - ok
20:39:23.0727 2672 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
20:39:23.0774 2672 SysMain - ok
20:39:23.0883 2672 SystemStore (d7e795032847a6e6e9fbc5e296ae0838) C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
20:39:23.0914 2672 SystemStore ( UnsignedFile.Multi.Generic ) - warning
20:39:23.0914 2672 SystemStore - detected UnsignedFile.Multi.Generic (1)
20:39:23.0946 2672 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
20:39:24.0008 2672 TabletInputService - ok
20:39:24.0070 2672 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
20:39:24.0102 2672 TapiSrv - ok
20:39:24.0133 2672 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
20:39:24.0164 2672 TBS - ok
20:39:24.0320 2672 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
20:39:24.0367 2672 Tcpip - ok
20:39:24.0382 2672 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
20:39:24.0414 2672 TCPIP6 - ok
20:39:24.0476 2672 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
20:39:24.0538 2672 tcpipreg - ok
20:39:24.0570 2672 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
20:39:24.0616 2672 TDPIPE - ok
20:39:24.0663 2672 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
20:39:24.0694 2672 TDTCP - ok
20:39:24.0741 2672 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
20:39:24.0804 2672 tdx - ok
20:39:24.0850 2672 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
20:39:24.0866 2672 TermDD - ok
20:39:24.0928 2672 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
20:39:24.0975 2672 TermService - ok
20:39:25.0022 2672 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
20:39:25.0053 2672 Themes - ok
20:39:25.0100 2672 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:39:25.0131 2672 THREADORDER - ok
20:39:25.0131 2672 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
20:39:25.0194 2672 TrkWks - ok
20:39:25.0303 2672 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
20:39:25.0365 2672 TrustedInstaller - ok
20:39:25.0396 2672 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:39:25.0428 2672 tssecsrv - ok
20:39:25.0490 2672 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
20:39:25.0521 2672 TsUsbFlt - ok
20:39:25.0521 2672 tsusbhub - ok
20:39:25.0584 2672 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
20:39:25.0646 2672 tunnel - ok
20:39:25.0677 2672 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:39:25.0693 2672 uagp35 - ok
20:39:25.0724 2672 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
20:39:25.0740 2672 UBHelper - ok
20:39:25.0786 2672 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
20:39:25.0833 2672 udfs - ok
20:39:25.0880 2672 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
20:39:25.0927 2672 UI0Detect - ok
20:39:25.0958 2672 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
20:39:25.0974 2672 uliagpkx - ok
20:39:26.0005 2672 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
20:39:26.0020 2672 umbus - ok
20:39:26.0083 2672 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:39:26.0114 2672 UmPass - ok
20:39:26.0161 2672 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
20:39:26.0192 2672 UmRdpService - ok
20:39:26.0239 2672 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
20:39:26.0317 2672 upnphost - ok
20:39:26.0348 2672 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
20:39:26.0379 2672 usbccgp - ok
20:39:26.0442 2672 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
20:39:26.0457 2672 usbcir - ok
20:39:26.0488 2672 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
20:39:26.0504 2672 usbehci - ok
20:39:26.0535 2672 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
20:39:26.0582 2672 usbhub - ok
20:39:26.0644 2672 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
20:39:26.0707 2672 usbohci - ok
20:39:26.0738 2672 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:39:26.0754 2672 usbprint - ok
20:39:26.0816 2672 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:39:26.0847 2672 USBSTOR - ok
20:39:26.0863 2672 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:39:26.0878 2672 usbuhci - ok
20:39:26.0910 2672 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
20:39:26.0925 2672 usbvideo - ok
20:39:26.0956 2672 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
20:39:27.0003 2672 usb_rndisx - ok
20:39:27.0050 2672 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
20:39:27.0081 2672 UxSms - ok
20:39:27.0128 2672 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:39:27.0144 2672 VaultSvc - ok
20:39:27.0206 2672 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
20:39:27.0222 2672 vdrvroot - ok
20:39:27.0300 2672 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
20:39:27.0346 2672 vds - ok
20:39:27.0393 2672 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:39:27.0440 2672 vga - ok
20:39:27.0471 2672 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:39:27.0503 2672 VgaSave - ok
20:39:27.0518 2672 VGPU - ok
20:39:27.0565 2672 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
20:39:27.0596 2672 vhdmp - ok
20:39:27.0659 2672 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
20:39:27.0674 2672 viaagp - ok
20:39:27.0721 2672 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:39:27.0768 2672 ViaC7 - ok
20:39:27.0799 2672 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
20:39:27.0815 2672 viaide - ok
20:39:27.0846 2672 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
20:39:27.0861 2672 vmbus - ok
20:39:27.0861 2672 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
20:39:27.0908 2672 VMBusHID - ok
20:39:27.0924 2672 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
20:39:27.0939 2672 volmgr - ok
20:39:27.0971 2672 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:39:27.0986 2672 volmgrx - ok
20:39:28.0033 2672 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
20:39:28.0049 2672 volsnap - ok
20:39:28.0127 2672 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:39:28.0142 2672 vsmraid - ok
20:39:28.0236 2672 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
20:39:28.0314 2672 VSS - ok
20:39:28.0345 2672 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
20:39:28.0376 2672 vwifibus - ok
20:39:28.0407 2672 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
20:39:28.0423 2672 vwififlt - ok
20:39:28.0470 2672 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
20:39:28.0485 2672 vwifimp - ok
20:39:28.0548 2672 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
20:39:28.0610 2672 W32Time - ok
20:39:28.0657 2672 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:39:28.0688 2672 WacomPen - ok
20:39:28.0766 2672 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:39:28.0829 2672 WANARP - ok
20:39:28.0829 2672 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:39:28.0860 2672 Wanarpv6 - ok
20:39:28.0938 2672 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
20:39:28.0985 2672 wbengine - ok
20:39:29.0031 2672 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
20:39:29.0078 2672 WbioSrvc - ok
20:39:29.0203 2672 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
20:39:29.0234 2672 WcesComm - ok
20:39:29.0281 2672 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
20:39:29.0343 2672 wcncsvc - ok
20:39:29.0375 2672 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
20:39:29.0437 2672 WcsPlugInService - ok
20:39:29.0515 2672 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:39:29.0546 2672 Wd - ok
20:39:29.0577 2672 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:39:29.0593 2672 Wdf01000 - ok
20:39:29.0609 2672 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:39:29.0655 2672 WdiServiceHost - ok
20:39:29.0655 2672 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:39:29.0671 2672 WdiSystemHost - ok
20:39:29.0733 2672 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
20:39:29.0780 2672 WebClient - ok
20:39:29.0827 2672 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
20:39:29.0858 2672 Wecsvc - ok
20:39:29.0874 2672 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
20:39:29.0905 2672 wercplsupport - ok
20:39:29.0936 2672 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
20:39:29.0967 2672 WerSvc - ok
20:39:29.0999 2672 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:39:30.0014 2672 WfpLwf - ok
20:39:30.0030 2672 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:39:30.0045 2672 WIMMount - ok
20:39:30.0217 2672 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
20:39:30.0279 2672 WinDefend - ok
20:39:30.0295 2672 WinHttpAutoProxySvc - ok
20:39:30.0389 2672 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
20:39:30.0451 2672 Winmgmt - ok
20:39:30.0545 2672 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
20:39:30.0607 2672 WinRM - ok
20:39:30.0732 2672 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
20:39:30.0794 2672 WinUsb - ok
20:39:30.0872 2672 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
20:39:30.0919 2672 Wlansvc - ok
20:39:30.0966 2672 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
20:39:30.0981 2672 WmiAcpi - ok
20:39:31.0091 2672 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
20:39:31.0137 2672 wmiApSrv - ok
20:39:31.0403 2672 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:39:31.0449 2672 WMPNetworkSvc - ok
20:39:31.0481 2672 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
20:39:31.0496 2672 WPCSvc - ok
20:39:31.0543 2672 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
20:39:31.0590 2672 WPDBusEnum - ok
20:39:31.0683 2672 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:39:31.0761 2672 ws2ifsl - ok
20:39:31.0793 2672 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
20:39:31.0824 2672 wscsvc - ok
20:39:31.0839 2672 WSearch - ok
20:39:31.0933 2672 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
20:39:31.0995 2672 wuauserv - ok
20:39:32.0198 2672 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
20:39:32.0245 2672 WudfPf - ok
20:39:32.0292 2672 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:39:32.0323 2672 WUDFRd - ok
20:39:32.0370 2672 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
20:39:32.0401 2672 wudfsvc - ok
20:39:32.0448 2672 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
20:39:32.0510 2672 WwanSvc - ok
20:39:32.0557 2672 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:39:32.0807 2672 \Device\Harddisk0\DR0 - ok
20:39:32.0807 2672 Boot (0x1200) (3a01482251629bf09357270b2369ed3f) \Device\Harddisk0\DR0\Partition0
20:39:32.0807 2672 \Device\Harddisk0\DR0\Partition0 - ok
20:39:32.0807 2672 ============================================================
20:39:32.0807 2672 Scan finished
20:39:32.0807 2672 ============================================================
20:39:32.0822 4624 Detected object count: 4
20:39:32.0822 4624 Actual detected object count: 4
20:40:01.0869 4624 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:01.0869 4624 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:01.0869 4624 FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:01.0869 4624 FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:01.0869 4624 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:01.0869 4624 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:01.0869 4624 SystemStore ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:01.0869 4624 SystemStore ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
19.07.2012, 20:37
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.07.2012, 14:48
| #21 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? Auch erledigt, ging ja auch recht zügig. Combofix Logfile: Code:
ATTFilter ComboFix 12-07-19.02 - *** 20.07.2012 15:14:14.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3067.2167 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-20 bis 2012-07-20 ))))))))))))))))))))))))))))))
.
.
2012-07-20 08:06 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D34061DF-807A-4113-98EA-2DD868621E52}\mpengine.dll
2012-07-19 09:22 . 2012-07-19 09:22 -------- d-----w- c:\users\***\AppData\Local\IsolatedStorage
2012-07-19 09:19 . 2012-07-19 09:19 -------- d-----w- c:\users\***\AppData\Local\Freemium TubeBox
2012-07-19 09:19 . 2012-07-19 09:19 -------- d-----w- c:\program files\Freemium
2012-07-19 09:19 . 2012-07-19 09:22 -------- d-----w- c:\users\***\AppData\Roaming\Freemium
2012-07-17 13:50 . 2012-07-17 13:50 -------- d-----w- C:\_OTL
2012-07-14 11:29 . 2012-07-14 11:29 -------- d-----w- c:\program files\ESET
2012-07-13 11:41 . 2012-07-20 08:02 -------- d-----r- c:\users\***\Dropbox
2012-07-13 11:39 . 2012-07-20 12:57 -------- d-----w- c:\users\***\AppData\Roaming\Dropbox
2012-07-12 18:42 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 16:52 . 2012-07-12 16:52 -------- d-----w- c:\program files\7-Zip
2012-07-03 20:16 . 2012-07-12 17:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-03 20:16 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 18:38 . 2012-07-03 18:38 20322816 ----a-w- c:\windows\system32\imageres.dll
2012-06-28 16:36 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-28 16:36 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-28 16:36 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-28 16:36 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-28 16:36 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-28 16:36 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-28 16:36 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-28 16:36 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-28 16:36 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-26 16:20 . 2012-06-26 16:20 -------- d-----w- c:\users\***\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 12:56 . 2012-03-30 11:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-29 12:56 . 2011-06-21 12:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 10:25 . 2012-04-14 06:47 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-27 07:04 . 2012-05-27 07:04 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-15 03:03 . 2012-06-14 06:16 981504 ----a-w- c:\windows\system32\wininet.dll
2012-05-09 13:45 . 2012-04-14 06:51 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-09 13:45 . 2012-04-14 06:51 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-01 04:44 . 2012-06-14 06:16 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 04:41 . 2012-06-14 06:17 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:17 . 2012-06-14 06:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-14 06:16 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-14 06:16 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-14 06:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-14 06:16 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 06:16 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 06:16 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-27 14:36 . 2012-01-22 16:52 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-24 870920]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-07-29 200704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-3 26868192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-08-05 19:08 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 SystemStore;System Store;c:\program files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-ObjectDock Plus 2 - c:\programdata\{0F4A7EFE-5950-4389-BF36-1E625D72456B}\shareware.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2704)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
.
Zeit der Fertigstellung: 2012-07-20 15:23:23
ComboFix-quarantined-files.txt 2012-07-20 13:23
.
Vor Suchlauf: 14 Verzeichnis(se), 98.089.308.160 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 98.177.789.952 Bytes frei
.
- - End Of File - - DE6338130D1B93E2CE573890073882A1
|
|
20.07.2012, 18:29
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.07.2012, 21:03
| #23 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? Meine Herren, das war ja ein richtiger Scan-Marathon. Aber endlich alle 3 Scans erledigt. GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-20 20:24:57
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O
Running: 2q72fcqr.exe; Driver: C:\Users\MARCEL~1\AppData\Local\Temp\kgldipow.sys
---- System - GMER 1.0.15 ----
SSDT 91BE83BE ZwCreateSection
SSDT 91BE83C8 ZwRequestWaitReplyPort
SSDT 91BE83C3 ZwSetContextThread
SSDT 91BE83CD ZwSetSecurityObject
SSDT 91BE83D2 ZwSystemDebugControl
SSDT 91BE835F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8343F3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83478D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 8347FEAC 4 Bytes [BE, 83, BE, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 83480208 4 Bytes [C8, 83, BE, 91] {ENTER 0xbe83, 0x91}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 8348024C 4 Bytes [C3, 83, BE, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 834802C8 4 Bytes [CD, 83, BE, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 8348031C 4 Bytes [D2, 83, BE, 91]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92018000, 0x2D5378, 0xE8000020]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2016] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [013C1210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.DLL (Backup Manager Module/NewTech Infosystems, Inc.)
IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [00871E00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [00872A00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [008711D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\System32\rundll32.exe[3620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:34:10 on 20.07.2012 OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 12.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys (File not found) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\MARCEL~1\AppData\Local\Temp\catchme.sys (File not found) "dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys (File not found) "FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "kgldipow" (kgldipow) - ? - C:\Users\MARCEL~1\AppData\Local\Temp\kgldipow.sys (Hidden registry entry, rootkit activity | File not found) "mwlPSDFilter" (mwlPSDFilter) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys "mwlPSDNServ" (mwlPSDNServ) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys "mwlPSDVDisk" (mwlPSDVDisk) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys (File not found) "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys "VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {0561EC90-CE54-4f0c-9C55-E226110A740C} "{0561EC90-CE54-4f0c-9C55-E226110A740C}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Exctractor" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll "PokerStars.net" - "PokerStars" - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AmIcoSinglun" - "AlcorMicro Co., Ltd." - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k "EgisTecLiveUpdate" - "Egis Technology Inc." - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe" "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe "mwlDaemon" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe "PLFSetI" - ? - C:\Windows\PLFSetI.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PCL hpz3llhn" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3llhn.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe "NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe "NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "System Store" (SystemStore) - ? - C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-20 20:38:26
-----------------------------
20:38:26.456 OS Version: Windows 6.1.7601 Service Pack 1
20:38:26.456 Number of processors: 2 586 0x170A
20:38:26.456 ComputerName: HOME-PC UserName:
20:38:28.141 Initialize success
20:40:04.861 AVAST engine defs: 12072000
20:40:25.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:40:25.656 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
20:40:25.703 Disk 0 MBR read successfully
20:40:25.703 Disk 0 MBR scan
20:40:25.718 Disk 0 Windows 7 default MBR code
20:40:25.765 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
20:40:25.781 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 466938 MB offset 20482048
20:40:25.796 Disk 0 scanning sectors +976771072
20:40:25.921 Disk 0 scanning C:\Windows\system32\drivers
20:41:37.073 Service scanning
20:42:21.049 Modules scanning
20:44:21.466 Disk 0 trace - called modules:
20:44:21.482 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
20:44:21.497 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87505170]
20:44:21.497 3 CLASSPNP.SYS[8bf8859e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85d36028]
20:44:23.010 AVAST engine scan C:\Windows
20:47:42.987 AVAST engine scan C:\Windows\system32
21:14:33.440 AVAST engine scan C:\Windows\system32\drivers
21:19:28.343 AVAST engine scan C:\Users\***
21:49:48.539 AVAST engine scan C:\ProgramData
21:58:32.154 Scan finished successfully
21:59:48.188 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
21:59:48.204 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
|
|
21.07.2012, 15:46
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.07.2012, 16:52
| #25 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? WOW!!! Mit Malwarebytes sieht es ganz gut aus, aber was findet bitte SUPERAntiSpyware alles? Ist doch richtig, dass ich bei der SUPERAntiSpyware nicht ohne deine Anweisung auf "Remove Threads" geklickt habe oder? Hier die beiden Logs: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.21.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 *** :: HOME-PC [Administrator] 21.07.2012 16:56:44 mbam-log-2012-07-21 (18-43-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 379530 Laufzeit: 1 Stunde(n), 45 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/22/2012 at 05:45 PM
Application Version : 5.5.1006
Core Rules Database Version : 8939
Trace Rules Database Version: 6751
Scan type : Complete Scan
Total Scan Time : 01:47:16
Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 780
Memory threats detected : 0
Registry items scanned : 36084
Registry threats detected : 0
File items scanned : 125147
File threats detected : 102
Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\MPRAAPDO.txt [ /zanox.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\FCVCWRNA.txt [ /imrworldwide.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\BJM2LD4J.txt [ /tomtailor.dyntracker.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\PA97ERLA.txt [ /fastclick.net ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\QW9Y5FTN.txt [ /adfarm1.adition.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\O0J5AD5K.txt [ /tradedoubler.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Z5XD11A7.txt [ /www.zanox-affiliate.de ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9VOA5N53.txt [ /atdmt.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\H98HL1SW.txt [ /www.usenext.de ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\J32IAG5P.txt [ /tracking.quisma.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\TRRB9290.txt [ /komtrack.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\WU3QDSME.txt [ /track.effiliation.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\SME3XU64.txt [ /ad1.adfarm1.adition.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\1QOXOB4I.txt [ /ad.dyntracker.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\09ZWXPTM.txt [ /adform.net ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\HMU99BSE.txt [ /unitymedia.de ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\DLWP1TRN.txt [ /track.effiliation.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\EYDSOKS0.txt [ /apmebf.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9OXN9S8T.txt [ /webmasterplan.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\W0WYGXYD.txt [ /ad.zanox.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\XMQO25W5.txt [ /komtrack.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\QU38JLXX.txt [ /track.adform.net ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\WSDWR8ET.txt [ /ad.yieldmanager.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9KA4LFQK.txt [ /zanox-affiliate.de ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\PIZTDTQO.txt [ /butlers.traffective-tracking.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\UJEHDIC9.txt [ /mediaplex.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\S0RGI5RM.txt [ /ad.dyntracker.de ]
C:\USERS\***\Cookies\MPRAAPDO.txt [ Cookie:***@zanox.com/ ]
C:\USERS\***\Cookies\FCVCWRNA.txt [ Cookie:***@imrworldwide.com/cgi-bin ]
C:\USERS\***\Cookies\PA97ERLA.txt [ Cookie:***@fastclick.net/ ]
C:\USERS\***\Cookies\QW9Y5FTN.txt [ Cookie:***@adfarm1.adition.com/ ]
C:\USERS\***\Cookies\O0J5AD5K.txt [ Cookie:***@tradedoubler.com/ ]
C:\USERS\***\Cookies\Z5XD11A7.txt [ Cookie:***@www.zanox-affiliate.de/ ]
C:\USERS\***\Cookies\9VOA5N53.txt [ Cookie:***@atdmt.com/ ]
C:\USERS\***\Cookies\J32IAG5P.txt [ Cookie:***@tracking.quisma.com/ ]
C:\USERS\***\Cookies\WU3QDSME.txt [ Cookie:***@track.effiliation.com/ ]
C:\USERS\***\Cookies\SME3XU64.txt [ Cookie:***@ad1.adfarm1.adition.com/ ]
C:\USERS\***\Cookies\1QOXOB4I.txt [ Cookie:***@ad.dyntracker.com/ ]
C:\USERS\***\Cookies\09ZWXPTM.txt [ Cookie:***@adform.net/ ]
C:\USERS\***\Cookies\DLWP1TRN.txt [ Cookie:***@track.effiliation.com/servlet/ ]
C:\USERS\***\Cookies\XMQO25W5.txt [ Cookie:***@komtrack.com/tr ]
C:\USERS\***\Cookies\WSDWR8ET.txt [ Cookie:***@ad.yieldmanager.com/ ]
C:\USERS\***\Cookies\9KA4LFQK.txt [ Cookie:***@zanox-affiliate.de/ ]
C:\USERS\***\Cookies\PIZTDTQO.txt [ Cookie:***@butlers.traffective-tracking.com/ ]
C:\USERS\***\Cookies\UJEHDIC9.txt [ Cookie:***@mediaplex.com/ ]
C:\USERS\***\Cookies\S0RGI5RM.txt [ Cookie:***@ad.dyntracker.de/ ]
C:\USERS\NADJA\AppData\Roaming\Microsoft\Windows\Cookies\A3IMA573.txt [ Cookie:nadja@apmebf.com/ ]
C:\USERS\NADJA\AppData\Roaming\Microsoft\Windows\Cookies\57L96CMB.txt [ Cookie:nadja@mediaplex.com/ ]
C:\USERS\NADJA\Cookies\A3IMA573.txt [ Cookie:nadja@apmebf.com/ ]
C:\USERS\NADJA\Cookies\57L96CMB.txt [ Cookie:nadja@mediaplex.com/ ]
www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
tracking.mlsat02.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.dyntracker.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
tradefx.advertserve.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
media-manager.ksk-koeln.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
media-manager.ksk-koeln.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-Bifrose
C:\_OTL\MOVEDFILES\07172012_155048\C_PROGRAM FILES\VISTACODECPACK\TOOLS\VISTAUSER.EXE
Geändert von StarCGN (22.07.2012 um 17:01 Uhr) |
|
23.07.2012, 14:34
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? Sieht ok aus, da wurden nur Überreste und Cookies gefunden, kann alles weg Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.07.2012, 10:23
| #27 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? Ansonsten gibt es keinerlei Probleme mehr mit dem System. Wenn Du sagst, dass der folgende Eintrag auch nicht problematisch ist bin ich beruhigt. Trojan.Agent/Gen-Bifrose C:\_OTL\MOVEDFILES\07172012_155048\C_PROGRAM FILES\VISTACODECPACK\TOOLS\VISTAUSER.EXE Ich sollte, meine ich, beim Defogger am Anfang was ausstellen. Kann das nun wieder eingestellt werden (bin gerade überfragt was es war) und welche Programme kann ich jetzt deinstallieren bzw. empfiehlst Du mir das ich welche zur Sicherheit drauf lassen soll, wie z.B. SuperAntiSypWare. Ansonsten kann ich nur sagen  Ihr Jungs habt es echt drauf - einsame spitze. Ich kann dieses Forum nur jedem empfehlen! Liebsten Dank für die Hilfe. |
|
24.07.2012, 19:35
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv?Code:
ATTFilter Trojan.Agent/Gen-Bifrose
C:\_OTL\MOVEDFILES\07172012_155048\C_PROGRAM FILES\VISTACODECPACK\TOOLS\VISTAUSER.EXE
Defogger wäre nur relevant, wenn du ein Tool für virtuelle optische Laufwerke installiert hast also zB DaemonTools was wie viele andere solcher Tools den sog. SPTD-Treiber verwenden Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? |
| aktiv, avira, befall, e-banking, erledigt, frage, fragen, geladen, geschichte, googeln, hallo zusammen, herzlichen, hoffe, laptop, laufen, löschen, malwarebytes, minute, programme, quarantäne, recht, super, tr/atraps.gen, viren, weiterhelfen, überprüfen, zaccess, zusammen |
Linear-Darstellung
