S.M.A.R.T Check virus Windows 7

cosinus · 06.07.2012, 14:37

Ja entweder cure oder delete, je nachdem was zur Auswahl steht

CpTKebab · 06.07.2012, 15:16

Code:

ATTFilter

 
16:13:14.0414 1872	TDSS rootkit removing tool 2.7.44.0 Jul  2 2012 20:01:08
16:13:14.0648 1872	============================================================
16:13:14.0648 1872	Current date / time: 2012/07/06 16:13:14.0648
16:13:14.0648 1872	SystemInfo:
16:13:14.0648 1872	
16:13:14.0648 1872	OS Version: 6.1.7601 ServicePack: 1.0
16:13:14.0648 1872	Product type: Workstation
16:13:14.0648 1872	ComputerName: ***-LAPTOP
16:13:14.0648 1872	UserName: ***
16:13:14.0648 1872	Windows directory: C:\Windows
16:13:14.0648 1872	System windows directory: C:\Windows
16:13:14.0648 1872	Running under WOW64
16:13:14.0648 1872	Processor architecture: Intel x64
16:13:14.0648 1872	Number of processors: 4
16:13:14.0648 1872	Page size: 0x1000
16:13:14.0648 1872	Boot type: Normal boot
16:13:14.0648 1872	============================================================
16:13:16.0816 1872	Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:13:16.0816 1872	============================================================
16:13:16.0816 1872	\Device\Harddisk0\DR0:
16:13:16.0816 1872	MBR partitions:
16:13:16.0816 1872	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
16:13:16.0816 1872	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x5550EEF0
16:13:16.0816 1872	============================================================
16:13:16.0863 1872	C: <-> \Device\Harddisk0\DR0\Partition1
16:13:16.0863 1872	============================================================
16:13:16.0863 1872	Initialize success
16:13:16.0863 1872	============================================================
16:13:27.0221 4376	============================================================
16:13:27.0221 4376	Scan started
16:13:27.0221 4376	Mode: Manual; SigCheck; TDLFS; 
16:13:27.0221 4376	============================================================
16:13:27.0783 4376	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:13:28.0048 4376	1394ohci - ok
16:13:28.0126 4376	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:13:28.0142 4376	ACPI - ok
16:13:28.0204 4376	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:13:28.0329 4376	AcpiPmi - ok
16:13:28.0407 4376	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:13:28.0469 4376	adp94xx - ok
16:13:28.0532 4376	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:13:28.0594 4376	adpahci - ok
16:13:28.0672 4376	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:13:28.0735 4376	adpu320 - ok
16:13:28.0781 4376	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:13:28.0937 4376	AeLookupSvc - ok
16:13:29.0031 4376	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:13:29.0125 4376	AFD - ok
16:13:29.0187 4376	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:13:29.0234 4376	agp440 - ok
16:13:29.0249 4376	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:13:29.0343 4376	ALG - ok
16:13:29.0359 4376	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:13:29.0374 4376	aliide - ok
16:13:29.0390 4376	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:13:29.0405 4376	amdide - ok
16:13:29.0421 4376	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:13:29.0515 4376	AmdK8 - ok
16:13:29.0546 4376	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:13:29.0593 4376	AmdPPM - ok
16:13:29.0639 4376	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:13:29.0655 4376	amdsata - ok
16:13:29.0717 4376	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:13:29.0795 4376	amdsbs - ok
16:13:29.0811 4376	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:13:29.0827 4376	amdxata - ok
16:13:29.0936 4376	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:13:29.0983 4376	AntiVirSchedulerService - ok
16:13:30.0076 4376	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:13:30.0123 4376	AntiVirService - ok
16:13:30.0185 4376	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:13:30.0404 4376	AppID - ok
16:13:30.0419 4376	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:13:30.0466 4376	AppIDSvc - ok
16:13:30.0513 4376	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:13:30.0575 4376	Appinfo - ok
16:13:30.0607 4376	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:13:30.0622 4376	arc - ok
16:13:30.0653 4376	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:13:30.0669 4376	arcsas - ok
16:13:30.0685 4376	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:13:30.0731 4376	AsyncMac - ok
16:13:30.0763 4376	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:13:30.0794 4376	atapi - ok
16:13:30.0825 4376	AthBTPort       (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
16:13:30.0856 4376	AthBTPort - ok
16:13:30.0919 4376	AtherosSvc      (18771e700db2b729af506b946058dd4f) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
16:13:30.0934 4376	AtherosSvc - ok
16:13:31.0106 4376	athr            (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
16:13:31.0137 4376	athr - ok
16:13:31.0340 4376	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:13:31.0465 4376	AudioEndpointBuilder - ok
16:13:31.0465 4376	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:13:31.0496 4376	AudioSrv - ok
16:13:31.0605 4376	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
16:13:31.0667 4376	avgntflt - ok
16:13:31.0699 4376	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
16:13:31.0714 4376	avipbb - ok
16:13:31.0777 4376	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:13:31.0901 4376	AxInstSV - ok
16:13:31.0964 4376	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:13:32.0073 4376	b06bdrv - ok
16:13:32.0135 4376	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:13:32.0198 4376	b57nd60a - ok
16:13:32.0229 4376	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:13:32.0307 4376	BDESVC - ok
16:13:32.0307 4376	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:13:32.0385 4376	Beep - ok
16:13:32.0479 4376	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:13:32.0603 4376	BFE - ok
16:13:32.0697 4376	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:13:32.0791 4376	BITS - ok
16:13:32.0853 4376	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:13:32.0915 4376	blbdrive - ok
16:13:32.0978 4376	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:13:33.0025 4376	bowser - ok
16:13:33.0040 4376	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:13:33.0118 4376	BrFiltLo - ok
16:13:33.0118 4376	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:13:33.0165 4376	BrFiltUp - ok
16:13:33.0196 4376	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:13:33.0274 4376	Browser - ok
16:13:33.0321 4376	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:13:33.0352 4376	Brserid - ok
16:13:33.0383 4376	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:13:33.0430 4376	BrSerWdm - ok
16:13:33.0430 4376	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:13:33.0508 4376	BrUsbMdm - ok
16:13:33.0524 4376	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:13:33.0555 4376	BrUsbSer - ok
16:13:33.0602 4376	BTATH_A2DP      (fe70889a85c57a9268101b2db0474509) C:\Windows\system32\drivers\btath_a2dp.sys
16:13:33.0664 4376	BTATH_A2DP - ok
16:13:33.0711 4376	BTATH_BUS       (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
16:13:33.0727 4376	BTATH_BUS - ok
16:13:33.0789 4376	BTATH_HCRP      (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
16:13:33.0883 4376	BTATH_HCRP - ok
16:13:33.0898 4376	BTATH_LWFLT     (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
16:13:33.0914 4376	BTATH_LWFLT - ok
16:13:33.0945 4376	BTATH_RCP       (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
16:13:33.0961 4376	BTATH_RCP - ok
16:13:34.0039 4376	BtFilter        (dce0798fd5bb4e452227ec58700956f5) C:\Windows\system32\DRIVERS\btfilter.sys
16:13:34.0070 4376	BtFilter - ok
16:13:34.0132 4376	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:13:34.0226 4376	BthEnum - ok
16:13:34.0241 4376	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:13:34.0288 4376	BTHMODEM - ok
16:13:34.0319 4376	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:13:34.0351 4376	BthPan - ok
16:13:34.0413 4376	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:13:34.0491 4376	BTHPORT - ok
16:13:34.0553 4376	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:13:34.0616 4376	bthserv - ok
16:13:34.0631 4376	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:13:34.0678 4376	BTHUSB - ok
16:13:34.0709 4376	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:13:34.0803 4376	cdfs - ok
16:13:34.0865 4376	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:13:34.0897 4376	cdrom - ok
16:13:34.0959 4376	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:13:35.0021 4376	CertPropSvc - ok
16:13:35.0053 4376	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:13:35.0084 4376	circlass - ok
16:13:35.0146 4376	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:13:35.0193 4376	CLFS - ok
16:13:35.0318 4376	CLHNServiceForPowerDVD (4aa6694fb767bbff6a8ef080806447bd) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
16:13:35.0349 4376	CLHNServiceForPowerDVD - ok
16:13:35.0427 4376	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:13:35.0443 4376	clr_optimization_v2.0.50727_32 - ok
16:13:35.0489 4376	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:13:35.0536 4376	clr_optimization_v2.0.50727_64 - ok
16:13:35.0614 4376	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:13:35.0677 4376	clr_optimization_v4.0.30319_32 - ok
16:13:35.0739 4376	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:13:35.0770 4376	clr_optimization_v4.0.30319_64 - ok
16:13:35.0817 4376	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:13:35.0848 4376	CmBatt - ok
16:13:35.0895 4376	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:13:35.0911 4376	cmdide - ok
16:13:36.0004 4376	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:13:36.0051 4376	CNG - ok
16:13:36.0207 4376	CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\Windows\system32\drivers\CHDRT64.sys
16:13:36.0254 4376	CnxtHdAudService - ok
16:13:36.0379 4376	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:13:36.0410 4376	Compbatt - ok
16:13:36.0503 4376	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:13:36.0519 4376	CompositeBus - ok
16:13:36.0535 4376	COMSysApp - ok
16:13:36.0550 4376	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:13:36.0550 4376	crcdisk - ok
16:13:36.0597 4376	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
16:13:36.0675 4376	CryptSvc - ok
16:13:36.0691 4376	CxAudMsg - ok
16:13:36.0831 4376	CyberLink PowerDVD 11.0 Monitor Service (d3484412eae43685e3ad304c9979f30e) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
16:13:36.0862 4376	CyberLink PowerDVD 11.0 Monitor Service - ok
16:13:36.0893 4376	CyberLink PowerDVD 11.0 Service (4b0f03af88ff89441ef57175849c3961) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
16:13:36.0909 4376	CyberLink PowerDVD 11.0 Service - ok
16:13:36.0987 4376	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:13:37.0065 4376	DcomLaunch - ok
16:13:37.0112 4376	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:13:37.0190 4376	defragsvc - ok
16:13:37.0283 4376	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:13:37.0361 4376	DfsC - ok
16:13:37.0408 4376	dg_ssudbus      (bf4e72d6fa78fedc4b8577116eface7e) C:\Windows\system32\DRIVERS\ssudbus.sys
16:13:37.0455 4376	dg_ssudbus - ok
16:13:37.0502 4376	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:13:37.0564 4376	Dhcp - ok
16:13:37.0611 4376	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:13:37.0673 4376	discache - ok
16:13:37.0720 4376	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:13:37.0751 4376	Disk - ok
16:13:37.0798 4376	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:13:37.0845 4376	Dnscache - ok
16:13:37.0907 4376	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:13:38.0001 4376	dot3svc - ok
16:13:38.0048 4376	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:13:38.0110 4376	DPS - ok
16:13:38.0141 4376	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:13:38.0157 4376	drmkaud - ok
16:13:38.0297 4376	DsiWMIService   (4ab2a58816cc6be771f1d8c768b804c5) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
16:13:38.0344 4376	DsiWMIService - ok
16:13:38.0407 4376	dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:13:38.0438 4376	dtsoftbus01 - ok
16:13:38.0547 4376	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:13:38.0594 4376	DXGKrnl - ok
16:13:38.0641 4376	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:13:38.0687 4376	EapHost - ok
16:13:38.0921 4376	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:13:39.0093 4376	ebdrv - ok
16:13:39.0218 4376	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:13:39.0280 4376	EFS - ok
16:13:39.0374 4376	EgisTec Ticket Service (03e6888da1a85acf14ac2a3c328a9e62) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
16:13:39.0436 4376	EgisTec Ticket Service - ok
16:13:39.0545 4376	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:13:39.0639 4376	ehRecvr - ok
16:13:39.0670 4376	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:13:39.0764 4376	ehSched - ok
16:13:39.0889 4376	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:13:39.0951 4376	elxstor - ok
16:13:40.0091 4376	ePowerSvc       (57901f36fae709d0c0b58bb92a8361d0) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
16:13:40.0154 4376	ePowerSvc - ok
16:13:40.0247 4376	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:13:40.0294 4376	ErrDev - ok
16:13:40.0372 4376	ETD             (9d8739a2a2173c9d27c499a3fc6eda3f) C:\Windows\system32\DRIVERS\ETD.sys
16:13:40.0403 4376	ETD - ok
16:13:40.0466 4376	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:13:40.0544 4376	EventSystem - ok
16:13:40.0591 4376	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:13:40.0684 4376	exfat - ok
16:13:40.0731 4376	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:13:40.0762 4376	fastfat - ok
16:13:40.0903 4376	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:13:40.0996 4376	Fax - ok
16:13:41.0027 4376	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:13:41.0043 4376	fdc - ok
16:13:41.0074 4376	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:13:41.0137 4376	fdPHost - ok
16:13:41.0152 4376	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:13:41.0199 4376	FDResPub - ok
16:13:41.0215 4376	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:13:41.0230 4376	FileInfo - ok
16:13:41.0230 4376	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:13:41.0277 4376	Filetrace - ok
16:13:41.0433 4376	FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:13:41.0495 4376	FLEXnet Licensing Service - ok
16:13:41.0511 4376	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:13:41.0527 4376	flpydisk - ok
16:13:41.0573 4376	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:13:41.0620 4376	FltMgr - ok
16:13:41.0745 4376	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:13:41.0807 4376	FontCache - ok
16:13:41.0885 4376	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:13:41.0917 4376	FontCache3.0.0.0 - ok
16:13:41.0948 4376	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:13:41.0979 4376	FsDepends - ok
16:13:41.0995 4376	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:13:42.0010 4376	Fs_Rec - ok
16:13:42.0057 4376	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:13:42.0119 4376	fvevol - ok
16:13:42.0151 4376	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:13:42.0166 4376	gagp30kx - ok
16:13:42.0260 4376	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:13:42.0369 4376	gpsvc - ok
16:13:42.0463 4376	GREGService     (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
16:13:42.0478 4376	GREGService - ok
16:13:42.0603 4376	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:13:42.0634 4376	gupdate - ok
16:13:42.0650 4376	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:13:42.0665 4376	gupdatem - ok
16:13:42.0712 4376	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:13:42.0759 4376	gusvc - ok
16:13:42.0775 4376	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:13:42.0837 4376	hcw85cir - ok
16:13:42.0915 4376	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:13:42.0977 4376	HdAudAddService - ok
16:13:43.0024 4376	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:13:43.0071 4376	HDAudBus - ok
16:13:43.0087 4376	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:13:43.0133 4376	HidBatt - ok
16:13:43.0165 4376	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:13:43.0196 4376	HidBth - ok
16:13:43.0227 4376	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:13:43.0258 4376	HidIr - ok
16:13:43.0305 4376	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:13:43.0367 4376	hidserv - ok
16:13:43.0399 4376	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:13:43.0430 4376	HidUsb - ok
16:13:43.0461 4376	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:13:43.0570 4376	hkmsvc - ok
16:13:43.0633 4376	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:13:43.0695 4376	HomeGroupListener - ok
16:13:43.0742 4376	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:13:43.0773 4376	HomeGroupProvider - ok
16:13:43.0820 4376	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:13:43.0867 4376	HpSAMD - ok
16:13:43.0960 4376	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:13:44.0038 4376	HTTP - ok
16:13:44.0069 4376	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:13:44.0069 4376	hwpolicy - ok
16:13:44.0132 4376	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:13:44.0163 4376	i8042prt - ok
16:13:44.0241 4376	iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
16:13:44.0272 4376	iaStor - ok
16:13:44.0381 4376	IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:13:44.0413 4376	IAStorDataMgrSvc - ok
16:13:44.0475 4376	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:13:44.0522 4376	iaStorV - ok
16:13:44.0725 4376	IconMan_R       (e4693409d06785477a49fb34afae1b92) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
16:13:45.0973 4376	IconMan_R ( UnsignedFile.Multi.Generic ) - warning
16:13:45.0973 4376	IconMan_R - detected UnsignedFile.Multi.Generic (1)
16:13:46.0144 4376	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:13:46.0238 4376	idsvc - ok
16:13:47.0033 4376	igfx            (38a74e208945a2c30c35c999ae184a79) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:13:47.0564 4376	igfx - ok
16:13:47.0720 4376	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:13:47.0767 4376	iirsp - ok
16:13:47.0860 4376	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:13:47.0985 4376	IKEEXT - ok
16:13:48.0063 4376	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
16:13:48.0141 4376	IntcDAud - ok
16:13:48.0172 4376	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:13:48.0188 4376	intelide - ok
16:13:48.0219 4376	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:13:48.0235 4376	intelppm - ok
16:13:48.0281 4376	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:13:48.0375 4376	IPBusEnum - ok
16:13:48.0422 4376	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:13:48.0484 4376	IpFilterDriver - ok
16:13:48.0656 4376	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:13:48.0765 4376	iphlpsvc - ok
16:13:48.0812 4376	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:13:48.0859 4376	IPMIDRV - ok
16:13:48.0890 4376	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:13:48.0968 4376	IPNAT - ok
16:13:48.0999 4376	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:13:49.0061 4376	IRENUM - ok
16:13:49.0093 4376	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:13:49.0108 4376	isapnp - ok
16:13:49.0155 4376	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:13:49.0202 4376	iScsiPrt - ok
16:13:49.0249 4376	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:13:49.0264 4376	kbdclass - ok
16:13:49.0311 4376	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:13:49.0358 4376	kbdhid - ok
16:13:49.0389 4376	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:13:49.0405 4376	KeyIso - ok
16:13:49.0451 4376	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:13:49.0483 4376	KSecDD - ok
16:13:49.0514 4376	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:13:49.0545 4376	KSecPkg - ok
16:13:49.0545 4376	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:13:49.0592 4376	ksthunk - ok
16:13:49.0654 4376	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:13:49.0763 4376	KtmRm - ok
16:13:49.0966 4376	L1C             (ebed8b3ff4a823c1a6eebeed7b29353f) C:\Windows\system32\DRIVERS\L1C62x64.sys
16:13:49.0997 4376	L1C - ok
16:13:51.0479 4376	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:13:51.0651 4376	LanmanServer - ok
16:13:52.0197 4376	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:13:52.0259 4376	LanmanWorkstation - ok
16:13:52.0447 4376	Live Updater Service (6bcee9c766815bfff89de7d81af34ce1) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
16:13:52.0478 4376	Live Updater Service - ok
16:13:52.0649 4376	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:13:52.0790 4376	lltdio - ok
16:13:53.0071 4376	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:13:53.0164 4376	lltdsvc - ok
16:13:53.0180 4376	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:13:53.0211 4376	lmhosts - ok
16:13:53.0305 4376	LMS             (d75c4b4a8fe6d7fd74a7eecdbaec729f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:13:53.0383 4376	LMS - ok
16:13:53.0429 4376	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:13:53.0461 4376	LSI_FC - ok
16:13:53.0476 4376	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:13:53.0492 4376	LSI_SAS - ok
16:13:53.0492 4376	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:13:53.0507 4376	LSI_SAS2 - ok
16:13:53.0523 4376	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:13:53.0539 4376	LSI_SCSI - ok
16:13:53.0554 4376	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:13:53.0585 4376	luafv - ok
16:13:53.0601 4376	MBAMProtector - ok
16:13:53.0710 4376	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:13:53.0773 4376	MBAMService - ok
16:13:53.0819 4376	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:13:53.0882 4376	Mcx2Svc - ok
16:13:53.0882 4376	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:13:53.0913 4376	megasas - ok
16:13:53.0944 4376	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:13:53.0975 4376	MegaSR - ok
16:13:54.0007 4376	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
16:13:54.0022 4376	MEIx64 - ok
16:13:54.0100 4376	Microsoft SharePoint Workspace Audit Service - ok
16:13:54.0147 4376	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:13:54.0241 4376	MMCSS - ok
16:13:54.0272 4376	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:13:54.0350 4376	Modem - ok
16:13:54.0381 4376	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:13:54.0428 4376	monitor - ok
16:13:54.0459 4376	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:13:54.0475 4376	mouclass - ok
16:13:54.0506 4376	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:13:54.0537 4376	mouhid - ok
16:13:54.0599 4376	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:13:54.0615 4376	mountmgr - ok
16:13:54.0693 4376	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:13:54.0755 4376	MozillaMaintenance - ok
16:13:54.0787 4376	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:13:54.0818 4376	mpio - ok
16:13:54.0833 4376	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:13:54.0927 4376	mpsdrv - ok
16:13:55.0021 4376	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:13:55.0114 4376	MpsSvc - ok
16:13:55.0145 4376	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:13:55.0208 4376	MRxDAV - ok
16:13:55.0255 4376	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:13:55.0286 4376	mrxsmb - ok
16:13:55.0333 4376	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:13:55.0379 4376	mrxsmb10 - ok
16:13:55.0426 4376	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:13:55.0473 4376	mrxsmb20 - ok
16:13:55.0520 4376	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:13:55.0551 4376	msahci - ok
16:13:55.0598 4376	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:13:55.0613 4376	msdsm - ok
16:13:55.0660 4376	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:13:55.0691 4376	MSDTC - ok
16:13:55.0723 4376	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:13:55.0785 4376	Msfs - ok
16:13:55.0816 4376	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:13:55.0847 4376	mshidkmdf - ok
16:13:55.0863 4376	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:13:55.0879 4376	msisadrv - ok
16:13:55.0925 4376	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:13:56.0019 4376	MSiSCSI - ok
16:13:56.0019 4376	msiserver - ok
16:13:56.0050 4376	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:13:56.0081 4376	MSKSSRV - ok
16:13:56.0097 4376	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:13:56.0175 4376	MSPCLOCK - ok
16:13:56.0191 4376	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:13:56.0222 4376	MSPQM - ok
16:13:56.0284 4376	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:13:56.0331 4376	MsRPC - ok
16:13:56.0362 4376	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:13:56.0378 4376	mssmbios - ok
16:13:56.0393 4376	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:13:56.0440 4376	MSTEE - ok
16:13:56.0456 4376	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:13:56.0471 4376	MTConfig - ok
16:13:56.0487 4376	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:13:56.0503 4376	Mup - ok
16:13:56.0534 4376	mwlPSDFilter    (9b1eac6faf6f37305e822f5588dc8056) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
16:13:56.0534 4376	mwlPSDFilter - ok
16:13:56.0549 4376	mwlPSDNServ     (ad55c1524b296280ed9c6e0d730d35da) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
16:13:56.0549 4376	mwlPSDNServ - ok
16:13:56.0581 4376	mwlPSDVDisk     (2b599e6ec8843637bdd62e7f8f3ba201) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
16:13:56.0581 4376	mwlPSDVDisk - ok
16:13:56.0659 4376	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:13:56.0705 4376	napagent - ok
16:13:56.0752 4376	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:13:56.0815 4376	NativeWifiP - ok
16:13:56.0908 4376	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
16:13:56.0955 4376	NDIS - ok
16:13:56.0986 4376	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:13:57.0002 4376	NdisCap - ok
16:13:57.0033 4376	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:13:57.0064 4376	NdisTapi - ok
16:13:57.0095 4376	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:13:57.0127 4376	Ndisuio - ok
16:13:57.0173 4376	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:13:57.0267 4376	NdisWan - ok
16:13:57.0298 4376	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:13:57.0345 4376	NDProxy - ok
16:13:57.0361 4376	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:13:57.0423 4376	NetBIOS - ok
16:13:57.0485 4376	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:13:57.0548 4376	NetBT - ok
16:13:57.0579 4376	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:13:57.0595 4376	Netlogon - ok
16:13:57.0657 4376	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:13:57.0719 4376	Netman - ok
16:13:57.0751 4376	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:13:57.0782 4376	netprofm - ok
16:13:57.0860 4376	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:13:57.0907 4376	NetTcpPortSharing - ok
16:13:57.0953 4376	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:13:57.0985 4376	nfrd960 - ok
16:13:58.0047 4376	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:13:58.0125 4376	NlaSvc - ok
16:13:58.0141 4376	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:13:58.0172 4376	Npfs - ok
16:13:58.0187 4376	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:13:58.0219 4376	nsi - ok
16:13:58.0219 4376	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:13:58.0265 4376	nsiproxy - ok
16:13:58.0421 4376	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:13:58.0531 4376	Ntfs - ok
16:13:58.0655 4376	NTI IScheduleSvc (773eed20bbf50809437373c0285bfa5e) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
16:13:58.0702 4376	NTI IScheduleSvc - ok
16:13:58.0905 4376	NTIDrvr         (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
16:13:58.0936 4376	NTIDrvr - ok
16:13:59.0030 4376	ntk_PowerDVD    (7420b2e1f65642129b6e23bd42f752aa) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
16:13:59.0045 4376	ntk_PowerDVD - ok
16:13:59.0061 4376	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:13:59.0092 4376	Null - ok
16:13:59.0123 4376	nusb3hub        (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
16:13:59.0186 4376	nusb3hub - ok
16:13:59.0233 4376	nusb3xhc        (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
16:13:59.0279 4376	nusb3xhc - ok
16:13:59.0935 4376	nvlddmkm        (d5dea2c1865cab9ee6aa29cf9e79a2ce) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:14:00.0091 4376	nvlddmkm - ok
16:14:00.0309 4376	nvpciflt        (5ef70f7714c664bcf50edfc141dea9b8) C:\Windows\system32\DRIVERS\nvpciflt.sys
16:14:00.0340 4376	nvpciflt - ok
16:14:00.0403 4376	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:14:00.0449 4376	nvraid - ok
16:14:00.0496 4376	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:14:00.0543 4376	nvstor - ok
16:14:00.0637 4376	NVSvc           (5a4af8ea634b4feeaf6f16bb1845715a) C:\Windows\system32\nvvsvc.exe
16:14:00.0683 4376	NVSvc - ok
16:14:00.0699 4376	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:14:00.0715 4376	nv_agp - ok
16:14:00.0746 4376	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:14:00.0793 4376	ohci1394 - ok
16:14:00.0917 4376	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:14:00.0949 4376	ose - ok
16:14:01.0292 4376	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:14:01.0557 4376	osppsvc - ok
16:14:01.0697 4376	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:14:01.0760 4376	p2pimsvc - ok
16:14:01.0822 4376	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:14:01.0853 4376	p2psvc - ok
16:14:01.0978 4376	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:14:01.0994 4376	Parport - ok
16:14:02.0041 4376	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:14:02.0072 4376	partmgr - ok
16:14:02.0103 4376	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:14:02.0134 4376	PcaSvc - ok
16:14:02.0181 4376	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:14:02.0212 4376	pci - ok
16:14:02.0243 4376	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:14:02.0259 4376	pciide - ok
16:14:02.0275 4376	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:14:02.0306 4376	pcmcia - ok
16:14:02.0337 4376	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:14:02.0337 4376	pcw - ok
16:14:02.0415 4376	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:14:02.0477 4376	PEAUTH - ok
16:14:02.0571 4376	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:14:02.0665 4376	PerfHost - ok
16:14:02.0805 4376	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:14:02.0961 4376	pla - ok
16:14:03.0039 4376	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:14:03.0086 4376	PlugPlay - ok
16:14:03.0117 4376	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:14:03.0133 4376	PNRPAutoReg - ok
16:14:03.0179 4376	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:14:03.0211 4376	PNRPsvc - ok
16:14:03.0257 4376	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:14:03.0335 4376	PolicyAgent - ok
16:14:03.0382 4376	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:14:03.0429 4376	Power - ok
16:14:03.0523 4376	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:14:03.0585 4376	PptpMiniport - ok
16:14:03.0616 4376	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:14:03.0647 4376	Processor - ok
16:14:03.0694 4376	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
16:14:03.0757 4376	ProfSvc - ok
16:14:03.0788 4376	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:03.0803 4376	ProtectedStorage - ok
16:14:03.0866 4376	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:14:03.0959 4376	Psched - ok
16:14:04.0022 4376	PsSdk41         (86154f3a156fa2a5429c2940c69f426f) C:\Windows\system32\Drivers\pssdk41.sys
16:14:04.0053 4376	PsSdk41 - ok
16:14:04.0178 4376	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:14:04.0225 4376	ql2300 - ok
16:14:04.0334 4376	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:14:04.0396 4376	ql40xx - ok
16:14:04.0443 4376	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:14:04.0490 4376	QWAVE - ok
16:14:04.0505 4376	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:14:04.0568 4376	QWAVEdrv - ok
16:14:04.0583 4376	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:14:04.0615 4376	RasAcd - ok
16:14:04.0661 4376	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:14:04.0724 4376	RasAgileVpn - ok
16:14:04.0771 4376	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:14:04.0817 4376	RasAuto - ok
16:14:04.0880 4376	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:14:04.0927 4376	Rasl2tp - ok
16:14:05.0020 4376	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:14:05.0129 4376	RasMan - ok
16:14:05.0145 4376	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:14:05.0192 4376	RasPppoe - ok
16:14:05.0223 4376	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:14:05.0270 4376	RasSstp - ok
16:14:05.0317 4376	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:14:05.0379 4376	rdbss - ok
16:14:05.0395 4376	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:14:05.0426 4376	rdpbus - ok
16:14:05.0426 4376	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:14:05.0457 4376	RDPCDD - ok
16:14:05.0488 4376	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:14:05.0566 4376	RDPENCDD - ok
16:14:05.0582 4376	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:14:05.0613 4376	RDPREFMP - ok
16:14:05.0660 4376	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:14:05.0722 4376	RDPWD - ok
16:14:05.0785 4376	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:14:05.0816 4376	rdyboost - ok
16:14:05.0863 4376	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:14:05.0956 4376	RemoteAccess - ok
16:14:05.0972 4376	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:14:06.0034 4376	RemoteRegistry - ok
16:14:06.0081 4376	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:14:06.0112 4376	RFCOMM - ok
16:14:06.0128 4376	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:14:06.0190 4376	RpcEptMapper - ok
16:14:06.0206 4376	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:14:06.0221 4376	RpcLocator - ok
16:14:06.0284 4376	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:14:06.0315 4376	RpcSs - ok
16:14:06.0393 4376	RSPCIESTOR      (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys
16:14:06.0424 4376	RSPCIESTOR - ok
16:14:06.0440 4376	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:14:06.0502 4376	rspndr - ok
16:14:06.0596 4376	RS_Service      (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
16:14:06.0627 4376	RS_Service - ok
16:14:06.0658 4376	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:06.0690 4376	SamSs - ok
16:14:06.0736 4376	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:14:06.0752 4376	sbp2port - ok
16:14:06.0783 4376	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:14:06.0846 4376	SCardSvr - ok
16:14:06.0877 4376	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:14:06.0924 4376	scfilter - ok
16:14:07.0033 4376	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:14:07.0126 4376	Schedule - ok
16:14:07.0173 4376	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:14:07.0189 4376	SCPolicySvc - ok
16:14:07.0236 4376	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
16:14:07.0298 4376	sdbus - ok
16:14:07.0329 4376	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:14:07.0376 4376	SDRSVC - ok
16:14:07.0407 4376	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:14:07.0485 4376	secdrv - ok
16:14:07.0532 4376	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:14:07.0626 4376	seclogon - ok
16:14:07.0657 4376	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:14:07.0735 4376	SENS - ok
16:14:07.0750 4376	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:14:07.0797 4376	SensrSvc - ok
16:14:07.0813 4376	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:14:07.0828 4376	Serenum - ok
16:14:07.0844 4376	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:14:07.0860 4376	Serial - ok
16:14:07.0906 4376	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:14:07.0953 4376	sermouse - ok
16:14:07.0984 4376	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:14:08.0078 4376	SessionEnv - ok
16:14:08.0109 4376	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:14:08.0156 4376	sffdisk - ok
16:14:08.0187 4376	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:14:08.0234 4376	sffp_mmc - ok
16:14:08.0250 4376	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:14:08.0296 4376	sffp_sd - ok
16:14:08.0312 4376	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:14:08.0343 4376	sfloppy - ok
16:14:08.0406 4376	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:14:08.0452 4376	SharedAccess - ok
16:14:08.0515 4376	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:14:08.0624 4376	ShellHWDetection - ok
16:14:08.0655 4376	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:14:08.0671 4376	SiSRaid2 - ok
16:14:08.0671 4376	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:14:08.0686 4376	SiSRaid4 - ok
16:14:09.0014 4376	Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:14:09.0139 4376	Skype C2C Service - ok
16:14:09.0248 4376	SkypeUpdate     (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:14:09.0295 4376	SkypeUpdate - ok
16:14:09.0420 4376	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:14:09.0466 4376	Smb - ok
16:14:09.0529 4376	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:14:09.0576 4376	SNMPTRAP - ok
16:14:09.0607 4376	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:14:09.0638 4376	spldr - ok
16:14:09.0716 4376	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:14:09.0810 4376	Spooler - ok
16:14:10.0059 4376	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:14:10.0246 4376	sppsvc - ok
16:14:10.0356 4376	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:14:10.0418 4376	sppuinotify - ok
16:14:10.0574 4376	sp_rsdrv2       (b9657a0aff28c1cb114acc0cb93ee4bb) C:\Windows\system32\DRIVERS\stflt.sys
16:14:10.0605 4376	sp_rsdrv2 - ok
16:14:10.0668 4376	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:14:10.0730 4376	srv - ok
16:14:10.0792 4376	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:14:10.0855 4376	srv2 - ok
16:14:10.0886 4376	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:14:10.0933 4376	srvnet - ok
16:14:10.0980 4376	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:14:11.0026 4376	SSDPSRV - ok
16:14:11.0042 4376	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:14:11.0073 4376	SstpSvc - ok
16:14:11.0120 4376	ssudmdm         (daa02a6e84a4f99b5b9cd3ef8d59d652) C:\Windows\system32\DRIVERS\ssudmdm.sys
16:14:11.0151 4376	ssudmdm - ok
16:14:11.0370 4376	ST2012_Svc      (3cd482fb9e2f73cc63d905495aff56b5) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
16:14:11.0432 4376	ST2012_Svc - ok
16:14:11.0635 4376	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:14:11.0635 4376	stexstor - ok
16:14:11.0728 4376	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:14:11.0822 4376	stisvc - ok
16:14:11.0853 4376	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:14:11.0884 4376	swenum - ok
16:14:11.0947 4376	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:14:12.0040 4376	swprv - ok
16:14:12.0196 4376	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:14:12.0274 4376	SysMain - ok
16:14:12.0384 4376	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:14:12.0462 4376	TabletInputService - ok
16:14:12.0524 4376	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:14:12.0602 4376	TapiSrv - ok
16:14:12.0618 4376	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:14:12.0664 4376	TBS - ok
16:14:12.0914 4376	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:14:13.0039 4376	Tcpip - ok
16:14:13.0257 4376	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:14:13.0304 4376	TCPIP6 - ok
16:14:13.0382 4376	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:14:13.0460 4376	tcpipreg - ok
16:14:13.0491 4376	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:14:13.0538 4376	TDPIPE - ok
16:14:13.0569 4376	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:14:13.0616 4376	TDTCP - ok
16:14:13.0678 4376	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:14:13.0741 4376	tdx - ok
16:14:13.0772 4376	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:14:13.0788 4376	TermDD - ok
16:14:13.0881 4376	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:14:13.0975 4376	TermService - ok
16:14:14.0022 4376	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:14:14.0053 4376	Themes - ok
16:14:14.0084 4376	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:14:14.0115 4376	THREADORDER - ok
16:14:14.0131 4376	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:14:14.0178 4376	TrkWks - ok
16:14:14.0256 4376	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:14:14.0318 4376	TrustedInstaller - ok
16:14:14.0365 4376	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:14:14.0380 4376	tssecsrv - ok
16:14:14.0427 4376	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:14:14.0458 4376	TsUsbFlt - ok
16:14:14.0521 4376	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:14:14.0599 4376	tunnel - ok
16:14:14.0630 4376	TurboB          (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
16:14:14.0661 4376	TurboB - ok
16:14:14.0755 4376	TurboBoost      (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
16:14:14.0802 4376	TurboBoost - ok
16:14:14.0848 4376	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:14:14.0848 4376	uagp35 - ok
16:14:14.0880 4376	UBHelper        (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
16:14:14.0895 4376	UBHelper - ok
16:14:15.0285 4376	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:14:15.0394 4376	udfs - ok
16:14:15.0441 4376	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:14:15.0550 4376	UI0Detect - ok
16:14:15.0613 4376	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:14:15.0675 4376	uliagpkx - ok
16:14:15.0738 4376	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:14:15.0784 4376	umbus - ok
16:14:15.0847 4376	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:14:15.0894 4376	UmPass - ok
16:14:16.0268 4376	UNS             (758c2ce427c343f780a205e28555c98d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:14:16.0440 4376	UNS - ok
16:14:16.0674 4376	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:14:16.0752 4376	upnphost - ok
16:14:16.0861 4376	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:14:16.0923 4376	usbccgp - ok
16:14:17.0017 4376	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:14:17.0079 4376	usbcir - ok
16:14:17.0126 4376	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:14:17.0173 4376	usbehci - ok
16:14:17.0298 4376	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:14:17.0376 4376	usbhub - ok
16:14:17.0422 4376	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:14:17.0454 4376	usbohci - ok
16:14:17.0547 4376	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:14:17.0594 4376	usbprint - ok
16:14:17.0625 4376	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:14:17.0719 4376	USBSTOR - ok
16:14:17.0734 4376	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:14:17.0766 4376	usbuhci - ok
16:14:17.0859 4376	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:14:17.0922 4376	usbvideo - ok
16:14:18.0015 4376	usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
16:14:18.0046 4376	usb_rndisx - ok
16:14:18.0093 4376	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:14:18.0187 4376	UxSms - ok
16:14:18.0265 4376	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:18.0296 4376	VaultSvc - ok
16:14:18.0390 4376	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:14:18.0421 4376	vdrvroot - ok
16:14:18.0592 4376	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:14:18.0686 4376	vds - ok
16:14:18.0733 4376	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:14:18.0764 4376	vga - ok
16:14:18.0858 4376	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:14:18.0936 4376	VgaSave - ok
16:14:18.0998 4376	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:14:19.0076 4376	vhdmp - ok
16:14:19.0123 4376	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:14:19.0185 4376	viaide - ok
16:14:19.0263 4376	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:14:19.0294 4376	volmgr - ok
16:14:19.0341 4376	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:14:19.0388 4376	volmgrx - ok
16:14:19.0513 4376	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:14:19.0560 4376	volsnap - ok
16:14:19.0653 4376	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:14:19.0700 4376	vsmraid - ok
16:14:19.0903 4376	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:14:19.0996 4376	VSS - ok
16:14:20.0293 4376	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:14:20.0340 4376	vwifibus - ok
16:14:20.0355 4376	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:14:20.0402 4376	vwififlt - ok
16:14:20.0433 4376	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:14:20.0496 4376	vwifimp - ok
16:14:20.0605 4376	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:14:20.0683 4376	W32Time - ok
16:14:20.0714 4376	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:14:20.0776 4376	WacomPen - ok
16:14:20.0854 4376	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:14:20.0964 4376	WANARP - ok
16:14:20.0964 4376	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:14:20.0995 4376	Wanarpv6 - ok
16:14:21.0213 4376	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:14:21.0385 4376	wbengine - ok
16:14:21.0650 4376	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:14:21.0744 4376	WbioSrvc - ok
16:14:21.0822 4376	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:14:21.0946 4376	wcncsvc - ok
16:14:21.0978 4376	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:14:22.0071 4376	WcsPlugInService - ok
16:14:22.0617 4376	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:14:22.0633 4376	Wd - ok
16:14:22.0695 4376	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:14:22.0726 4376	Wdf01000 - ok
16:14:22.0758 4376	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:14:22.0836 4376	WdiServiceHost - ok
16:14:22.0851 4376	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:14:22.0867 4376	WdiSystemHost - ok
16:14:22.0976 4376	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:14:23.0038 4376	WebClient - ok
16:14:23.0070 4376	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:14:23.0148 4376	Wecsvc - ok
16:14:23.0179 4376	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:14:23.0210 4376	wercplsupport - ok
16:14:23.0335 4376	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:14:23.0616 4376	WerSvc - ok
16:14:23.0772 4376	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:14:23.0928 4376	WfpLwf - ok
16:14:23.0959 4376	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:14:23.0990 4376	WIMMount - ok
16:14:24.0068 4376	WinDefend - ok
16:14:24.0084 4376	WinHttpAutoProxySvc - ok
16:14:24.0193 4376	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:14:24.0271 4376	Winmgmt - ok
16:14:24.0536 4376	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:14:24.0676 4376	WinRM - ok
16:14:25.0020 4376	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:14:25.0035 4376	WinUsb - ok
16:14:25.0144 4376	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:14:25.0207 4376	Wlansvc - ok
16:14:25.0285 4376	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:14:25.0300 4376	wlcrasvc - ok
16:14:25.0566 4376	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:14:25.0644 4376	wlidsvc - ok
16:14:25.0909 4376	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:14:25.0956 4376	WmiAcpi - ok
16:14:26.0065 4376	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:14:26.0158 4376	wmiApSrv - ok
16:14:26.0236 4376	WMPNetworkSvc - ok
16:14:26.0268 4376	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:14:26.0314 4376	WPCSvc - ok
16:14:26.0595 4376	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:14:26.0611 4376	WPDBusEnum - ok
16:14:26.0673 4376	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:14:26.0751 4376	ws2ifsl - ok
16:14:26.0782 4376	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:14:26.0798 4376	wscsvc - ok
16:14:26.0798 4376	WSearch - ok
16:14:27.0079 4376	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
16:14:27.0172 4376	wuauserv - ok
16:14:27.0562 4376	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:14:27.0609 4376	WudfPf - ok
16:14:27.0656 4376	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:14:27.0703 4376	WUDFRd - ok
16:14:27.0734 4376	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:14:27.0765 4376	wudfsvc - ok
16:14:27.0828 4376	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:14:27.0874 4376	WwanSvc - ok
16:14:27.0984 4376	{329F96B6-DF1E-4328-BFDA-39EA953C1312} (1870a74ee2901ca09ffbfe79a5ee0e94) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
16:14:27.0999 4376	{329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
16:14:28.0030 4376	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:14:28.0452 4376	\Device\Harddisk0\DR0 - ok
16:14:28.0452 4376	Boot (0x1200)   (d8d046fc0efaafed7d21f88424c1deb0) \Device\Harddisk0\DR0\Partition0
16:14:28.0452 4376	\Device\Harddisk0\DR0\Partition0 - ok
16:14:28.0498 4376	Boot (0x1200)   (987f9cf8901e51451d876c7f1d20eacc) \Device\Harddisk0\DR0\Partition1
16:14:28.0498 4376	\Device\Harddisk0\DR0\Partition1 - ok
16:14:28.0498 4376	============================================================
16:14:28.0498 4376	Scan finished
16:14:28.0498 4376	============================================================
16:14:28.0514 3228	Detected object count: 1
16:14:28.0514 3228	Actual detected object count: 1
16:14:36.0704 3228	IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
16:14:36.0704 3228	IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip

Ui mir ist gerade aufgefallen, dass alle Ordner auf meinem Laptop schreibgeschützt sind. Ich kann die Dateien noch bearbeiten, z.B. den Namen ändern oder ein Word-Dokument ändern, aber z.B. RStudio (ein Statistik-Programm) kann keine neuen packages installieren.

cosinus · 08.07.2012, 18:55

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

CpTKebab · 09.07.2012, 16:57

[Code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-07-08.01 - Krause 09.07.2012   0:35.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3948.2575 [GMT 2:00]
ausgeführt von:: c:\users\Krause\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-08 bis 2012-07-08  ))))))))))))))))))))))))))))))
.
.
2012-07-06 18:45 . 2012-07-06 18:45	--------	d-----w-	c:\program files\RStudio
2012-07-06 14:49 . 2012-07-06 14:49	--------	d-----w-	c:\users\Krause\AppData\Roaming\Avira
2012-07-06 14:43 . 2012-07-06 14:43	--------	d-----w-	c:\users\Default\AppData\Local\AskToolbar
2012-07-06 14:43 . 2012-07-06 14:43	--------	d-----w-	c:\program files (x86)\Ask.com
2012-07-06 14:42 . 2012-05-02 13:24	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-07-06 14:42 . 2012-04-27 08:20	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-07-06 14:42 . 2012-04-24 22:32	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-07-06 14:42 . 2012-07-06 14:43	--------	d-----w-	c:\programdata\Avira
2012-07-06 14:42 . 2012-07-06 14:42	--------	d-----w-	c:\program files (x86)\Avira
2012-07-06 14:10 . 2012-07-06 14:10	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-07-05 21:37 . 2012-07-05 21:37	--------	d-----w-	C:\_OTL
2012-07-04 16:45 . 2012-07-04 16:45	--------	d-----w-	c:\program files (x86)\ESET
2012-07-03 13:47 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{84181CFC-E029-41D5-A252-CBAFE9E80AE9}\mpengine.dll
2012-07-03 09:39 . 2012-07-03 09:39	--------	d-----w-	c:\program files (x86)\7-Zip
2012-06-27 20:25 . 2012-06-27 20:25	--------	d-----w-	c:\users\Krause\AppData\Roaming\Malwarebytes
2012-06-27 20:25 . 2012-06-27 20:25	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-27 20:25 . 2012-07-02 18:09	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-27 20:12 . 2012-06-27 20:12	--------	d-----w-	c:\users\Krause\AppData\Local\ElevatedDiagnostics
2012-06-24 09:52 . 2012-06-24 09:52	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-24 09:52 . 2012-06-24 09:52	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-22 23:28 . 2012-06-22 23:28	--------	d-----w-	C:\found.001
2012-06-21 18:59 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 18:59 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 18:59 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 18:59 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 18:59 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 18:59 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 18:59 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 18:58 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 18:58 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-19 15:35 . 2012-06-19 15:35	4967624	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-16 18:30 . 2012-06-16 18:30	--------	d-----w-	c:\program files (x86)\Origin Games
2012-06-16 18:29 . 2012-06-16 18:29	--------	d-----w-	c:\users\Krause\AppData\Local\Origin
2012-06-16 18:29 . 2012-06-16 18:30	--------	d-----w-	c:\programdata\Origin
2012-06-16 18:29 . 2012-06-16 18:30	--------	d-----w-	c:\users\Krause\AppData\Roaming\Origin
2012-06-16 18:29 . 2012-06-16 18:29	--------	d-----w-	c:\programdata\Electronic Arts
2012-06-16 18:28 . 2012-06-16 18:29	--------	d-----w-	c:\program files (x86)\Origin
2012-06-15 12:12 . 2010-02-04 08:01	78680	----a-w-	c:\windows\system32\XAPOFX1_4.dll
2012-06-15 12:12 . 2010-02-04 08:01	74072	----a-w-	c:\windows\SysWow64\XAPOFX1_4.dll
2012-06-15 12:12 . 2010-02-04 08:01	530776	----a-w-	c:\windows\system32\XAudio2_6.dll
2012-06-15 12:12 . 2010-02-04 08:01	528216	----a-w-	c:\windows\SysWow64\XAudio2_6.dll
2012-06-15 12:12 . 2009-09-04 15:29	1974616	----a-w-	c:\windows\SysWow64\D3DCompiler_42.dll
2012-06-15 12:12 . 2009-09-04 15:29	2582888	----a-w-	c:\windows\system32\D3DCompiler_42.dll
2012-06-15 12:12 . 2009-09-04 15:29	1892184	----a-w-	c:\windows\SysWow64\D3DX9_42.dll
2012-06-15 12:12 . 2009-09-04 15:29	2475352	----a-w-	c:\windows\system32\D3DX9_42.dll
2012-06-15 12:12 . 2007-04-04 16:54	107368	----a-w-	c:\windows\system32\xinput1_3.dll
2012-06-15 12:11 . 2012-06-15 12:11	--------	d-----w-	c:\program files (x86)\Team Meat
2012-06-13 15:26 . 2012-06-13 15:26	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-06-12 19:59 . 2010-05-26 09:41	2106216	----a-w-	c:\windows\SysWow64\D3DCompiler_43.dll
2012-06-12 19:59 . 2010-05-26 09:41	1998168	----a-w-	c:\windows\SysWow64\D3DX9_43.dll
2012-06-12 19:59 . 2007-04-04 16:53	81768	----a-w-	c:\windows\SysWow64\xinput1_3.dll
2012-06-12 19:59 . 2006-07-28 07:30	62744	----a-w-	c:\windows\SysWow64\xinput1_2.dll
2012-06-12 19:58 . 2012-06-12 20:00	--------	d-----w-	c:\program files (x86)\LIMBO
2012-06-12 19:10 . 2012-05-01 05:40	209920	----a-w-	c:\windows\system32\profsvc.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-24 21:18 . 2012-05-24 21:18	4472832	----a-w-	c:\windows\SysWow64\GPhotos.scr
2012-05-15 18:23 . 2012-02-17 19:51	51776	----a-w-	c:\windows\system32\drivers\pssdk41.sys
2012-05-08 18:03 . 2012-04-04 16:57	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-08 18:03 . 2011-05-18 18:15	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-20 11:18	1519824	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Krause\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Krause\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Krause\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
c:\users\Krause\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Krause\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CxAudMsg;CxAudMsg;c:\windows\system32\CxAudMsg64.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-02 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-02 298656]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-02 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-02 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-02 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-02 280224]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-10-18 95928]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-25 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2012-05-15 51776]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-10-18 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-21 25960]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-09 254528]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-03-09 22912]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-03-09 20328]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-03-09 62584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/08/27 21:18];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-04-12 09:16 148976]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-02 76448]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-04-20 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-03-31 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-03-31 312616]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2011-02-18 799848]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-27 1817088]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-02-15 257344]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-04-20 75248]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2011-10-19 51496]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2011-09-28 1148632]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-02 28832]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-12 333928]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 08:50]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 08:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Krause\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Krause\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Krause\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Krause\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-07 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-07 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-07 418328]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-02 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-02 379552]
"Power Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2011-02-18 499304]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-02-20 2786480]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-02-20 3669680]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
LSP: c:\program files (x86)\AVIRA\ANTIVIR DESKTOP\avsda.dll
TCP: DhcpNameServer = 121.83.220.200 121.83.206.244
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\users\Krause\AppData\Roaming\Mozilla\Firefox\Profiles\bckmrqnm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=b264a0b7-86db-455e-a42c-b14ec355636e&apn_ptnrs=%5EABT&apn_sauid=22316955-8B37-4787-9BBF-CC9D16B51292&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - prefs.js: network.proxy.gopher - 
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-09  00:50:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-08 22:50
.
Vor Suchlauf: 18 Verzeichnis(se), 39'061'450'752 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 38'798'061'568 Bytes frei
.
- - End Of File - - 1303B732CB417CF97208FE8F9D427874

--- --- ---

cosinus · 09.07.2012, 19:10

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

CpTKebab · 10.07.2012, 00:41

Hehe, das nimmt ja gar kein Ende mehr.
Vielen Dank für deine Hilfe.

Code:

ATTFilter

# AdwCleaner v1.701 - Logfile created 07/10/2012 at 01:39:09
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : *** - ***-LAPTOP
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\***\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\***\AppData\LocalLow\boost_interprocess
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bckmrqnm.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.defaulturl", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir[...]
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "Ask.com");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://slirsredirect.search.aol.com/slirs_htt[...]
Found : user_pref("extensions.opensearch@ask.com.install-event-fired", true);
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]
Found : user_pref("vshare.install.date", "1286064000000");
Found : user_pref("vshare.install.finished", "1.0.0");
Found : user_pref("vshare.install.guid", "{f6a6e3d3-df07-4d3e-91f9-bf0dc2e54d63}");
Found : user_pref("vshare.install.isHidden", true);
Found : user_pref("vshare.install.istoolbarhp", true);
Found : user_pref("vshare.install.laststatreq", "1300579200000");
Found : user_pref("vshare.install.newtab", false);
Found : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");

*************************

AdwCleaner[R1].txt - [5051 octets] - [10/07/2012 01:39:09]

########## EOF - C:\AdwCleaner[R1].txt - [5179 octets] ##########

cosinus · 10.07.2012, 12:34

Wir sind doch fast fertig

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

CpTKebab · 10.07.2012, 14:08

Code:

ATTFilter

# AdwCleaner v1.701 - Logfile created 07/10/2012 at 15:04:38
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : *** - ***-LAPTOP
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\***\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\***\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bckmrqnm.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.defaulturl", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://slirsredirect.search.aol.com/slirs_htt[...]
Deleted : user_pref("extensions.opensearch@ask.com.install-event-fired", true);
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]
Deleted : user_pref("vshare.install.date", "1286064000000");
Deleted : user_pref("vshare.install.finished", "1.0.0");
Deleted : user_pref("vshare.install.guid", "{f6a6e3d3-df07-4d3e-91f9-bf0dc2e54d63}");
Deleted : user_pref("vshare.install.isHidden", true);
Deleted : user_pref("vshare.install.istoolbarhp", true);
Deleted : user_pref("vshare.install.laststatreq", "1300579200000");
Deleted : user_pref("vshare.install.newtab", false);
Deleted : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");

*************************

AdwCleaner[R1].txt - [5136 octets] - [10/07/2012 01:39:09]
AdwCleaner[S1].txt - [4462 octets] - [10/07/2012 15:04:38]

########## EOF - C:\AdwCleaner[S1].txt - [4590 octets] ##########

cosinus · 10.07.2012, 20:21

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

CpTKebab · 11.07.2012, 00:32

gmer:
[code]
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-11 00:59:59
Windows 6.1.7601 Service Pack 1 
Running: 7jgd6eos.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0f8da105811                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0f8da105811@1886ac1643ff         0x19 0x0A 0x15 0x01 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0f8da105811 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0f8da105811@1886ac1643ff             0x19 0x0A 0x15 0x01 ...

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM:

Code:

ATTFilter

OSAM Logfile:

	Code: 

 ATTFilter

  
	Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 01:14:57 on 11.07.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 13.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - ? - C:\Windows\system32\drivers\mbam.sys  (File not found)
"NTIDrvr" (NTIDrvr) - "NTI Corporation" - C:\Windows\system32\drivers\NTIDrvr.sys
"ntk_PowerDVD" (ntk_PowerDVD) - "Cyberlink Corp." - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
"Power Control [2011/08/27 21:18:49]" ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) - ? - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
"PsSdk41" (PsSdk41) - "microOLAP Technologies LTD" - C:\Windows\system32\Drivers\pssdk41.sys
"Spyware Terminator Driver Filter" (sp_rsdrv2) - "Windows (R) Win 7 DDK provider" - C:\Windows\System32\DRIVERS\stflt.sys
"UBHelper" (UBHelper) - "NTI Corporation" - C:\Windows\system32\drivers\UBHelper.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL
{F32C83B9-DF1D-42AD-9741-C52909703957} "STShellHandler" - "Crawler.com" - C:\Program Files (x86)\Spyware Terminator\STShell.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{1C11B948-582A-433F-A98D-A8C4D5CC64F2} "20-20 3D Viewer" - "20-20 Technologies" - C:\Windows\SysWow64\20-20 Technologies\3D Viewer\v5.0.4.0\2020Player_5_0_4_0.dll / hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab
{1ABA5FAC-1417-422B-BA82-45C35E2C908B} "20-20 3D Viewer for IKEA" - "20-20 Technologies" - C:\Windows\SysWow64\20-20 Technologies\3D Viewer\v5.0.7.0\2020Player_IKEA_5_0_7_0.dll / hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} "ClsidExtension" - "Atheros Commnucations" - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
"ICQ7.7" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.7\ICQ.exe
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} "CIESpeechBHO Class" - "Atheros Commnucations" - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} "VMLoadHBO Class" - "TODO: <Company name>" - C:\Users\***\AppData\Roaming\VMLoad\addin\VMLoad.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"BCSSync" - "Microsoft Corporation" - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"EgisTecPMMUpdate" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"EgisUpdate" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"NUSB3MON" - "Renesas Electronics Corporation" - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"SuiteTray" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@C:\Windows\system32\CxAudMsg64.exe,-100" (CxAudMsg) - ? - C:\Windows\system32\CxAudMsg64.exe  (File not found)
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
"AtherosSvc" (AtherosSvc) - "Atheros Commnucations" - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"CLHNServiceForPowerDVD" (CLHNServiceForPowerDVD) - ? - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
"CyberLink PowerDVD 11.0 Monitor Service" (CyberLink PowerDVD 11.0 Monitor Service) - "CyberLink" - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
"CyberLink PowerDVD 11.0 Service" (CyberLink PowerDVD 11.0 Service) - "CyberLink" - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
"Dritek WMI Service" (DsiWMIService) - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
"EgisTec Ticket Service" (EgisTec Ticket Service) - "Egis Technology Inc. " - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
"GREGService" (GREGService) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
"IconMan_R" (IconMan_R) - "Realsil Microelectronics Inc." - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"Intel(R) Turbo Boost Technology Monitor 2.0" (TurboBoost) - "Intel(R) Corporation" - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
"Live Updater Service" (Live Updater Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"NTI IScheduleSvc" (NTI IScheduleSvc) - "NTI Corporation" - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
"Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"Spyware Terminator 2012 Realtime Shield Service" (ST2012_Svc) - "Crawler.com" - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
 --- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-11 01:18:39
-----------------------------
01:18:39.444    OS Version: Windows x64 6.1.7601 Service Pack 1
01:18:39.444    Number of processors: 4 586 0x2A07
01:18:39.444    ComputerName: ***-LAPTOP  UserName: ***
01:18:42.112    Initialize success
01:28:02.116    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:28:02.131    Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
01:28:02.147    Disk 0 MBR read successfully
01:28:02.147    Disk 0 MBR scan
01:28:02.147    Disk 0 Windows 7 default MBR code
01:28:02.163    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        16384 MB offset 2048
01:28:02.178    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 33556480
01:28:02.194    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       698909 MB offset 33761280
01:28:02.209    Disk 0 scanning C:\Windows\system32\drivers
01:28:10.009    Service scanning
01:28:26.670    Modules scanning
01:28:26.686    Disk 0 trace - called modules:
01:28:26.701    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
01:28:26.717    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006c06060]
01:28:27.232    3 CLASSPNP.SYS[fffff88001bb243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004d45050]
01:28:27.232    Scan finished successfully
01:28:45.265    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
01:28:45.281    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

cosinus · 11.07.2012, 10:29

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

CpTKebab · 20.07.2012, 13:56

Sorry, ich hatte ein paar Tage keinen Zugang zu Internet.

Super:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/20/2012 at 02:21 PM

Application Version : 5.5.1006

Core Rules Database Version : 8930
Trace Rules Database Version: 6742

Scan type       : Complete Scan
Total Scan Time : 01:59:19

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 698
Memory threats detected   : 0
Registry items scanned    : 67195
Registry threats detected : 0
File items scanned        : 186737
File threats detected     : 243

Adware.Tracking Cookie
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adx.chip[2].txt [ /adx.chip ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\N3SMD5VK.txt [ /ad.yieldmanager.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\IT3OW4IB.txt [ /ad3.adfarm1.adition.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\X6PHTOD0.txt [ /ad1.adfarm1.adition.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\WTOZG2HZ.txt [ /trafficengine.net ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\MP9T1C3B.txt [ /mediaplex.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\7G39WIHM.txt [ /mediatraffic.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\X8TYDXD2.txt [ /pro-market.net ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\PVUUQQCA.txt [ /adfarm1.adition.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\H1I1RWLG.txt [ /ad.ad-srv.net ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\7TZTXTAN.txt [ /youporn.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\1YWY5VME.txt [ /68378.findfastnow.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\YECRLLBJ.txt [ /invitemedia.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\XNKSXQG2.txt [ /www.adbrite.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\DF9XSN96.txt [ /apmebf.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\6XOTNUD6.txt [ /serving-sys.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\UI0ONZUE.txt [ /imrworldwide.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\V9WPQPFZ.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\E11ZTJ3P.txt [ /adbrite.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\6PRNW23A.txt [ /fastclick.net ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9PZT885X.txt [ /adtech.de ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\42QZIUCA.txt [ /ad4.adfarm1.adition.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9N67STW8.txt [ /doubleclick.net ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\NNAMRYVO.txt [ /xiti.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\IFMSMLPP.txt [ /11640.findfastnow.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\15AP3GCZ.txt [ /c.atdmt.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\AN9ZY38F.txt [ /zanox.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\1SJ36NBL.txt [ /ad.zanox.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\M45H1W5J.txt [ /adultpornsex.org ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\CUQKTSAG.txt [ /lfstmedia.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\CMD359RN.txt [ /atdmt.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\7BKIMO0I.txt [ /xml.trafficengine.net ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\22U7NS6Q.txt [ /click.expandsearchanswers.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\54Q3GW7Y.txt [ /findfastnow.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\31IACEPW.txt [ /exoclick.com ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\U6GFGKO0.txt [ Cookie:***@ad.yieldmanager.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\VBM1QAF7.txt [ Cookie:***@www.xyztraffic.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\GI1X7FYA.txt [ Cookie:***@mediaplex.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\68G463J6.txt [ Cookie:***@adfarm1.adition.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\I7838RAZ.txt [ Cookie:***@media6degrees.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z5XQ2CQ9.txt [ Cookie:***@invitemedia.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\LL3JYQUJ.txt [ Cookie:***@adultfriendfinder.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\DQBZ5QKS.txt [ Cookie:***@serving-sys.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\O5MV9SVS.txt [ Cookie:***@adxpansion.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\1MCO8MII.txt [ Cookie:***@ad2.adfarm1.adition.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\PMAF45VR.txt [ Cookie:***@www.3dstats.com/cgi-bin ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y38OSKQT.txt [ Cookie:***@doubleclick.net/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\W0X1AUM5.txt [ Cookie:***@revsci.net/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\69O7OKUG.txt [ Cookie:***@pornhub.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\F9GJWVMG.txt [ Cookie:***@xiti.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\4FBJIBA1.txt [ Cookie:***@specificclick.net/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\2G0FMJ19.txt [ Cookie:***@ads.crakmedia.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\WKNELMWA.txt [ Cookie:***@c.atdmt.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\KGO9O7FR.txt [ Cookie:***@www.pornhub.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\AAYMJVG5.txt [ Cookie:***@atdmt.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\QYPWZHMF.txt [ Cookie:***@ru4.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZWD2UI3X.txt [ Cookie:***@xyztraffic.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\N1Y2228W.txt [ Cookie:***@exoclick.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\RV855YOG.txt [ Cookie:***@alphaporno.com/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\FT11ZVLW.txt [ Cookie:***@collective-media.net/ ]
	C:\USERS\***\Cookies\N3SMD5VK.txt [ Cookie:***@ad.yieldmanager.com/ ]
	C:\USERS\***\Cookies\X6PHTOD0.txt [ Cookie:***@ad1.adfarm1.adition.com/ ]
	C:\USERS\***\Cookies\MP9T1C3B.txt [ Cookie:***@mediaplex.com/ ]
	C:\USERS\***\Cookies\X8TYDXD2.txt [ Cookie:***@pro-market.net/ ]
	C:\USERS\***\Cookies\PVUUQQCA.txt [ Cookie:***@adfarm1.adition.com/ ]
	C:\USERS\***\Cookies\7TZTXTAN.txt [ Cookie:***@youporn.com/ ]
	C:\USERS\***\Cookies\YECRLLBJ.txt [ Cookie:***@invitemedia.com/ ]
	C:\USERS\***\Cookies\XNKSXQG2.txt [ Cookie:***@www.adbrite.com/ ]
	C:\USERS\***\Cookies\6XOTNUD6.txt [ Cookie:***@serving-sys.com/ ]
	C:\USERS\***\Cookies\V9WPQPFZ.txt [ Cookie:***@ad2.adfarm1.adition.com/ ]
	C:\USERS\***\Cookies\E11ZTJ3P.txt [ Cookie:***@adbrite.com/ ]
	C:\USERS\***\Cookies\6PRNW23A.txt [ Cookie:***@fastclick.net/ ]
	C:\USERS\***\Cookies\9PZT885X.txt [ Cookie:***@adtech.de/ ]
	C:\USERS\***\Cookies\9N67STW8.txt [ Cookie:***@doubleclick.net/ ]
	C:\USERS\***\Cookies\NNAMRYVO.txt [ Cookie:***@xiti.com/ ]
	C:\USERS\***\Cookies\IFMSMLPP.txt [ Cookie:***@11640.findfastnow.com/ ]
	C:\USERS\***\Cookies\15AP3GCZ.txt [ Cookie:***@c.atdmt.com/ ]
	C:\USERS\***\Cookies\AN9ZY38F.txt [ Cookie:***@zanox.com/ ]
	C:\USERS\***\Cookies\1SJ36NBL.txt [ Cookie:***@ad.zanox.com/ ]
	C:\USERS\***\Cookies\M45H1W5J.txt [ Cookie:***@adultpornsex.org/ ]
	C:\USERS\***\Cookies\CMD359RN.txt [ Cookie:***@atdmt.com/ ]
	C:\USERS\***\Cookies\22U7NS6Q.txt [ Cookie:***@click.expandsearchanswers.com/ads-clicktrack/click/ ]
	C:\USERS\***\Cookies\54Q3GW7Y.txt [ Cookie:***@findfastnow.com/ ]
	C:\USERS\***\Cookies\31IACEPW.txt [ Cookie:***@exoclick.com/ ]
	media.mtvnservices.com [ C:\USERS\***\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6WNUMYR2 ]
	secure-uk.imrworldwide.com [ C:\USERS\***\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6WNUMYR2 ]
	secure-us.imrworldwide.com [ C:\USERS\***\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6WNUMYR2 ]
	.xiti.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	tracking.sim-technik.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wfmiqidjgdq.stats.esomniture.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.olympiaverlag.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.mtvn.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	tracking.veille-referencement.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.mediafire.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.mediafire.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.mediafire.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.mediafire.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	stats.computecmedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.skydeutschland.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	tracking.veille-referencement.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.nuon.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.eaeacom.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	server.lon.liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.getclicky.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.static.getclicky.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	s03.flagcounter.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	wstat.wibiya.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.unister-adservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.unister-adservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.unister-adservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.c.gigcount.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.stats.complex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.stats.complex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.stats.complex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.deutschepostag.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.unister-adservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	stat.vattenfall.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.guj.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.discount24.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.discount24.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.discount24.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.discount24.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.paypal.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.microsoftsto.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	www.thelabelfinder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.thelabelfinder.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.www.thelabelfinder.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.www.thelabelfinder.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.www.thelabelfinder.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	www.thelabelfinder.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.media.piggypink.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	sub.bubblesmedia.ru [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	sub.bubblesmedia.ru [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.philips.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.yadro.ru [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	www.skyscanner.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	www.skyscanner.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.skyscanner.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	www.skyscanner.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.skyscanner.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.skyscanner.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.skyscanner.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	track.zalando.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.findfastnow.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	11640.findfastnow.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	click.get-answers-fast.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.stats.paypal.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	traffic.brand-wall.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.premiumtv.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	server.iad.liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	media.finnair.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	media.finnair.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	media.finnair.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.wetterstationen.meteomedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.wetterstationen.meteomedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.wetterstationen.meteomedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	www.mediathek.ard.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCKMRQNM.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	tracking.mlsat02.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	www.usenext.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCOUUKPC.DEFAULT\COOKIES.SQLITE ]

Malewarebytes:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.20.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***-LAPTOP [Administrator]

20.07.2012 10:14:51
mbam-log-2012-07-20 (10-14-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 388926
Laufzeit: 1 Stunde(n), 43 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 10
C:\TDSSKiller_Quarantine\06.07.2012_12.04.34\mbr0000\tdlfs0000\tsk0007.dta (Rootkit.TDSS.64) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\TDSSKiller_Quarantine\06.07.2012_12.04.34\mbr0000\tdlfs0000\tsk0008.dta (Rootkit.TDSS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\TDSSKiller_Quarantine\06.07.2012_12.04.34\mbr0000\tdlfs0000\tsk0009.dta (Rootkit.TDSS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\TDSSKiller_Quarantine\06.07.2012_12.04.34\mbr0000\tdlfs0000\tsk0010.dta (Rootkit.TDSS.64) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\TDSSKiller_Quarantine\06.07.2012_12.04.34\mbr0000\tdlfs0000\tsk0012.dta (Rootkit.TDSS.64) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\TDSSKiller_Quarantine\06.07.2012_12.04.34\tdlfs0000\tsk0007.dta (Rootkit.TDSS.64) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\TDSSKiller_Quarantine\06.07.2012_12.04.34\tdlfs0000\tsk0008.dta (Rootkit.TDSS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\TDSSKiller_Quarantine\06.07.2012_12.04.34\tdlfs0000\tsk0009.dta (Rootkit.TDSS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\TDSSKiller_Quarantine\06.07.2012_12.04.34\tdlfs0000\tsk0010.dta (Rootkit.TDSS.64) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\TDSSKiller_Quarantine\06.07.2012_12.04.34\tdlfs0000\tsk0012.dta (Rootkit.TDSS.64) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus · 20.07.2012, 18:08

Sieht ok aus, da wurden nur Cookies gefunden. Die TDSS-Q kannst du ignorieren.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

CpTKebab · 09.08.2012, 10:53

Ich habe ganz vergessen mich bei dir für deine Hilfe zu bedanken. Das war echt ein super Job. Mein Laptop läuft wieder und ich habe keine Probleme mehr.

Vielen Dank!

cosinus · 10.08.2012, 10:51

Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

06.07.2012, 14:37	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	S.M.A.R.T Check virus Windows 7 Ja entweder cure oder delete, je nachdem was zur Auswahl steht __________________ Logfiles bitte immer in CODE-Tags posten

09.07.2012, 19:10	#20
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	S.M.A.R.T Check virus Windows 7 Downloade Dir bitte AdwCleaner auf deinen Desktop. Starte die adwcleaner.exe mit einem Doppelklick. Klicke auf Search. Nach Ende des Suchlaufs öffnet sich eine Textdatei. Poste mir den Inhalt mit deiner nächsten Antwort. Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt. __________________ Logfiles bitte immer in CODE-Tags posten

11.07.2012, 10:29	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	S.M.A.R.T Check virus Windows 7 Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

S.M.A.R.T Check virus Windows 7

Log-Analyse und Auswertung: S.M.A.R.T Check virus Windows 7