Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? (https://www.trojaner-board.de/118694-tr-atraps-gen-tr-atraps-gen-2-noch-laptop-aktiv.html)

cosinus 19.07.2012 09:38
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

StarCGN 19.07.2012 11:48
So langsam habe ich wieder Hoffnung.

Code:
# AdwCleaner v1.702 - Logfile created 07/19/2012 at 12:42:15
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : *** - HOME-PC
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\***\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\***\AppData\Roaming\Babylon
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\Conduit
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\ConduitCommon
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\ConduitEngine
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\extensions\staged
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files\Funmoods
File Deleted : C:\Users\***\AppData\Local\funmoods.crx

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

Profile name : default
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\user.js ... Deleted !

Deleted : user_pref("CT2269050..clientLogIsEnabled", false);
Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "19-7-2012");
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DialogsGetterLastCheckTime", "Mon Jul 16 2012 17:39:53 GMT+0200");
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Fri Aug 13 2010 21:01:14 GMT+0200");
Deleted : user_pref("CT2269050.FirstServerDate", "7-8-2010");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.HasUserGlobalKeys", true);
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2269050.InstalledDate", "Sat Aug 07 2010 11:22:43 GMT+0200");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Jul 18 2012 17:39:54 GMT+0200");
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_2.7.0.14", "Fri Aug 13 2010 19:51:55 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.12.0.7", "Fri Apr 27 2012 15:24:51 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 16:18:37 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.13.0.6", "Fri Jun 29 2012 13:21:31 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.14.1.0", "Thu Jul 19 2012 11:20:04 GMT+0200");
Deleted : user_pref("CT2269050.LatestVersion", "3.13.0.6");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.LoginCache", 4);
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Fri Aug 13 2010 13:29:24 GMT+0200");
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Jul 18 2012 17:39:53 GMT+0200");
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Wed Jul 18 2012 17:39:53 GMT+0200");
Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Thu Jul 19 2012 11:20:03 GMT+0200");
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1341904940");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sat Aug 07 2010 11:22:42 GMT+0200");
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Deleted : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2269050.UserID", "UN33306201193065366");
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Fri Aug 13 2010 20:52:15 GMT+0200");
Deleted : user_pref("CT2269050.WeatherUnit", "C");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.clientLogIsEnabled", true);
Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.initDone", true);
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.revertSettingsEnabled", true);
Deleted : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.testingCtid", "");
Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Wed Jul 18 2012 17:39:54 GMT+0200");
Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2269050.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=666138&fid=661999", "\"0\""[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"229[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "data:text/plain,keyword.URL=hxxp://de.se[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Jun 10 2011 19:57:46 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 21 2011 14:39:22 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 21 2011 14:39:14 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{b72c522d-5b31-4697-a4eb-a8127ee59c27}");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Aug 13 2010 13:29:24 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "ba0e873b-c11f-4406-ad87-803a6db52242");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon Jun 06 2011 11:47:31 GMT+0200");
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Mar 30 2011 19:17:17 GMT+0200");
Deleted : user_pref("ConduitEngine.FirstServerDate", "03/30/2011 20");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Mar 30 2011 19:17:18 GMT+0200");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Mar 30 2011 19:17:17 GMT+0200");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Mar 30 2011 22:18:13 GMT+0200");
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Mar 30 2011 22:18:13 GMT+0200");
Deleted : user_pref("ConduitEngine.UserID", "UN28008922307916746");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Mar 30 2011 19:17:17 GMT+0200");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Mar 30 2011 19:17:18 GMT+0200");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 1);
Deleted : user_pref("extensions.enabledAddons", "{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6,{46551EC9-40F0-4[...]
Deleted : user_pref("extensions.funmoods.aflt", "softpb");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "DE");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", false);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "8792D0984B691D42120CC75DB7078E3C");
Deleted : user_pref("extensions.funmoods.hmpg", false);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=softpb&chnl=softpb&cd=2Xz[...]
Deleted : user_pref("extensions.funmoods.id", "06265E62502E2CCF");
Deleted : user_pref("extensions.funmoods.instlDay", "15540");
Deleted : user_pref("extensions.funmoods.instlRef", "softpb");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2211:19:54");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", false);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=softpb&chnl=softpb&cd=2[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=softpb&chnl=softpb&cd[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2211:19:54");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", false);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2211:19:54");

Profile name : default
File : C:\Users\Nadja\AppData\Roaming\Mozilla\Firefox\Profiles\r58ep3d6.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14971 octets] - [18/07/2012 18:35:10]
AdwCleaner[S1].txt - [21927 octets] - [19/07/2012 12:42:15]

########## EOF - C:\AdwCleaner[S1].txt - [22056 octets] ##########

cosinus 19.07.2012 19:10
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

StarCGN 19.07.2012 19:44
Auch erledigt!

Code:
20:38:33.0729 3788        TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
20:38:33.0760 3788        ============================================================
20:38:33.0760 3788        Current date / time: 2012/07/19 20:38:33.0760
20:38:33.0760 3788        SystemInfo:
20:38:33.0760 3788       
20:38:33.0760 3788        OS Version: 6.1.7601 ServicePack: 1.0
20:38:33.0760 3788        Product type: Workstation
20:38:33.0760 3788        ComputerName: HOME-PC
20:38:33.0760 3788        UserName: ***
20:38:33.0760 3788        Windows directory: C:\Windows
20:38:33.0760 3788        System windows directory: C:\Windows
20:38:33.0760 3788        Processor architecture: Intel x86
20:38:33.0760 3788        Number of processors: 2
20:38:33.0760 3788        Page size: 0x1000
20:38:33.0760 3788        Boot type: Normal boot
20:38:33.0760 3788        ============================================================
20:38:34.0525 3788        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:38:34.0525 3788        ============================================================
20:38:34.0540 3788        \Device\Harddisk0\DR0:
20:38:34.0540 3788        MBR partitions:
20:38:34.0540 3788        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x38FFD000
20:38:34.0540 3788        ============================================================
20:38:34.0572 3788        C: <-> \Device\Harddisk0\DR0\Partition0
20:38:34.0572 3788        ============================================================
20:38:34.0572 3788        Initialize success
20:38:34.0572 3788        ============================================================
20:38:49.0922 2672        ============================================================
20:38:49.0922 2672        Scan started
20:38:49.0922 2672        Mode: Manual; SigCheck; TDLFS;
20:38:49.0922 2672        ============================================================
20:38:51.0030 2672        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
20:38:51.0201 2672        1394ohci - ok
20:38:51.0310 2672        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
20:38:51.0326 2672        ACPI - ok
20:38:51.0388 2672        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
20:38:51.0498 2672        AcpiPmi - ok
20:38:51.0638 2672        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:38:51.0654 2672        adp94xx - ok
20:38:51.0700 2672        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:38:51.0732 2672        adpahci - ok
20:38:51.0810 2672        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:38:51.0841 2672        adpu320 - ok
20:38:51.0888 2672        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
20:38:51.0981 2672        AeLookupSvc - ok
20:38:52.0090 2672        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
20:38:52.0200 2672        AFD - ok
20:38:52.0387 2672        AgereSoftModem  (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
20:38:52.0512 2672        AgereSoftModem - ok
20:38:52.0574 2672        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
20:38:52.0590 2672        agp440 - ok
20:38:52.0683 2672        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:38:52.0714 2672        aic78xx - ok
20:38:52.0839 2672        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
20:38:52.0917 2672        ALG - ok
20:38:53.0026 2672        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
20:38:53.0042 2672        aliide - ok
20:38:53.0104 2672        AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe
20:38:53.0167 2672        AMD External Events Utility - ok
20:38:53.0198 2672        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
20:38:53.0214 2672        amdagp - ok
20:38:53.0260 2672        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
20:38:53.0292 2672        amdide - ok
20:38:53.0354 2672        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:38:53.0432 2672        AmdK8 - ok
20:38:53.0448 2672        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:38:53.0494 2672        AmdPPM - ok
20:38:53.0588 2672        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
20:38:53.0604 2672        amdsata - ok
20:38:53.0650 2672        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:38:53.0682 2672        amdsbs - ok
20:38:53.0697 2672        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
20:38:53.0713 2672        amdxata - ok
20:38:53.0916 2672        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:38:53.0947 2672        AntiVirSchedulerService - ok
20:38:53.0978 2672        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:38:53.0994 2672        AntiVirService - ok
20:38:54.0056 2672        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
20:38:54.0181 2672        AppID - ok
20:38:54.0228 2672        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
20:38:54.0290 2672        AppIDSvc - ok
20:38:54.0368 2672        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
20:38:54.0430 2672        Appinfo - ok
20:38:54.0508 2672        AppMgmt        (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
20:38:54.0540 2672        AppMgmt - ok
20:38:54.0618 2672        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:38:54.0633 2672        arc - ok
20:38:54.0649 2672        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:38:54.0664 2672        arcsas - ok
20:38:54.0680 2672        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:38:54.0805 2672        AsyncMac - ok
20:38:54.0867 2672        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
20:38:54.0883 2672        atapi - ok
20:38:54.0992 2672        athr            (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
20:38:55.0070 2672        athr - ok
20:38:55.0382 2672        atikmdag        (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
20:38:55.0741 2672        atikmdag - ok
20:38:55.0959 2672        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
20:38:56.0037 2672        AudioEndpointBuilder - ok
20:38:56.0053 2672        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
20:38:56.0084 2672        Audiosrv - ok
20:38:56.0178 2672        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
20:38:56.0209 2672        avgntflt - ok
20:38:56.0240 2672        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
20:38:56.0256 2672        avipbb - ok
20:38:56.0271 2672        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
20:38:56.0287 2672        avkmgr - ok
20:38:56.0349 2672        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
20:38:56.0396 2672        AxInstSV - ok
20:38:56.0474 2672        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:38:56.0521 2672        b06bdrv - ok
20:38:56.0568 2672        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:38:56.0583 2672        b57nd60x - ok
20:38:56.0646 2672        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
20:38:56.0708 2672        BDESVC - ok
20:38:56.0770 2672        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:38:56.0833 2672        Beep - ok
20:38:56.0926 2672        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
20:38:57.0004 2672        BFE - ok
20:38:57.0067 2672        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
20:38:57.0114 2672        BITS - ok
20:38:57.0129 2672        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:38:57.0176 2672        blbdrive - ok
20:38:57.0207 2672        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
20:38:57.0285 2672        bowser - ok
20:38:57.0301 2672        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:38:57.0316 2672        BrFiltLo - ok
20:38:57.0363 2672        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:38:57.0426 2672        BrFiltUp - ok
20:38:57.0488 2672        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
20:38:57.0566 2672        Browser - ok
20:38:57.0597 2672        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:38:57.0644 2672        Brserid - ok
20:38:57.0660 2672        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:38:57.0675 2672        BrSerWdm - ok
20:38:57.0722 2672        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:38:57.0769 2672        BrUsbMdm - ok
20:38:57.0769 2672        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:38:57.0800 2672        BrUsbSer - ok
20:38:57.0831 2672        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:38:57.0862 2672        BTHMODEM - ok
20:38:57.0940 2672        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
20:38:58.0003 2672        bthserv - ok
20:38:58.0081 2672        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:38:58.0159 2672        cdfs - ok
20:38:58.0237 2672        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
20:38:58.0284 2672        cdrom - ok
20:38:58.0362 2672        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
20:38:58.0424 2672        CertPropSvc - ok
20:38:58.0502 2672        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:38:58.0518 2672        circlass - ok
20:38:58.0580 2672        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:38:58.0596 2672        CLFS - ok
20:38:58.0720 2672        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:38:58.0752 2672        clr_optimization_v2.0.50727_32 - ok
20:38:58.0830 2672        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:38:58.0861 2672        clr_optimization_v4.0.30319_32 - ok
20:38:58.0908 2672        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:38:58.0954 2672        CmBatt - ok
20:38:59.0001 2672        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
20:38:59.0017 2672        cmdide - ok
20:38:59.0064 2672        CNG            (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
20:38:59.0095 2672        CNG - ok
20:38:59.0095 2672        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:38:59.0110 2672        Compbatt - ok
20:38:59.0188 2672        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
20:38:59.0235 2672        CompositeBus - ok
20:38:59.0266 2672        COMSysApp - ok
20:38:59.0313 2672        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:38:59.0344 2672        crcdisk - ok
20:38:59.0407 2672        CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
20:38:59.0469 2672        CryptSvc - ok
20:38:59.0532 2672        CSC            (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
20:38:59.0610 2672        CSC - ok
20:38:59.0641 2672        CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
20:38:59.0703 2672        CscService - ok
20:38:59.0734 2672        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
20:38:59.0781 2672        DcomLaunch - ok
20:38:59.0828 2672        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
20:38:59.0890 2672        defragsvc - ok
20:38:59.0984 2672        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
20:39:00.0031 2672        DfsC - ok
20:39:00.0046 2672        dgderdrv - ok
20:39:00.0124 2672        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
20:39:00.0187 2672        Dhcp - ok
20:39:00.0218 2672        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:39:00.0280 2672        discache - ok
20:39:00.0327 2672        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:39:00.0358 2672        Disk - ok
20:39:00.0390 2672        DKbFltr        (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
20:39:00.0405 2672        DKbFltr - ok
20:39:00.0452 2672        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
20:39:00.0499 2672        Dnscache - ok
20:39:00.0546 2672        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
20:39:00.0624 2672        dot3svc - ok
20:39:00.0655 2672        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
20:39:00.0717 2672        DPS - ok
20:39:00.0780 2672        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:39:00.0842 2672        drmkaud - ok
20:39:00.0904 2672        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
20:39:00.0936 2672        DXGKrnl - ok
20:39:00.0998 2672        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
20:39:01.0076 2672        EapHost - ok
20:39:01.0279 2672        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:39:01.0372 2672        ebdrv - ok
20:39:01.0528 2672        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
20:39:01.0575 2672        EFS - ok
20:39:01.0700 2672        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
20:39:01.0762 2672        ehRecvr - ok
20:39:01.0840 2672        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
20:39:01.0856 2672        ehSched - ok
20:39:01.0981 2672        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:39:02.0012 2672        elxstor - ok
20:39:02.0230 2672        ePowerSvc      (2072cbe938dd355c4a52e9a4dcf5439f) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
20:39:02.0262 2672        ePowerSvc - ok
20:39:02.0308 2672        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
20:39:02.0355 2672        ErrDev - ok
20:39:02.0418 2672        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
20:39:02.0464 2672        EventSystem - ok
20:39:02.0511 2672        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:39:02.0574 2672        exfat - ok
20:39:02.0605 2672        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:39:02.0652 2672        fastfat - ok
20:39:02.0745 2672        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
20:39:02.0808 2672        Fax - ok
20:39:02.0823 2672        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:39:02.0839 2672        fdc - ok
20:39:02.0901 2672        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
20:39:02.0964 2672        fdPHost - ok
20:39:02.0995 2672        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
20:39:03.0057 2672        FDResPub - ok
20:39:03.0073 2672        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:39:03.0088 2672        FileInfo - ok
20:39:03.0135 2672        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:39:03.0213 2672        Filetrace - ok
20:39:03.0229 2672        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:39:03.0260 2672        flpydisk - ok
20:39:03.0307 2672        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:39:03.0322 2672        FltMgr - ok
20:39:03.0385 2672        FontCache      (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
20:39:03.0447 2672        FontCache - ok
20:39:03.0588 2672        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:39:03.0603 2672        FontCache3.0.0.0 - ok
20:39:03.0619 2672        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:39:03.0650 2672        FsDepends - ok
20:39:03.0712 2672        FsUsbExDisk    (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
20:39:03.0744 2672        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
20:39:03.0744 2672        FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
20:39:03.0790 2672        FsUsbExService  (f96c429788350db4ba6771c3034dfd88) C:\Windows\system32\FsUsbExService.Exe
20:39:03.0806 2672        FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
20:39:03.0806 2672        FsUsbExService - detected UnsignedFile.Multi.Generic (1)
20:39:03.0853 2672        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
20:39:03.0868 2672        Fs_Rec - ok
20:39:03.0931 2672        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
20:39:03.0962 2672        fvevol - ok
20:39:04.0024 2672        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:39:04.0040 2672        gagp30kx - ok
20:39:04.0118 2672        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
20:39:04.0196 2672        gpsvc - ok
20:39:04.0305 2672        gusvc          (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:39:04.0321 2672        gusvc - ok
20:39:04.0368 2672        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:39:04.0414 2672        hcw85cir - ok
20:39:04.0492 2672        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
20:39:04.0539 2672        HDAudBus - ok
20:39:04.0570 2672        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:39:04.0617 2672        HidBatt - ok
20:39:04.0648 2672        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:39:04.0695 2672        HidBth - ok
20:39:04.0773 2672        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:39:04.0789 2672        HidIr - ok
20:39:04.0836 2672        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
20:39:04.0882 2672        hidserv - ok
20:39:04.0960 2672        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
20:39:04.0976 2672        HidUsb - ok
20:39:05.0023 2672        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
20:39:05.0085 2672        hkmsvc - ok
20:39:05.0132 2672        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
20:39:05.0179 2672        HomeGroupListener - ok
20:39:05.0226 2672        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
20:39:05.0257 2672        HomeGroupProvider - ok
20:39:05.0335 2672        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
20:39:05.0366 2672        HpSAMD - ok
20:39:05.0413 2672        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
20:39:05.0444 2672        HTTP - ok
20:39:05.0506 2672        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
20:39:05.0522 2672        hwpolicy - ok
20:39:05.0569 2672        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
20:39:05.0600 2672        i8042prt - ok
20:39:05.0647 2672        iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
20:39:05.0662 2672        iaStor - ok
20:39:05.0740 2672        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
20:39:05.0772 2672        iaStorV - ok
20:39:05.0959 2672        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:39:05.0990 2672        idsvc - ok
20:39:06.0037 2672        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:39:06.0068 2672        iirsp - ok
20:39:06.0130 2672        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
20:39:06.0208 2672        IKEEXT - ok
20:39:06.0364 2672        IntcAzAudAddService (ffb0b713a54dd05193dbcd0b790b37ee) C:\Windows\system32\drivers\RTKVHDA.sys
20:39:06.0411 2672        IntcAzAudAddService - ok
20:39:06.0598 2672        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
20:39:06.0630 2672        intelide - ok
20:39:06.0692 2672        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:39:06.0708 2672        intelppm - ok
20:39:06.0770 2672        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
20:39:06.0832 2672        IPBusEnum - ok
20:39:06.0848 2672        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:39:06.0895 2672        IpFilterDriver - ok
20:39:06.0957 2672        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
20:39:07.0004 2672        iphlpsvc - ok
20:39:07.0051 2672        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
20:39:07.0082 2672        IPMIDRV - ok
20:39:07.0113 2672        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:39:07.0191 2672        IPNAT - ok
20:39:07.0254 2672        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:39:07.0285 2672        IRENUM - ok
20:39:07.0300 2672        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
20:39:07.0316 2672        isapnp - ok
20:39:07.0363 2672        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
20:39:07.0378 2672        iScsiPrt - ok
20:39:07.0441 2672        k57nd60x        (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
20:39:07.0503 2672        k57nd60x - ok
20:39:07.0534 2672        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
20:39:07.0550 2672        kbdclass - ok
20:39:07.0612 2672        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
20:39:07.0644 2672        kbdhid - ok
20:39:07.0690 2672        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:39:07.0722 2672        KeyIso - ok
20:39:07.0753 2672        KSecDD          (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
20:39:07.0753 2672        KSecDD - ok
20:39:07.0768 2672        KSecPkg        (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
20:39:07.0784 2672        KSecPkg - ok
20:39:07.0846 2672        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
20:39:07.0878 2672        KtmRm - ok
20:39:07.0940 2672        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
20:39:08.0002 2672        LanmanServer - ok
20:39:08.0096 2672        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
20:39:08.0174 2672        LanmanWorkstation - ok
20:39:08.0252 2672        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:39:08.0330 2672        lltdio - ok
20:39:08.0424 2672        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
20:39:08.0470 2672        lltdsvc - ok
20:39:08.0470 2672        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
20:39:08.0533 2672        lmhosts - ok
20:39:08.0595 2672        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:39:08.0626 2672        LSI_FC - ok
20:39:08.0658 2672        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:39:08.0689 2672        LSI_SAS - ok
20:39:08.0704 2672        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:39:08.0720 2672        LSI_SAS2 - ok
20:39:08.0736 2672        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:39:08.0751 2672        LSI_SCSI - ok
20:39:08.0767 2672        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:39:08.0798 2672        luafv - ok
20:39:08.0845 2672        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
20:39:08.0876 2672        Mcx2Svc - ok
20:39:08.0892 2672        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:39:08.0907 2672        megasas - ok
20:39:08.0938 2672        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:39:08.0954 2672        MegaSR - ok
20:39:09.0110 2672        Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:39:09.0126 2672        Microsoft Office Groove Audit Service - ok
20:39:09.0172 2672        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:39:09.0235 2672        MMCSS - ok
20:39:09.0266 2672        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:39:09.0313 2672        Modem - ok
20:39:09.0375 2672        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:39:09.0422 2672        monitor - ok
20:39:09.0500 2672        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
20:39:09.0531 2672        mouclass - ok
20:39:09.0547 2672        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:39:09.0578 2672        mouhid - ok
20:39:09.0625 2672        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
20:39:09.0625 2672        mountmgr - ok
20:39:09.0672 2672        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:39:09.0687 2672        MozillaMaintenance - ok
20:39:09.0734 2672        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
20:39:09.0750 2672        mpio - ok
20:39:09.0796 2672        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:39:09.0859 2672        mpsdrv - ok
20:39:09.0921 2672        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
20:39:10.0015 2672        MpsSvc - ok
20:39:10.0062 2672        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
20:39:10.0077 2672        MRxDAV - ok
20:39:10.0124 2672        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:39:10.0155 2672        mrxsmb - ok
20:39:10.0186 2672        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:39:10.0233 2672        mrxsmb10 - ok
20:39:10.0249 2672        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:39:10.0296 2672        mrxsmb20 - ok
20:39:10.0327 2672        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
20:39:10.0342 2672        msahci - ok
20:39:10.0405 2672        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
20:39:10.0420 2672        msdsm - ok
20:39:10.0467 2672        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
20:39:10.0530 2672        MSDTC - ok
20:39:10.0592 2672        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:39:10.0654 2672        Msfs - ok
20:39:10.0654 2672        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:39:10.0701 2672        mshidkmdf - ok
20:39:10.0748 2672        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
20:39:10.0764 2672        msisadrv - ok
20:39:10.0826 2672        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
20:39:10.0888 2672        MSiSCSI - ok
20:39:10.0888 2672        msiserver - ok
20:39:10.0982 2672        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:39:11.0044 2672        MSKSSRV - ok
20:39:11.0076 2672        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:39:11.0122 2672        MSPCLOCK - ok
20:39:11.0154 2672        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:39:11.0216 2672        MSPQM - ok
20:39:11.0232 2672        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:39:11.0247 2672        MsRPC - ok
20:39:11.0294 2672        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
20:39:11.0310 2672        mssmbios - ok
20:39:11.0372 2672        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:39:11.0419 2672        MSTEE - ok
20:39:11.0434 2672        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:39:11.0450 2672        MTConfig - ok
20:39:11.0466 2672        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:39:11.0466 2672        Mup - ok
20:39:11.0528 2672        mwlPSDFilter    (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
20:39:11.0559 2672        mwlPSDFilter - ok
20:39:11.0559 2672        mwlPSDNServ    (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
20:39:11.0575 2672        mwlPSDNServ - ok
20:39:11.0590 2672        mwlPSDVDisk    (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
20:39:11.0606 2672        mwlPSDVDisk - ok
20:39:11.0762 2672        MWLService      (fd257cd94057d02108b954156d7b2770) C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
20:39:11.0778 2672        MWLService - ok
20:39:11.0840 2672        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
20:39:11.0902 2672        napagent - ok
20:39:11.0996 2672        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:39:12.0027 2672        NativeWifiP - ok
20:39:12.0074 2672        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
20:39:12.0090 2672        NDIS - ok
20:39:12.0105 2672        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:39:12.0152 2672        NdisCap - ok
20:39:12.0183 2672        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:39:12.0246 2672        NdisTapi - ok
20:39:12.0308 2672        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
20:39:12.0355 2672        Ndisuio - ok
20:39:12.0402 2672        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
20:39:12.0464 2672        NdisWan - ok
20:39:12.0495 2672        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
20:39:12.0558 2672        NDProxy - ok
20:39:12.0620 2672        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:39:12.0667 2672        NetBIOS - ok
20:39:12.0714 2672        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
20:39:12.0776 2672        NetBT - ok
20:39:12.0807 2672        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:39:12.0823 2672        Netlogon - ok
20:39:12.0901 2672        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
20:39:12.0979 2672        Netman - ok
20:39:13.0010 2672        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
20:39:13.0057 2672        netprofm - ok
20:39:13.0213 2672        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:39:13.0228 2672        NetTcpPortSharing - ok
20:39:13.0291 2672        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:39:13.0306 2672        nfrd960 - ok
20:39:13.0353 2672        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
20:39:13.0416 2672        NlaSvc - ok
20:39:13.0447 2672        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:39:13.0509 2672        Npfs - ok
20:39:13.0556 2672        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
20:39:13.0587 2672        nsi - ok
20:39:13.0603 2672        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:39:13.0650 2672        nsiproxy - ok
20:39:13.0728 2672        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
20:39:13.0774 2672        Ntfs - ok
20:39:13.0930 2672        NTI IScheduleSvc (944e3911888b9fffd843b91c8abbd3f6) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
20:39:13.0946 2672        NTI IScheduleSvc - ok
20:39:13.0977 2672        NTIBackupSvc    (973dcb15731339fca176e534055cf115) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
20:39:13.0993 2672        NTIBackupSvc - ok
20:39:14.0180 2672        NTIDrvr        (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys
20:39:14.0196 2672        NTIDrvr - ok
20:39:14.0211 2672        NTISchedulerSvc (58751f9248d50bce1053976c9e2f0859) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
20:39:14.0227 2672        NTISchedulerSvc - ok
20:39:14.0274 2672        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:39:14.0336 2672        Null - ok
20:39:14.0383 2672        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
20:39:14.0398 2672        nvraid - ok
20:39:14.0414 2672        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
20:39:14.0430 2672        nvstor - ok
20:39:14.0445 2672        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
20:39:14.0461 2672        nv_agp - ok
20:39:14.0586 2672        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:39:14.0601 2672        odserv - ok
20:39:14.0648 2672        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
20:39:14.0695 2672        ohci1394 - ok
20:39:14.0757 2672        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:39:14.0804 2672        ose - ok
20:39:14.0851 2672        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:39:14.0898 2672        p2pimsvc - ok
20:39:14.0960 2672        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
20:39:14.0976 2672        p2psvc - ok
20:39:15.0038 2672        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:39:15.0069 2672        Parport - ok
20:39:15.0116 2672        partmgr        (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
20:39:15.0132 2672        partmgr - ok
20:39:15.0147 2672        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:39:15.0210 2672        Parvdm - ok
20:39:15.0241 2672        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
20:39:15.0272 2672        PcaSvc - ok
20:39:15.0319 2672        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
20:39:15.0334 2672        pci - ok
20:39:15.0350 2672        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
20:39:15.0366 2672        pciide - ok
20:39:15.0412 2672        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:39:15.0444 2672        pcmcia - ok
20:39:15.0444 2672        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:39:15.0459 2672        pcw - ok
20:39:15.0506 2672        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:39:15.0568 2672        PEAUTH - ok
20:39:15.0693 2672        PeerDistSvc    (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
20:39:15.0756 2672        PeerDistSvc - ok
20:39:15.0865 2672        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
20:39:15.0943 2672        pla - ok
20:39:16.0146 2672        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
20:39:16.0177 2672        PlugPlay - ok
20:39:16.0224 2672        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
20:39:16.0270 2672        PNRPAutoReg - ok
20:39:16.0302 2672        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:39:16.0333 2672        PNRPsvc - ok
20:39:16.0395 2672        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
20:39:16.0473 2672        PolicyAgent - ok
20:39:16.0520 2672        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
20:39:16.0551 2672        Power - ok
20:39:16.0660 2672        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:39:16.0707 2672        PptpMiniport - ok
20:39:16.0723 2672        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:39:16.0754 2672        Processor - ok
20:39:16.0785 2672        ProfSvc        (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
20:39:16.0832 2672        ProfSvc - ok
20:39:16.0863 2672        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:39:16.0879 2672        ProtectedStorage - ok
20:39:16.0910 2672        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:39:16.0941 2672        Psched - ok
20:39:17.0004 2672        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:39:17.0050 2672        ql2300 - ok
20:39:17.0238 2672        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:39:17.0253 2672        ql40xx - ok
20:39:17.0316 2672        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
20:39:17.0347 2672        QWAVE - ok
20:39:17.0362 2672        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:39:17.0378 2672        QWAVEdrv - ok
20:39:17.0472 2672        RapiMgr        (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
20:39:17.0487 2672        RapiMgr - ok
20:39:17.0503 2672        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:39:17.0550 2672        RasAcd - ok
20:39:17.0628 2672        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:39:17.0706 2672        RasAgileVpn - ok
20:39:17.0737 2672        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
20:39:17.0784 2672        RasAuto - ok
20:39:17.0830 2672        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:39:17.0877 2672        Rasl2tp - ok
20:39:17.0924 2672        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
20:39:17.0971 2672        RasMan - ok
20:39:18.0002 2672        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:39:18.0064 2672        RasPppoe - ok
20:39:18.0080 2672        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:39:18.0142 2672        RasSstp - ok
20:39:18.0174 2672        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
20:39:18.0236 2672        rdbss - ok
20:39:18.0283 2672        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:39:18.0298 2672        rdpbus - ok
20:39:18.0345 2672        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:39:18.0408 2672        RDPCDD - ok
20:39:18.0454 2672        RDPDR          (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
20:39:18.0470 2672        RDPDR - ok
20:39:18.0501 2672        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:39:18.0548 2672        RDPENCDD - ok
20:39:18.0564 2672        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:39:18.0595 2672        RDPREFMP - ok
20:39:18.0657 2672        RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
20:39:18.0704 2672        RdpVideoMiniport - ok
20:39:18.0735 2672        RDPWD          (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
20:39:18.0782 2672        RDPWD - ok
20:39:18.0860 2672        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
20:39:18.0876 2672        rdyboost - ok
20:39:18.0922 2672        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
20:39:18.0985 2672        RemoteAccess - ok
20:39:19.0032 2672        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
20:39:19.0063 2672        RemoteRegistry - ok
20:39:19.0063 2672        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
20:39:19.0125 2672        RpcEptMapper - ok
20:39:19.0141 2672        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
20:39:19.0188 2672        RpcLocator - ok
20:39:19.0250 2672        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
20:39:19.0297 2672        RpcSs - ok
20:39:19.0390 2672        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:39:19.0437 2672        rspndr - ok
20:39:19.0515 2672        RTHDMIAzAudService (4a8393f03cb2f40e08126d83916c5633) C:\Windows\system32\drivers\RtHDMIV.sys
20:39:19.0531 2672        RTHDMIAzAudService - ok
20:39:19.0578 2672        s3cap          (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
20:39:19.0624 2672        s3cap - ok
20:39:19.0687 2672        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:39:19.0718 2672        SamSs - ok
20:39:19.0734 2672        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
20:39:19.0749 2672        sbp2port - ok
20:39:19.0812 2672        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
20:39:19.0858 2672        SCardSvr - ok
20:39:19.0905 2672        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
20:39:19.0983 2672        scfilter - ok
20:39:20.0046 2672        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
20:39:20.0092 2672        Schedule - ok
20:39:20.0155 2672        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
20:39:20.0186 2672        SCPolicySvc - ok
20:39:20.0217 2672        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
20:39:20.0264 2672        SDRSVC - ok
20:39:20.0326 2672        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:39:20.0373 2672        secdrv - ok
20:39:20.0420 2672        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
20:39:20.0482 2672        seclogon - ok
20:39:20.0498 2672        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
20:39:20.0529 2672        SENS - ok
20:39:20.0545 2672        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
20:39:20.0592 2672        SensrSvc - ok
20:39:20.0607 2672        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:39:20.0654 2672        Serenum - ok
20:39:20.0685 2672        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:39:20.0716 2672        Serial - ok
20:39:20.0763 2672        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:39:20.0779 2672        sermouse - ok
20:39:20.0841 2672        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
20:39:20.0888 2672        SessionEnv - ok
20:39:20.0935 2672        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
20:39:20.0966 2672        sffdisk - ok
20:39:20.0966 2672        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
20:39:20.0997 2672        sffp_mmc - ok
20:39:20.0997 2672        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
20:39:21.0013 2672        sffp_sd - ok
20:39:21.0060 2672        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:39:21.0075 2672        sfloppy - ok
20:39:21.0153 2672        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
20:39:21.0216 2672        SharedAccess - ok
20:39:21.0325 2672        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
20:39:21.0372 2672        ShellHWDetection - ok
20:39:21.0403 2672        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
20:39:21.0434 2672        sisagp - ok
20:39:21.0450 2672        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:39:21.0465 2672        SiSRaid2 - ok
20:39:21.0481 2672        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:39:21.0496 2672        SiSRaid4 - ok
20:39:21.0559 2672        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:39:21.0606 2672        Smb - ok
20:39:21.0684 2672        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
20:39:21.0699 2672        SNMPTRAP - ok
20:39:21.0715 2672        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:39:21.0730 2672        spldr - ok
20:39:21.0793 2672        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
20:39:21.0840 2672        Spooler - ok
20:39:22.0027 2672        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
20:39:22.0120 2672        sppsvc - ok
20:39:22.0292 2672        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
20:39:22.0370 2672        sppuinotify - ok
20:39:22.0464 2672        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
20:39:22.0526 2672        srv - ok
20:39:22.0557 2672        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
20:39:22.0620 2672        srv2 - ok
20:39:22.0651 2672        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
20:39:22.0698 2672        srvnet - ok
20:39:22.0744 2672        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
20:39:22.0822 2672        SSDPSRV - ok
20:39:22.0854 2672        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:39:22.0869 2672        ssmdrv - ok
20:39:22.0885 2672        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
20:39:22.0932 2672        SstpSvc - ok
20:39:23.0025 2672        StarOpen        (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
20:39:23.0056 2672        StarOpen ( UnsignedFile.Multi.Generic ) - warning
20:39:23.0056 2672        StarOpen - detected UnsignedFile.Multi.Generic (1)
20:39:23.0103 2672        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:39:23.0134 2672        stexstor - ok
20:39:23.0197 2672        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
20:39:23.0275 2672        StiSvc - ok
20:39:23.0306 2672        storflt        (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
20:39:23.0322 2672        storflt - ok
20:39:23.0337 2672        storvsc        (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
20:39:23.0353 2672        storvsc - ok
20:39:23.0400 2672        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
20:39:23.0431 2672        swenum - ok
20:39:23.0493 2672        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
20:39:23.0540 2672        swprv - ok
20:39:23.0556 2672        Synth3dVsc - ok
20:39:23.0602 2672        SynTP          (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
20:39:23.0634 2672        SynTP - ok
20:39:23.0727 2672        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
20:39:23.0774 2672        SysMain - ok
20:39:23.0883 2672        SystemStore    (d7e795032847a6e6e9fbc5e296ae0838) C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
20:39:23.0914 2672        SystemStore ( UnsignedFile.Multi.Generic ) - warning
20:39:23.0914 2672        SystemStore - detected UnsignedFile.Multi.Generic (1)
20:39:23.0946 2672        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
20:39:24.0008 2672        TabletInputService - ok
20:39:24.0070 2672        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
20:39:24.0102 2672        TapiSrv - ok
20:39:24.0133 2672        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
20:39:24.0164 2672        TBS - ok
20:39:24.0320 2672        Tcpip          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
20:39:24.0367 2672        Tcpip - ok
20:39:24.0382 2672        TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
20:39:24.0414 2672        TCPIP6 - ok
20:39:24.0476 2672        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
20:39:24.0538 2672        tcpipreg - ok
20:39:24.0570 2672        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
20:39:24.0616 2672        TDPIPE - ok
20:39:24.0663 2672        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
20:39:24.0694 2672        TDTCP - ok
20:39:24.0741 2672        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
20:39:24.0804 2672        tdx - ok
20:39:24.0850 2672        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
20:39:24.0866 2672        TermDD - ok
20:39:24.0928 2672        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
20:39:24.0975 2672        TermService - ok
20:39:25.0022 2672        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
20:39:25.0053 2672        Themes - ok
20:39:25.0100 2672        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:39:25.0131 2672        THREADORDER - ok
20:39:25.0131 2672        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
20:39:25.0194 2672        TrkWks - ok
20:39:25.0303 2672        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
20:39:25.0365 2672        TrustedInstaller - ok
20:39:25.0396 2672        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:39:25.0428 2672        tssecsrv - ok
20:39:25.0490 2672        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
20:39:25.0521 2672        TsUsbFlt - ok
20:39:25.0521 2672        tsusbhub - ok
20:39:25.0584 2672        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
20:39:25.0646 2672        tunnel - ok
20:39:25.0677 2672        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:39:25.0693 2672        uagp35 - ok
20:39:25.0724 2672        UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
20:39:25.0740 2672        UBHelper - ok
20:39:25.0786 2672        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
20:39:25.0833 2672        udfs - ok
20:39:25.0880 2672        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
20:39:25.0927 2672        UI0Detect - ok
20:39:25.0958 2672        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
20:39:25.0974 2672        uliagpkx - ok
20:39:26.0005 2672        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
20:39:26.0020 2672        umbus - ok
20:39:26.0083 2672        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:39:26.0114 2672        UmPass - ok
20:39:26.0161 2672        UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
20:39:26.0192 2672        UmRdpService - ok
20:39:26.0239 2672        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
20:39:26.0317 2672        upnphost - ok
20:39:26.0348 2672        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
20:39:26.0379 2672        usbccgp - ok
20:39:26.0442 2672        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
20:39:26.0457 2672        usbcir - ok
20:39:26.0488 2672        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
20:39:26.0504 2672        usbehci - ok
20:39:26.0535 2672        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
20:39:26.0582 2672        usbhub - ok
20:39:26.0644 2672        usbohci        (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
20:39:26.0707 2672        usbohci - ok
20:39:26.0738 2672        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:39:26.0754 2672        usbprint - ok
20:39:26.0816 2672        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:39:26.0847 2672        USBSTOR - ok
20:39:26.0863 2672        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:39:26.0878 2672        usbuhci - ok
20:39:26.0910 2672        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
20:39:26.0925 2672        usbvideo - ok
20:39:26.0956 2672        usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
20:39:27.0003 2672        usb_rndisx - ok
20:39:27.0050 2672        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
20:39:27.0081 2672        UxSms - ok
20:39:27.0128 2672        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:39:27.0144 2672        VaultSvc - ok
20:39:27.0206 2672        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
20:39:27.0222 2672        vdrvroot - ok
20:39:27.0300 2672        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
20:39:27.0346 2672        vds - ok
20:39:27.0393 2672        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:39:27.0440 2672        vga - ok
20:39:27.0471 2672        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:39:27.0503 2672        VgaSave - ok
20:39:27.0518 2672        VGPU - ok
20:39:27.0565 2672        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
20:39:27.0596 2672        vhdmp - ok
20:39:27.0659 2672        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
20:39:27.0674 2672        viaagp - ok
20:39:27.0721 2672        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:39:27.0768 2672        ViaC7 - ok
20:39:27.0799 2672        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
20:39:27.0815 2672        viaide - ok
20:39:27.0846 2672        vmbus          (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
20:39:27.0861 2672        vmbus - ok
20:39:27.0861 2672        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
20:39:27.0908 2672        VMBusHID - ok
20:39:27.0924 2672        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
20:39:27.0939 2672        volmgr - ok
20:39:27.0971 2672        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:39:27.0986 2672        volmgrx - ok
20:39:28.0033 2672        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
20:39:28.0049 2672        volsnap - ok
20:39:28.0127 2672        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:39:28.0142 2672        vsmraid - ok
20:39:28.0236 2672        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
20:39:28.0314 2672        VSS - ok
20:39:28.0345 2672        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
20:39:28.0376 2672        vwifibus - ok
20:39:28.0407 2672        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
20:39:28.0423 2672        vwififlt - ok
20:39:28.0470 2672        vwifimp        (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
20:39:28.0485 2672        vwifimp - ok
20:39:28.0548 2672        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
20:39:28.0610 2672        W32Time - ok
20:39:28.0657 2672        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:39:28.0688 2672        WacomPen - ok
20:39:28.0766 2672        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:39:28.0829 2672        WANARP - ok
20:39:28.0829 2672        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:39:28.0860 2672        Wanarpv6 - ok
20:39:28.0938 2672        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
20:39:28.0985 2672        wbengine - ok
20:39:29.0031 2672        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
20:39:29.0078 2672        WbioSrvc - ok
20:39:29.0203 2672        WcesComm        (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
20:39:29.0234 2672        WcesComm - ok
20:39:29.0281 2672        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
20:39:29.0343 2672        wcncsvc - ok
20:39:29.0375 2672        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
20:39:29.0437 2672        WcsPlugInService - ok
20:39:29.0515 2672        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:39:29.0546 2672        Wd - ok
20:39:29.0577 2672        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:39:29.0593 2672        Wdf01000 - ok
20:39:29.0609 2672        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:39:29.0655 2672        WdiServiceHost - ok
20:39:29.0655 2672        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:39:29.0671 2672        WdiSystemHost - ok
20:39:29.0733 2672        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
20:39:29.0780 2672        WebClient - ok
20:39:29.0827 2672        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
20:39:29.0858 2672        Wecsvc - ok
20:39:29.0874 2672        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
20:39:29.0905 2672        wercplsupport - ok
20:39:29.0936 2672        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
20:39:29.0967 2672        WerSvc - ok
20:39:29.0999 2672        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:39:30.0014 2672        WfpLwf - ok
20:39:30.0030 2672        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:39:30.0045 2672        WIMMount - ok
20:39:30.0217 2672        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
20:39:30.0279 2672        WinDefend - ok
20:39:30.0295 2672        WinHttpAutoProxySvc - ok
20:39:30.0389 2672        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
20:39:30.0451 2672        Winmgmt - ok
20:39:30.0545 2672        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
20:39:30.0607 2672        WinRM - ok
20:39:30.0732 2672        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
20:39:30.0794 2672        WinUsb - ok
20:39:30.0872 2672        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
20:39:30.0919 2672        Wlansvc - ok
20:39:30.0966 2672        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
20:39:30.0981 2672        WmiAcpi - ok
20:39:31.0091 2672        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
20:39:31.0137 2672        wmiApSrv - ok
20:39:31.0403 2672        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:39:31.0449 2672        WMPNetworkSvc - ok
20:39:31.0481 2672        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
20:39:31.0496 2672        WPCSvc - ok
20:39:31.0543 2672        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
20:39:31.0590 2672        WPDBusEnum - ok
20:39:31.0683 2672        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:39:31.0761 2672        ws2ifsl - ok
20:39:31.0793 2672        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
20:39:31.0824 2672        wscsvc - ok
20:39:31.0839 2672        WSearch - ok
20:39:31.0933 2672        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
20:39:31.0995 2672        wuauserv - ok
20:39:32.0198 2672        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
20:39:32.0245 2672        WudfPf - ok
20:39:32.0292 2672        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:39:32.0323 2672        WUDFRd - ok
20:39:32.0370 2672        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
20:39:32.0401 2672        wudfsvc - ok
20:39:32.0448 2672        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
20:39:32.0510 2672        WwanSvc - ok
20:39:32.0557 2672        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:39:32.0807 2672        \Device\Harddisk0\DR0 - ok
20:39:32.0807 2672        Boot (0x1200)  (3a01482251629bf09357270b2369ed3f) \Device\Harddisk0\DR0\Partition0
20:39:32.0807 2672        \Device\Harddisk0\DR0\Partition0 - ok
20:39:32.0807 2672        ============================================================
20:39:32.0807 2672        Scan finished
20:39:32.0807 2672        ============================================================
20:39:32.0822 4624        Detected object count: 4
20:39:32.0822 4624        Actual detected object count: 4
20:40:01.0869 4624        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:01.0869 4624        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:01.0869 4624        FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:01.0869 4624        FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:01.0869 4624        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:01.0869 4624        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:01.0869 4624        SystemStore ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:01.0869 4624        SystemStore ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 19.07.2012 20:37
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

StarCGN 20.07.2012 14:48
Auch erledigt, ging ja auch recht zügig.

Combofix Logfile:
Code:
ComboFix 12-07-19.02 - *** 20.07.2012  15:14:14.1.2 - x86
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.3067.2167 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-20 bis 2012-07-20  ))))))))))))))))))))))))))))))
.
.
2012-07-20 08:06 . 2012-06-29 08:44        6891424        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D34061DF-807A-4113-98EA-2DD868621E52}\mpengine.dll
2012-07-19 09:22 . 2012-07-19 09:22        --------        d-----w-        c:\users\***\AppData\Local\IsolatedStorage
2012-07-19 09:19 . 2012-07-19 09:19        --------        d-----w-        c:\users\***\AppData\Local\Freemium TubeBox
2012-07-19 09:19 . 2012-07-19 09:19        --------        d-----w-        c:\program files\Freemium
2012-07-19 09:19 . 2012-07-19 09:22        --------        d-----w-        c:\users\***\AppData\Roaming\Freemium
2012-07-17 13:50 . 2012-07-17 13:50        --------        d-----w-        C:\_OTL
2012-07-14 11:29 . 2012-07-14 11:29        --------        d-----w-        c:\program files\ESET
2012-07-13 11:41 . 2012-07-20 08:02        --------        d-----r-        c:\users\***\Dropbox
2012-07-13 11:39 . 2012-07-20 12:57        --------        d-----w-        c:\users\***\AppData\Roaming\Dropbox
2012-07-12 18:42 . 2012-06-12 02:40        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-07-12 16:52 . 2012-07-12 16:52        --------        d-----w-        c:\program files\7-Zip
2012-07-03 20:16 . 2012-07-12 17:24        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-07-03 20:16 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-03 18:38 . 2012-07-03 18:38        20322816        ----a-w-        c:\windows\system32\imageres.dll
2012-06-28 16:36 . 2012-06-02 22:19        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-28 16:36 . 2012-06-02 22:19        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-28 16:36 . 2012-06-02 22:19        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-28 16:36 . 2012-06-02 22:12        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-28 16:36 . 2012-06-02 22:19        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-28 16:36 . 2012-06-02 22:19        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-28 16:36 . 2012-06-02 22:12        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-28 16:36 . 2012-06-02 13:19        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-28 16:36 . 2012-06-02 13:12        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-26 16:20 . 2012-06-26 16:20        --------        d-----w-        c:\users\***\AppData\Local\Macromedia
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 12:56 . 2012-03-30 11:16        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-06-29 12:56 . 2011-06-21 12:57        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 10:25 . 2012-04-14 06:47        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-05-27 07:04 . 2012-05-27 07:04        163048        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-15 03:03 . 2012-06-14 06:16        981504        ----a-w-        c:\windows\system32\wininet.dll
2012-05-09 13:45 . 2012-04-14 06:51        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-09 13:45 . 2012-04-14 06:51        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-01 04:44 . 2012-06-14 06:16        164352        ----a-w-        c:\windows\system32\profsvc.dll
2012-04-28 04:41 . 2012-06-14 06:17        919040        ----a-w-        c:\windows\system32\rdpcorets.dll
2012-04-28 03:17 . 2012-06-14 06:17        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-14 06:16        58880        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-14 06:16        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-14 06:16        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-14 06:16        140288        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 06:16        1158656        ----a-w-        c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 06:16        103936        ----a-w-        c:\windows\system32\cryptnet.dll
2012-04-27 14:36 . 2012-01-22 16:52        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02        120104        ----a-w-        c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-24 870920]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-07-29 200704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-3 26868192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08        1259376        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-08-05 19:08        273544        ----a-w-        c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 SystemStore;System Store;c:\program files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-ObjectDock Plus 2 - c:\programdata\{0F4A7EFE-5950-4389-BF36-1E625D72456B}\shareware.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2704)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
.
Zeit der Fertigstellung: 2012-07-20  15:23:23
ComboFix-quarantined-files.txt  2012-07-20 13:23
.
Vor Suchlauf: 14 Verzeichnis(se), 98.089.308.160 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 98.177.789.952 Bytes frei
.
- - End Of File - - DE6338130D1B93E2CE573890073882A1
--- --- ---

cosinus 20.07.2012 18:29
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

StarCGN 20.07.2012 21:03
Meine Herren, das war ja ein richtiger Scan-Marathon. Aber endlich alle 3 Scans erledigt.

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-20 20:24:57
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O
Running: 2q72fcqr.exe; Driver: C:\Users\MARCEL~1\AppData\Local\Temp\kgldipow.sys


---- System - GMER 1.0.15 ----

SSDT  91BE83BE                                                                                                                                      ZwCreateSection
SSDT  91BE83C8                                                                                                                                      ZwRequestWaitReplyPort
SSDT  91BE83C3                                                                                                                                      ZwSetContextThread
SSDT  91BE83CD                                                                                                                                      ZwSetSecurityObject
SSDT  91BE83D2                                                                                                                                      ZwSystemDebugControl
SSDT  91BE835F                                                                                                                                      ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                      8343F3C9 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                        83478D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                          8347FEAC 4 Bytes  [BE, 83, BE, 91]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                                          83480208 4 Bytes  [C8, 83, BE, 91] {ENTER 0xbe83, 0x91}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                                          8348024C 4 Bytes  [C3, 83, BE, 91]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                                          834802C8 4 Bytes  [CD, 83, BE, 91]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                                          8348031C 4 Bytes  [D2, 83, BE, 91]
.text  ...                                                                                                                                         
.text  C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                      section is writeable [0x92018000, 0x2D5378, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT    C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2016] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx]  [013C1210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.DLL (Backup Manager Module/NewTech Infosystems, Inc.)
IAT    C:\Windows\Explorer.EXE[3492] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]                                      [00871E00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT    C:\Windows\Explorer.EXE[3492] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                                                  [00872A00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT    C:\Windows\Explorer.EXE[3492] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                                  [008711D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT    C:\Windows\System32\rundll32.exe[3620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                                        [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT    C:\Windows\System32\rundll32.exe[3620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                                          [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT    C:\Windows\System32\rundll32.exe[3620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                                      [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT    C:\Windows\System32\rundll32.exe[3620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                                        [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]            [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]              [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]          [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]            [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---


OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:34:10 on 20.07.2012

OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 12.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys  (File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\MARCEL~1\AppData\Local\Temp\catchme.sys  (File not found)
"dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"kgldipow" (kgldipow) - ? - C:\Users\MARCEL~1\AppData\Local\Temp\kgldipow.sys  (Hidden registry entry, rootkit activity | File not found)
"mwlPSDFilter" (mwlPSDFilter) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys
"mwlPSDNServ" (mwlPSDNServ) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys
"mwlPSDVDisk" (mwlPSDVDisk) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys  (File not found)
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys
"VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{0561EC90-CE54-4f0c-9C55-E226110A740C} "{0561EC90-CE54-4f0c-9C55-E226110A740C}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Exctractor" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
"PokerStars.net" - "PokerStars" - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AmIcoSinglun" - "AlcorMicro Co., Ltd." - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
"EgisTecLiveUpdate" - "Egis Technology Inc." - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe
"mwlDaemon" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
"PLFSetI" - ? - C:\Windows\PLFSetI.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PCL hpz3llhn" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3llhn.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
"NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"System Store" (SystemStore) - ? - C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-20 20:38:26
-----------------------------
20:38:26.456    OS Version: Windows 6.1.7601 Service Pack 1
20:38:26.456    Number of processors: 2 586 0x170A
20:38:26.456    ComputerName: HOME-PC  UserName:
20:38:28.141    Initialize success
20:40:04.861    AVAST engine defs: 12072000
20:40:25.640    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:40:25.656    Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
20:40:25.703    Disk 0 MBR read successfully
20:40:25.703    Disk 0 MBR scan
20:40:25.718    Disk 0 Windows 7 default MBR code
20:40:25.765    Disk 0 Partition 1 00    27 Hidden NTFS WinRE MSDOS5.0    10000 MB offset 2048
20:40:25.781    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      466938 MB offset 20482048
20:40:25.796    Disk 0 scanning sectors +976771072
20:40:25.921    Disk 0 scanning C:\Windows\system32\drivers
20:41:37.073    Service scanning
20:42:21.049    Modules scanning
20:44:21.466    Disk 0 trace - called modules:
20:44:21.482    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
20:44:21.497    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87505170]
20:44:21.497    3 CLASSPNP.SYS[8bf8859e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85d36028]
20:44:23.010    AVAST engine scan C:\Windows
20:47:42.987    AVAST engine scan C:\Windows\system32
21:14:33.440    AVAST engine scan C:\Windows\system32\drivers
21:19:28.343    AVAST engine scan C:\Users\***
21:49:48.539    AVAST engine scan C:\ProgramData
21:58:32.154    Scan finished successfully
21:59:48.188    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
21:59:48.204    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

cosinus 21.07.2012 15:46
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

StarCGN 22.07.2012 16:52
WOW!!! Mit Malwarebytes sieht es ganz gut aus, aber was findet bitte SuperAntiSpyware alles?
Ist doch richtig, dass ich bei der SuperAntiSpyware nicht ohne deine Anweisung auf "Remove Threads" geklickt habe oder?
Hier die beiden Logs:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.21.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
*** :: HOME-PC [Administrator]

21.07.2012 16:56:44
mbam-log-2012-07-21 (18-43-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 379530
Laufzeit: 1 Stunde(n), 45 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt.

(Ende)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/22/2012 at 05:45 PM

Application Version : 5.5.1006

Core Rules Database Version : 8939
Trace Rules Database Version: 6751

Scan type      : Complete Scan
Total Scan Time : 01:47:16

Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 780
Memory threats detected  : 0
Registry items scanned    : 36084
Registry threats detected : 0
File items scanned        : 125147
File threats detected    : 102

Adware.Tracking Cookie
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\MPRAAPDO.txt [ /zanox.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\FCVCWRNA.txt [ /imrworldwide.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\BJM2LD4J.txt [ /tomtailor.dyntracker.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\PA97ERLA.txt [ /fastclick.net ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\QW9Y5FTN.txt [ /adfarm1.adition.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\O0J5AD5K.txt [ /tradedoubler.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Z5XD11A7.txt [ /www.zanox-affiliate.de ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9VOA5N53.txt [ /atdmt.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\H98HL1SW.txt [ /www.usenext.de ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\J32IAG5P.txt [ /tracking.quisma.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\TRRB9290.txt [ /komtrack.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\WU3QDSME.txt [ /track.effiliation.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\SME3XU64.txt [ /ad1.adfarm1.adition.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\1QOXOB4I.txt [ /ad.dyntracker.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\09ZWXPTM.txt [ /adform.net ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\HMU99BSE.txt [ /unitymedia.de ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\DLWP1TRN.txt [ /track.effiliation.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\EYDSOKS0.txt [ /apmebf.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9OXN9S8T.txt [ /webmasterplan.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\W0WYGXYD.txt [ /ad.zanox.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\XMQO25W5.txt [ /komtrack.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\QU38JLXX.txt [ /track.adform.net ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\WSDWR8ET.txt [ /ad.yieldmanager.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9KA4LFQK.txt [ /zanox-affiliate.de ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\PIZTDTQO.txt [ /butlers.traffective-tracking.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\UJEHDIC9.txt [ /mediaplex.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\S0RGI5RM.txt [ /ad.dyntracker.de ]
        C:\USERS\***\Cookies\MPRAAPDO.txt [ Cookie:***@zanox.com/ ]
        C:\USERS\***\Cookies\FCVCWRNA.txt [ Cookie:***@imrworldwide.com/cgi-bin ]
        C:\USERS\***\Cookies\PA97ERLA.txt [ Cookie:***@fastclick.net/ ]
        C:\USERS\***\Cookies\QW9Y5FTN.txt [ Cookie:***@adfarm1.adition.com/ ]
        C:\USERS\***\Cookies\O0J5AD5K.txt [ Cookie:***@tradedoubler.com/ ]
        C:\USERS\***\Cookies\Z5XD11A7.txt [ Cookie:***@www.zanox-affiliate.de/ ]
        C:\USERS\***\Cookies\9VOA5N53.txt [ Cookie:***@atdmt.com/ ]
        C:\USERS\***\Cookies\J32IAG5P.txt [ Cookie:***@tracking.quisma.com/ ]
        C:\USERS\***\Cookies\WU3QDSME.txt [ Cookie:***@track.effiliation.com/ ]
        C:\USERS\***\Cookies\SME3XU64.txt [ Cookie:***@ad1.adfarm1.adition.com/ ]
        C:\USERS\***\Cookies\1QOXOB4I.txt [ Cookie:***@ad.dyntracker.com/ ]
        C:\USERS\***\Cookies\09ZWXPTM.txt [ Cookie:***@adform.net/ ]
        C:\USERS\***\Cookies\DLWP1TRN.txt [ Cookie:***@track.effiliation.com/servlet/ ]
        C:\USERS\***\Cookies\XMQO25W5.txt [ Cookie:***@komtrack.com/tr ]
        C:\USERS\***\Cookies\WSDWR8ET.txt [ Cookie:***@ad.yieldmanager.com/ ]
        C:\USERS\***\Cookies\9KA4LFQK.txt [ Cookie:***@zanox-affiliate.de/ ]
        C:\USERS\***\Cookies\PIZTDTQO.txt [ Cookie:***@butlers.traffective-tracking.com/ ]
        C:\USERS\***\Cookies\UJEHDIC9.txt [ Cookie:***@mediaplex.com/ ]
        C:\USERS\***\Cookies\S0RGI5RM.txt [ Cookie:***@ad.dyntracker.de/ ]
        C:\USERS\NADJA\AppData\Roaming\Microsoft\Windows\Cookies\A3IMA573.txt [ Cookie:nadja@apmebf.com/ ]
        C:\USERS\NADJA\AppData\Roaming\Microsoft\Windows\Cookies\57L96CMB.txt [ Cookie:nadja@mediaplex.com/ ]
        C:\USERS\NADJA\Cookies\A3IMA573.txt [ Cookie:nadja@apmebf.com/ ]
        C:\USERS\NADJA\Cookies\57L96CMB.txt [ Cookie:nadja@mediaplex.com/ ]
        www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        tracking.mlsat02.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .dyntracker.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        tradefx.advertserve.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        media-manager.ksk-koeln.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
        media-manager.ksk-koeln.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Bifrose
        C:\_OTL\MOVEDFILES\07172012_155048\C_PROGRAM FILES\VISTACODECPACK\TOOLS\VISTAUSER.EXE

cosinus 23.07.2012 14:34
Sieht ok aus, da wurden nur Überreste und Cookies gefunden, kann alles weg
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

StarCGN 24.07.2012 10:23
Ansonsten gibt es keinerlei Probleme mehr mit dem System. Wenn Du sagst, dass der folgende Eintrag auch nicht problematisch ist bin ich beruhigt.

Trojan.Agent/Gen-Bifrose
C:\_OTL\MOVEDFILES\07172012_155048\C_PROGRAM FILES\VISTACODECPACK\TOOLS\VISTAUSER.EXE

Ich sollte, meine ich, beim Defogger am Anfang was ausstellen. Kann das nun wieder eingestellt werden (bin gerade überfragt was es war) und welche Programme kann ich jetzt deinstallieren bzw. empfiehlst Du mir das ich welche zur Sicherheit drauf lassen soll, wie z.B. SuperAntiSypWare.

Ansonsten kann ich nur sagen:dankeschoen:

Ihr Jungs habt es echt drauf - einsame spitze. Ich kann dieses Forum nur jedem empfehlen! Liebsten Dank für die Hilfe.

cosinus 24.07.2012 19:35
Code:
Trojan.Agent/Gen-Bifrose
C:\_OTL\MOVEDFILES\07172012_155048\C_PROGRAM FILES\VISTACODECPACK\TOOLS\VISTAUSER.EXE
Wie schonmal erwähnt ist Der Ordner "_OTL" der Quarantänebereich von OTL. Das ist folgerichtig, dass dort Schädlinge sind. Sie sind dort aber harmlos weil inaktiv.

Defogger wäre nur relevant, wenn du ein Tool für virtuelle optische Laufwerke installiert hast also zB DaemonTools was wie viele andere solcher Tools den sog. SPTD-Treiber verwenden


Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:27 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131