Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.07.2012, 10:38   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? - Standard

TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv?



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.07.2012, 12:48   #17
StarCGN
 
TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? - Standard

TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv?



So langsam habe ich wieder Hoffnung.

Code:
ATTFilter
 # AdwCleaner v1.702 - Logfile created 07/19/2012 at 12:42:15
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : *** - HOME-PC
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\***\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\***\AppData\Roaming\Babylon
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\Conduit
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\ConduitCommon
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\ConduitEngine
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\extensions\staged
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files\Funmoods
File Deleted : C:\Users\***\AppData\Local\funmoods.crx

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

Profile name : default 
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\user.js ... Deleted !

Deleted : user_pref("CT2269050..clientLogIsEnabled", false);
Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "19-7-2012");
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DialogsGetterLastCheckTime", "Mon Jul 16 2012 17:39:53 GMT+0200");
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Fri Aug 13 2010 21:01:14 GMT+0200");
Deleted : user_pref("CT2269050.FirstServerDate", "7-8-2010");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.HasUserGlobalKeys", true);
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2269050.InstalledDate", "Sat Aug 07 2010 11:22:43 GMT+0200");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Jul 18 2012 17:39:54 GMT+0200");
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_2.7.0.14", "Fri Aug 13 2010 19:51:55 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.12.0.7", "Fri Apr 27 2012 15:24:51 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 16:18:37 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.13.0.6", "Fri Jun 29 2012 13:21:31 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.14.1.0", "Thu Jul 19 2012 11:20:04 GMT+0200");
Deleted : user_pref("CT2269050.LatestVersion", "3.13.0.6");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.LoginCache", 4);
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Fri Aug 13 2010 13:29:24 GMT+0200");
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Jul 18 2012 17:39:53 GMT+0200");
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Wed Jul 18 2012 17:39:53 GMT+0200");
Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Thu Jul 19 2012 11:20:03 GMT+0200");
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1341904940");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sat Aug 07 2010 11:22:42 GMT+0200");
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Deleted : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2269050.UserID", "UN33306201193065366");
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Fri Aug 13 2010 20:52:15 GMT+0200");
Deleted : user_pref("CT2269050.WeatherUnit", "C");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.clientLogIsEnabled", true);
Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.initDone", true);
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.revertSettingsEnabled", true);
Deleted : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.testingCtid", "");
Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Wed Jul 18 2012 17:39:54 GMT+0200");
Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2269050.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=666138&fid=661999", "\"0\""[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"229[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "data:text/plain,keyword.URL=hxxp://de.se[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Jun 10 2011 19:57:46 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 21 2011 14:39:22 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 21 2011 14:39:14 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{b72c522d-5b31-4697-a4eb-a8127ee59c27}");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Aug 13 2010 13:29:24 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "ba0e873b-c11f-4406-ad87-803a6db52242");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon Jun 06 2011 11:47:31 GMT+0200");
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Mar 30 2011 19:17:17 GMT+0200");
Deleted : user_pref("ConduitEngine.FirstServerDate", "03/30/2011 20");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Mar 30 2011 19:17:18 GMT+0200");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Mar 30 2011 19:17:17 GMT+0200");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Mar 30 2011 22:18:13 GMT+0200");
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Mar 30 2011 22:18:13 GMT+0200");
Deleted : user_pref("ConduitEngine.UserID", "UN28008922307916746");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Mar 30 2011 19:17:17 GMT+0200");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Mar 30 2011 19:17:18 GMT+0200");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 1);
Deleted : user_pref("extensions.enabledAddons", "{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6,{46551EC9-40F0-4[...]
Deleted : user_pref("extensions.funmoods.aflt", "softpb");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "DE");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", false);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "8792D0984B691D42120CC75DB7078E3C");
Deleted : user_pref("extensions.funmoods.hmpg", false);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=softpb&chnl=softpb&cd=2Xz[...]
Deleted : user_pref("extensions.funmoods.id", "06265E62502E2CCF");
Deleted : user_pref("extensions.funmoods.instlDay", "15540");
Deleted : user_pref("extensions.funmoods.instlRef", "softpb");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2211:19:54");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", false);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=softpb&chnl=softpb&cd=2[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=softpb&chnl=softpb&cd[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2211:19:54");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", false);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2211:19:54");

Profile name : default 
File : C:\Users\Nadja\AppData\Roaming\Mozilla\Firefox\Profiles\r58ep3d6.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14971 octets] - [18/07/2012 18:35:10]
AdwCleaner[S1].txt - [21927 octets] - [19/07/2012 12:42:15]

########## EOF - C:\AdwCleaner[S1].txt - [22056 octets] ##########
         
__________________


Alt 19.07.2012, 20:10   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? - Standard

TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv?



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
__________________

Alt 19.07.2012, 20:44   #19
StarCGN
 
TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? - Standard

TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv?



Auch erledigt!

Code:
ATTFilter
 20:38:33.0729 3788	TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
20:38:33.0760 3788	============================================================
20:38:33.0760 3788	Current date / time: 2012/07/19 20:38:33.0760
20:38:33.0760 3788	SystemInfo:
20:38:33.0760 3788	
20:38:33.0760 3788	OS Version: 6.1.7601 ServicePack: 1.0
20:38:33.0760 3788	Product type: Workstation
20:38:33.0760 3788	ComputerName: HOME-PC
20:38:33.0760 3788	UserName: ***
20:38:33.0760 3788	Windows directory: C:\Windows
20:38:33.0760 3788	System windows directory: C:\Windows
20:38:33.0760 3788	Processor architecture: Intel x86
20:38:33.0760 3788	Number of processors: 2
20:38:33.0760 3788	Page size: 0x1000
20:38:33.0760 3788	Boot type: Normal boot
20:38:33.0760 3788	============================================================
20:38:34.0525 3788	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:38:34.0525 3788	============================================================
20:38:34.0540 3788	\Device\Harddisk0\DR0:
20:38:34.0540 3788	MBR partitions:
20:38:34.0540 3788	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x38FFD000
20:38:34.0540 3788	============================================================
20:38:34.0572 3788	C: <-> \Device\Harddisk0\DR0\Partition0
20:38:34.0572 3788	============================================================
20:38:34.0572 3788	Initialize success
20:38:34.0572 3788	============================================================
20:38:49.0922 2672	============================================================
20:38:49.0922 2672	Scan started
20:38:49.0922 2672	Mode: Manual; SigCheck; TDLFS; 
20:38:49.0922 2672	============================================================
20:38:51.0030 2672	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
20:38:51.0201 2672	1394ohci - ok
20:38:51.0310 2672	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
20:38:51.0326 2672	ACPI - ok
20:38:51.0388 2672	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
20:38:51.0498 2672	AcpiPmi - ok
20:38:51.0638 2672	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:38:51.0654 2672	adp94xx - ok
20:38:51.0700 2672	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:38:51.0732 2672	adpahci - ok
20:38:51.0810 2672	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:38:51.0841 2672	adpu320 - ok
20:38:51.0888 2672	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
20:38:51.0981 2672	AeLookupSvc - ok
20:38:52.0090 2672	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
20:38:52.0200 2672	AFD - ok
20:38:52.0387 2672	AgereSoftModem  (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
20:38:52.0512 2672	AgereSoftModem - ok
20:38:52.0574 2672	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
20:38:52.0590 2672	agp440 - ok
20:38:52.0683 2672	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:38:52.0714 2672	aic78xx - ok
20:38:52.0839 2672	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
20:38:52.0917 2672	ALG - ok
20:38:53.0026 2672	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
20:38:53.0042 2672	aliide - ok
20:38:53.0104 2672	AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe
20:38:53.0167 2672	AMD External Events Utility - ok
20:38:53.0198 2672	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
20:38:53.0214 2672	amdagp - ok
20:38:53.0260 2672	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
20:38:53.0292 2672	amdide - ok
20:38:53.0354 2672	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:38:53.0432 2672	AmdK8 - ok
20:38:53.0448 2672	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:38:53.0494 2672	AmdPPM - ok
20:38:53.0588 2672	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
20:38:53.0604 2672	amdsata - ok
20:38:53.0650 2672	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:38:53.0682 2672	amdsbs - ok
20:38:53.0697 2672	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
20:38:53.0713 2672	amdxata - ok
20:38:53.0916 2672	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:38:53.0947 2672	AntiVirSchedulerService - ok
20:38:53.0978 2672	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:38:53.0994 2672	AntiVirService - ok
20:38:54.0056 2672	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
20:38:54.0181 2672	AppID - ok
20:38:54.0228 2672	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
20:38:54.0290 2672	AppIDSvc - ok
20:38:54.0368 2672	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
20:38:54.0430 2672	Appinfo - ok
20:38:54.0508 2672	AppMgmt         (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
20:38:54.0540 2672	AppMgmt - ok
20:38:54.0618 2672	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:38:54.0633 2672	arc - ok
20:38:54.0649 2672	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:38:54.0664 2672	arcsas - ok
20:38:54.0680 2672	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:38:54.0805 2672	AsyncMac - ok
20:38:54.0867 2672	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
20:38:54.0883 2672	atapi - ok
20:38:54.0992 2672	athr            (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
20:38:55.0070 2672	athr - ok
20:38:55.0382 2672	atikmdag        (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
20:38:55.0741 2672	atikmdag - ok
20:38:55.0959 2672	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
20:38:56.0037 2672	AudioEndpointBuilder - ok
20:38:56.0053 2672	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
20:38:56.0084 2672	Audiosrv - ok
20:38:56.0178 2672	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
20:38:56.0209 2672	avgntflt - ok
20:38:56.0240 2672	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
20:38:56.0256 2672	avipbb - ok
20:38:56.0271 2672	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
20:38:56.0287 2672	avkmgr - ok
20:38:56.0349 2672	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
20:38:56.0396 2672	AxInstSV - ok
20:38:56.0474 2672	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:38:56.0521 2672	b06bdrv - ok
20:38:56.0568 2672	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:38:56.0583 2672	b57nd60x - ok
20:38:56.0646 2672	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
20:38:56.0708 2672	BDESVC - ok
20:38:56.0770 2672	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:38:56.0833 2672	Beep - ok
20:38:56.0926 2672	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
20:38:57.0004 2672	BFE - ok
20:38:57.0067 2672	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
20:38:57.0114 2672	BITS - ok
20:38:57.0129 2672	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:38:57.0176 2672	blbdrive - ok
20:38:57.0207 2672	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
20:38:57.0285 2672	bowser - ok
20:38:57.0301 2672	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:38:57.0316 2672	BrFiltLo - ok
20:38:57.0363 2672	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:38:57.0426 2672	BrFiltUp - ok
20:38:57.0488 2672	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
20:38:57.0566 2672	Browser - ok
20:38:57.0597 2672	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:38:57.0644 2672	Brserid - ok
20:38:57.0660 2672	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:38:57.0675 2672	BrSerWdm - ok
20:38:57.0722 2672	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:38:57.0769 2672	BrUsbMdm - ok
20:38:57.0769 2672	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:38:57.0800 2672	BrUsbSer - ok
20:38:57.0831 2672	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:38:57.0862 2672	BTHMODEM - ok
20:38:57.0940 2672	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
20:38:58.0003 2672	bthserv - ok
20:38:58.0081 2672	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:38:58.0159 2672	cdfs - ok
20:38:58.0237 2672	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
20:38:58.0284 2672	cdrom - ok
20:38:58.0362 2672	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
20:38:58.0424 2672	CertPropSvc - ok
20:38:58.0502 2672	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:38:58.0518 2672	circlass - ok
20:38:58.0580 2672	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:38:58.0596 2672	CLFS - ok
20:38:58.0720 2672	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:38:58.0752 2672	clr_optimization_v2.0.50727_32 - ok
20:38:58.0830 2672	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:38:58.0861 2672	clr_optimization_v4.0.30319_32 - ok
20:38:58.0908 2672	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:38:58.0954 2672	CmBatt - ok
20:38:59.0001 2672	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
20:38:59.0017 2672	cmdide - ok
20:38:59.0064 2672	CNG             (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
20:38:59.0095 2672	CNG - ok
20:38:59.0095 2672	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:38:59.0110 2672	Compbatt - ok
20:38:59.0188 2672	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
20:38:59.0235 2672	CompositeBus - ok
20:38:59.0266 2672	COMSysApp - ok
20:38:59.0313 2672	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:38:59.0344 2672	crcdisk - ok
20:38:59.0407 2672	CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
20:38:59.0469 2672	CryptSvc - ok
20:38:59.0532 2672	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
20:38:59.0610 2672	CSC - ok
20:38:59.0641 2672	CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
20:38:59.0703 2672	CscService - ok
20:38:59.0734 2672	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
20:38:59.0781 2672	DcomLaunch - ok
20:38:59.0828 2672	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
20:38:59.0890 2672	defragsvc - ok
20:38:59.0984 2672	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
20:39:00.0031 2672	DfsC - ok
20:39:00.0046 2672	dgderdrv - ok
20:39:00.0124 2672	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
20:39:00.0187 2672	Dhcp - ok
20:39:00.0218 2672	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:39:00.0280 2672	discache - ok
20:39:00.0327 2672	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:39:00.0358 2672	Disk - ok
20:39:00.0390 2672	DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
20:39:00.0405 2672	DKbFltr - ok
20:39:00.0452 2672	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
20:39:00.0499 2672	Dnscache - ok
20:39:00.0546 2672	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
20:39:00.0624 2672	dot3svc - ok
20:39:00.0655 2672	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
20:39:00.0717 2672	DPS - ok
20:39:00.0780 2672	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:39:00.0842 2672	drmkaud - ok
20:39:00.0904 2672	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
20:39:00.0936 2672	DXGKrnl - ok
20:39:00.0998 2672	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
20:39:01.0076 2672	EapHost - ok
20:39:01.0279 2672	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:39:01.0372 2672	ebdrv - ok
20:39:01.0528 2672	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
20:39:01.0575 2672	EFS - ok
20:39:01.0700 2672	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
20:39:01.0762 2672	ehRecvr - ok
20:39:01.0840 2672	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
20:39:01.0856 2672	ehSched - ok
20:39:01.0981 2672	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:39:02.0012 2672	elxstor - ok
20:39:02.0230 2672	ePowerSvc       (2072cbe938dd355c4a52e9a4dcf5439f) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
20:39:02.0262 2672	ePowerSvc - ok
20:39:02.0308 2672	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
20:39:02.0355 2672	ErrDev - ok
20:39:02.0418 2672	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
20:39:02.0464 2672	EventSystem - ok
20:39:02.0511 2672	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:39:02.0574 2672	exfat - ok
20:39:02.0605 2672	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:39:02.0652 2672	fastfat - ok
20:39:02.0745 2672	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
20:39:02.0808 2672	Fax - ok
20:39:02.0823 2672	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:39:02.0839 2672	fdc - ok
20:39:02.0901 2672	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
20:39:02.0964 2672	fdPHost - ok
20:39:02.0995 2672	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
20:39:03.0057 2672	FDResPub - ok
20:39:03.0073 2672	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:39:03.0088 2672	FileInfo - ok
20:39:03.0135 2672	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:39:03.0213 2672	Filetrace - ok
20:39:03.0229 2672	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:39:03.0260 2672	flpydisk - ok
20:39:03.0307 2672	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:39:03.0322 2672	FltMgr - ok
20:39:03.0385 2672	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
20:39:03.0447 2672	FontCache - ok
20:39:03.0588 2672	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:39:03.0603 2672	FontCache3.0.0.0 - ok
20:39:03.0619 2672	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:39:03.0650 2672	FsDepends - ok
20:39:03.0712 2672	FsUsbExDisk     (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
20:39:03.0744 2672	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
20:39:03.0744 2672	FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
20:39:03.0790 2672	FsUsbExService  (f96c429788350db4ba6771c3034dfd88) C:\Windows\system32\FsUsbExService.Exe
20:39:03.0806 2672	FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
20:39:03.0806 2672	FsUsbExService - detected UnsignedFile.Multi.Generic (1)
20:39:03.0853 2672	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
20:39:03.0868 2672	Fs_Rec - ok
20:39:03.0931 2672	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
20:39:03.0962 2672	fvevol - ok
20:39:04.0024 2672	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:39:04.0040 2672	gagp30kx - ok
20:39:04.0118 2672	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
20:39:04.0196 2672	gpsvc - ok
20:39:04.0305 2672	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:39:04.0321 2672	gusvc - ok
20:39:04.0368 2672	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:39:04.0414 2672	hcw85cir - ok
20:39:04.0492 2672	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
20:39:04.0539 2672	HDAudBus - ok
20:39:04.0570 2672	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:39:04.0617 2672	HidBatt - ok
20:39:04.0648 2672	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:39:04.0695 2672	HidBth - ok
20:39:04.0773 2672	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:39:04.0789 2672	HidIr - ok
20:39:04.0836 2672	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
20:39:04.0882 2672	hidserv - ok
20:39:04.0960 2672	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
20:39:04.0976 2672	HidUsb - ok
20:39:05.0023 2672	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
20:39:05.0085 2672	hkmsvc - ok
20:39:05.0132 2672	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
20:39:05.0179 2672	HomeGroupListener - ok
20:39:05.0226 2672	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
20:39:05.0257 2672	HomeGroupProvider - ok
20:39:05.0335 2672	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
20:39:05.0366 2672	HpSAMD - ok
20:39:05.0413 2672	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
20:39:05.0444 2672	HTTP - ok
20:39:05.0506 2672	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
20:39:05.0522 2672	hwpolicy - ok
20:39:05.0569 2672	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
20:39:05.0600 2672	i8042prt - ok
20:39:05.0647 2672	iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
20:39:05.0662 2672	iaStor - ok
20:39:05.0740 2672	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
20:39:05.0772 2672	iaStorV - ok
20:39:05.0959 2672	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:39:05.0990 2672	idsvc - ok
20:39:06.0037 2672	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:39:06.0068 2672	iirsp - ok
20:39:06.0130 2672	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
20:39:06.0208 2672	IKEEXT - ok
20:39:06.0364 2672	IntcAzAudAddService (ffb0b713a54dd05193dbcd0b790b37ee) C:\Windows\system32\drivers\RTKVHDA.sys
20:39:06.0411 2672	IntcAzAudAddService - ok
20:39:06.0598 2672	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
20:39:06.0630 2672	intelide - ok
20:39:06.0692 2672	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:39:06.0708 2672	intelppm - ok
20:39:06.0770 2672	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
20:39:06.0832 2672	IPBusEnum - ok
20:39:06.0848 2672	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:39:06.0895 2672	IpFilterDriver - ok
20:39:06.0957 2672	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
20:39:07.0004 2672	iphlpsvc - ok
20:39:07.0051 2672	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
20:39:07.0082 2672	IPMIDRV - ok
20:39:07.0113 2672	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:39:07.0191 2672	IPNAT - ok
20:39:07.0254 2672	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:39:07.0285 2672	IRENUM - ok
20:39:07.0300 2672	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
20:39:07.0316 2672	isapnp - ok
20:39:07.0363 2672	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
20:39:07.0378 2672	iScsiPrt - ok
20:39:07.0441 2672	k57nd60x        (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
20:39:07.0503 2672	k57nd60x - ok
20:39:07.0534 2672	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
20:39:07.0550 2672	kbdclass - ok
20:39:07.0612 2672	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
20:39:07.0644 2672	kbdhid - ok
20:39:07.0690 2672	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:39:07.0722 2672	KeyIso - ok
20:39:07.0753 2672	KSecDD          (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
20:39:07.0753 2672	KSecDD - ok
20:39:07.0768 2672	KSecPkg         (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
20:39:07.0784 2672	KSecPkg - ok
20:39:07.0846 2672	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
20:39:07.0878 2672	KtmRm - ok
20:39:07.0940 2672	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
20:39:08.0002 2672	LanmanServer - ok
20:39:08.0096 2672	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
20:39:08.0174 2672	LanmanWorkstation - ok
20:39:08.0252 2672	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:39:08.0330 2672	lltdio - ok
20:39:08.0424 2672	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
20:39:08.0470 2672	lltdsvc - ok
20:39:08.0470 2672	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
20:39:08.0533 2672	lmhosts - ok
20:39:08.0595 2672	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:39:08.0626 2672	LSI_FC - ok
20:39:08.0658 2672	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:39:08.0689 2672	LSI_SAS - ok
20:39:08.0704 2672	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:39:08.0720 2672	LSI_SAS2 - ok
20:39:08.0736 2672	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:39:08.0751 2672	LSI_SCSI - ok
20:39:08.0767 2672	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:39:08.0798 2672	luafv - ok
20:39:08.0845 2672	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
20:39:08.0876 2672	Mcx2Svc - ok
20:39:08.0892 2672	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:39:08.0907 2672	megasas - ok
20:39:08.0938 2672	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:39:08.0954 2672	MegaSR - ok
20:39:09.0110 2672	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:39:09.0126 2672	Microsoft Office Groove Audit Service - ok
20:39:09.0172 2672	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:39:09.0235 2672	MMCSS - ok
20:39:09.0266 2672	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:39:09.0313 2672	Modem - ok
20:39:09.0375 2672	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:39:09.0422 2672	monitor - ok
20:39:09.0500 2672	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
20:39:09.0531 2672	mouclass - ok
20:39:09.0547 2672	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:39:09.0578 2672	mouhid - ok
20:39:09.0625 2672	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
20:39:09.0625 2672	mountmgr - ok
20:39:09.0672 2672	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:39:09.0687 2672	MozillaMaintenance - ok
20:39:09.0734 2672	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
20:39:09.0750 2672	mpio - ok
20:39:09.0796 2672	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:39:09.0859 2672	mpsdrv - ok
20:39:09.0921 2672	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
20:39:10.0015 2672	MpsSvc - ok
20:39:10.0062 2672	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
20:39:10.0077 2672	MRxDAV - ok
20:39:10.0124 2672	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:39:10.0155 2672	mrxsmb - ok
20:39:10.0186 2672	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:39:10.0233 2672	mrxsmb10 - ok
20:39:10.0249 2672	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:39:10.0296 2672	mrxsmb20 - ok
20:39:10.0327 2672	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
20:39:10.0342 2672	msahci - ok
20:39:10.0405 2672	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
20:39:10.0420 2672	msdsm - ok
20:39:10.0467 2672	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
20:39:10.0530 2672	MSDTC - ok
20:39:10.0592 2672	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:39:10.0654 2672	Msfs - ok
20:39:10.0654 2672	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:39:10.0701 2672	mshidkmdf - ok
20:39:10.0748 2672	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
20:39:10.0764 2672	msisadrv - ok
20:39:10.0826 2672	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
20:39:10.0888 2672	MSiSCSI - ok
20:39:10.0888 2672	msiserver - ok
20:39:10.0982 2672	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:39:11.0044 2672	MSKSSRV - ok
20:39:11.0076 2672	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:39:11.0122 2672	MSPCLOCK - ok
20:39:11.0154 2672	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:39:11.0216 2672	MSPQM - ok
20:39:11.0232 2672	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:39:11.0247 2672	MsRPC - ok
20:39:11.0294 2672	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
20:39:11.0310 2672	mssmbios - ok
20:39:11.0372 2672	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:39:11.0419 2672	MSTEE - ok
20:39:11.0434 2672	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:39:11.0450 2672	MTConfig - ok
20:39:11.0466 2672	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:39:11.0466 2672	Mup - ok
20:39:11.0528 2672	mwlPSDFilter    (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
20:39:11.0559 2672	mwlPSDFilter - ok
20:39:11.0559 2672	mwlPSDNServ     (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
20:39:11.0575 2672	mwlPSDNServ - ok
20:39:11.0590 2672	mwlPSDVDisk     (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
20:39:11.0606 2672	mwlPSDVDisk - ok
20:39:11.0762 2672	MWLService      (fd257cd94057d02108b954156d7b2770) C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
20:39:11.0778 2672	MWLService - ok
20:39:11.0840 2672	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
20:39:11.0902 2672	napagent - ok
20:39:11.0996 2672	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:39:12.0027 2672	NativeWifiP - ok
20:39:12.0074 2672	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
20:39:12.0090 2672	NDIS - ok
20:39:12.0105 2672	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:39:12.0152 2672	NdisCap - ok
20:39:12.0183 2672	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:39:12.0246 2672	NdisTapi - ok
20:39:12.0308 2672	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
20:39:12.0355 2672	Ndisuio - ok
20:39:12.0402 2672	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
20:39:12.0464 2672	NdisWan - ok
20:39:12.0495 2672	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
20:39:12.0558 2672	NDProxy - ok
20:39:12.0620 2672	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:39:12.0667 2672	NetBIOS - ok
20:39:12.0714 2672	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
20:39:12.0776 2672	NetBT - ok
20:39:12.0807 2672	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:39:12.0823 2672	Netlogon - ok
20:39:12.0901 2672	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
20:39:12.0979 2672	Netman - ok
20:39:13.0010 2672	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
20:39:13.0057 2672	netprofm - ok
20:39:13.0213 2672	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:39:13.0228 2672	NetTcpPortSharing - ok
20:39:13.0291 2672	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:39:13.0306 2672	nfrd960 - ok
20:39:13.0353 2672	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
20:39:13.0416 2672	NlaSvc - ok
20:39:13.0447 2672	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:39:13.0509 2672	Npfs - ok
20:39:13.0556 2672	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
20:39:13.0587 2672	nsi - ok
20:39:13.0603 2672	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:39:13.0650 2672	nsiproxy - ok
20:39:13.0728 2672	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
20:39:13.0774 2672	Ntfs - ok
20:39:13.0930 2672	NTI IScheduleSvc (944e3911888b9fffd843b91c8abbd3f6) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
20:39:13.0946 2672	NTI IScheduleSvc - ok
20:39:13.0977 2672	NTIBackupSvc    (973dcb15731339fca176e534055cf115) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
20:39:13.0993 2672	NTIBackupSvc - ok
20:39:14.0180 2672	NTIDrvr         (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys
20:39:14.0196 2672	NTIDrvr - ok
20:39:14.0211 2672	NTISchedulerSvc (58751f9248d50bce1053976c9e2f0859) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
20:39:14.0227 2672	NTISchedulerSvc - ok
20:39:14.0274 2672	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:39:14.0336 2672	Null - ok
20:39:14.0383 2672	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
20:39:14.0398 2672	nvraid - ok
20:39:14.0414 2672	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
20:39:14.0430 2672	nvstor - ok
20:39:14.0445 2672	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
20:39:14.0461 2672	nv_agp - ok
20:39:14.0586 2672	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:39:14.0601 2672	odserv - ok
20:39:14.0648 2672	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
20:39:14.0695 2672	ohci1394 - ok
20:39:14.0757 2672	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:39:14.0804 2672	ose - ok
20:39:14.0851 2672	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:39:14.0898 2672	p2pimsvc - ok
20:39:14.0960 2672	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
20:39:14.0976 2672	p2psvc - ok
20:39:15.0038 2672	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:39:15.0069 2672	Parport - ok
20:39:15.0116 2672	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
20:39:15.0132 2672	partmgr - ok
20:39:15.0147 2672	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:39:15.0210 2672	Parvdm - ok
20:39:15.0241 2672	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
20:39:15.0272 2672	PcaSvc - ok
20:39:15.0319 2672	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
20:39:15.0334 2672	pci - ok
20:39:15.0350 2672	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
20:39:15.0366 2672	pciide - ok
20:39:15.0412 2672	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:39:15.0444 2672	pcmcia - ok
20:39:15.0444 2672	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:39:15.0459 2672	pcw - ok
20:39:15.0506 2672	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:39:15.0568 2672	PEAUTH - ok
20:39:15.0693 2672	PeerDistSvc     (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
20:39:15.0756 2672	PeerDistSvc - ok
20:39:15.0865 2672	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
20:39:15.0943 2672	pla - ok
20:39:16.0146 2672	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
20:39:16.0177 2672	PlugPlay - ok
20:39:16.0224 2672	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
20:39:16.0270 2672	PNRPAutoReg - ok
20:39:16.0302 2672	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:39:16.0333 2672	PNRPsvc - ok
20:39:16.0395 2672	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
20:39:16.0473 2672	PolicyAgent - ok
20:39:16.0520 2672	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
20:39:16.0551 2672	Power - ok
20:39:16.0660 2672	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:39:16.0707 2672	PptpMiniport - ok
20:39:16.0723 2672	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:39:16.0754 2672	Processor - ok
20:39:16.0785 2672	ProfSvc         (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
20:39:16.0832 2672	ProfSvc - ok
20:39:16.0863 2672	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:39:16.0879 2672	ProtectedStorage - ok
20:39:16.0910 2672	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:39:16.0941 2672	Psched - ok
20:39:17.0004 2672	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:39:17.0050 2672	ql2300 - ok
20:39:17.0238 2672	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:39:17.0253 2672	ql40xx - ok
20:39:17.0316 2672	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
20:39:17.0347 2672	QWAVE - ok
20:39:17.0362 2672	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:39:17.0378 2672	QWAVEdrv - ok
20:39:17.0472 2672	RapiMgr         (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
20:39:17.0487 2672	RapiMgr - ok
20:39:17.0503 2672	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:39:17.0550 2672	RasAcd - ok
20:39:17.0628 2672	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:39:17.0706 2672	RasAgileVpn - ok
20:39:17.0737 2672	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
20:39:17.0784 2672	RasAuto - ok
20:39:17.0830 2672	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:39:17.0877 2672	Rasl2tp - ok
20:39:17.0924 2672	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
20:39:17.0971 2672	RasMan - ok
20:39:18.0002 2672	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:39:18.0064 2672	RasPppoe - ok
20:39:18.0080 2672	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:39:18.0142 2672	RasSstp - ok
20:39:18.0174 2672	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
20:39:18.0236 2672	rdbss - ok
20:39:18.0283 2672	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:39:18.0298 2672	rdpbus - ok
20:39:18.0345 2672	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:39:18.0408 2672	RDPCDD - ok
20:39:18.0454 2672	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
20:39:18.0470 2672	RDPDR - ok
20:39:18.0501 2672	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:39:18.0548 2672	RDPENCDD - ok
20:39:18.0564 2672	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:39:18.0595 2672	RDPREFMP - ok
20:39:18.0657 2672	RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
20:39:18.0704 2672	RdpVideoMiniport - ok
20:39:18.0735 2672	RDPWD           (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
20:39:18.0782 2672	RDPWD - ok
20:39:18.0860 2672	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
20:39:18.0876 2672	rdyboost - ok
20:39:18.0922 2672	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
20:39:18.0985 2672	RemoteAccess - ok
20:39:19.0032 2672	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
20:39:19.0063 2672	RemoteRegistry - ok
20:39:19.0063 2672	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
20:39:19.0125 2672	RpcEptMapper - ok
20:39:19.0141 2672	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
20:39:19.0188 2672	RpcLocator - ok
20:39:19.0250 2672	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
20:39:19.0297 2672	RpcSs - ok
20:39:19.0390 2672	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:39:19.0437 2672	rspndr - ok
20:39:19.0515 2672	RTHDMIAzAudService (4a8393f03cb2f40e08126d83916c5633) C:\Windows\system32\drivers\RtHDMIV.sys
20:39:19.0531 2672	RTHDMIAzAudService - ok
20:39:19.0578 2672	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
20:39:19.0624 2672	s3cap - ok
20:39:19.0687 2672	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:39:19.0718 2672	SamSs - ok
20:39:19.0734 2672	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
20:39:19.0749 2672	sbp2port - ok
20:39:19.0812 2672	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
20:39:19.0858 2672	SCardSvr - ok
20:39:19.0905 2672	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
20:39:19.0983 2672	scfilter - ok
20:39:20.0046 2672	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
20:39:20.0092 2672	Schedule - ok
20:39:20.0155 2672	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
20:39:20.0186 2672	SCPolicySvc - ok
20:39:20.0217 2672	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
20:39:20.0264 2672	SDRSVC - ok
20:39:20.0326 2672	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:39:20.0373 2672	secdrv - ok
20:39:20.0420 2672	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
20:39:20.0482 2672	seclogon - ok
20:39:20.0498 2672	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
20:39:20.0529 2672	SENS - ok
20:39:20.0545 2672	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
20:39:20.0592 2672	SensrSvc - ok
20:39:20.0607 2672	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:39:20.0654 2672	Serenum - ok
20:39:20.0685 2672	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:39:20.0716 2672	Serial - ok
20:39:20.0763 2672	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:39:20.0779 2672	sermouse - ok
20:39:20.0841 2672	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
20:39:20.0888 2672	SessionEnv - ok
20:39:20.0935 2672	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
20:39:20.0966 2672	sffdisk - ok
20:39:20.0966 2672	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
20:39:20.0997 2672	sffp_mmc - ok
20:39:20.0997 2672	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
20:39:21.0013 2672	sffp_sd - ok
20:39:21.0060 2672	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:39:21.0075 2672	sfloppy - ok
20:39:21.0153 2672	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
20:39:21.0216 2672	SharedAccess - ok
20:39:21.0325 2672	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
20:39:21.0372 2672	ShellHWDetection - ok
20:39:21.0403 2672	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
20:39:21.0434 2672	sisagp - ok
20:39:21.0450 2672	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:39:21.0465 2672	SiSRaid2 - ok
20:39:21.0481 2672	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:39:21.0496 2672	SiSRaid4 - ok
20:39:21.0559 2672	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:39:21.0606 2672	Smb - ok
20:39:21.0684 2672	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
20:39:21.0699 2672	SNMPTRAP - ok
20:39:21.0715 2672	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:39:21.0730 2672	spldr - ok
20:39:21.0793 2672	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
20:39:21.0840 2672	Spooler - ok
20:39:22.0027 2672	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
20:39:22.0120 2672	sppsvc - ok
20:39:22.0292 2672	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
20:39:22.0370 2672	sppuinotify - ok
20:39:22.0464 2672	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
20:39:22.0526 2672	srv - ok
20:39:22.0557 2672	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
20:39:22.0620 2672	srv2 - ok
20:39:22.0651 2672	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
20:39:22.0698 2672	srvnet - ok
20:39:22.0744 2672	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
20:39:22.0822 2672	SSDPSRV - ok
20:39:22.0854 2672	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:39:22.0869 2672	ssmdrv - ok
20:39:22.0885 2672	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
20:39:22.0932 2672	SstpSvc - ok
20:39:23.0025 2672	StarOpen        (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
20:39:23.0056 2672	StarOpen ( UnsignedFile.Multi.Generic ) - warning
20:39:23.0056 2672	StarOpen - detected UnsignedFile.Multi.Generic (1)
20:39:23.0103 2672	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:39:23.0134 2672	stexstor - ok
20:39:23.0197 2672	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
20:39:23.0275 2672	StiSvc - ok
20:39:23.0306 2672	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
20:39:23.0322 2672	storflt - ok
20:39:23.0337 2672	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
20:39:23.0353 2672	storvsc - ok
20:39:23.0400 2672	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
20:39:23.0431 2672	swenum - ok
20:39:23.0493 2672	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
20:39:23.0540 2672	swprv - ok
20:39:23.0556 2672	Synth3dVsc - ok
20:39:23.0602 2672	SynTP           (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
20:39:23.0634 2672	SynTP - ok
20:39:23.0727 2672	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
20:39:23.0774 2672	SysMain - ok
20:39:23.0883 2672	SystemStore     (d7e795032847a6e6e9fbc5e296ae0838) C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
20:39:23.0914 2672	SystemStore ( UnsignedFile.Multi.Generic ) - warning
20:39:23.0914 2672	SystemStore - detected UnsignedFile.Multi.Generic (1)
20:39:23.0946 2672	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
20:39:24.0008 2672	TabletInputService - ok
20:39:24.0070 2672	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
20:39:24.0102 2672	TapiSrv - ok
20:39:24.0133 2672	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
20:39:24.0164 2672	TBS - ok
20:39:24.0320 2672	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
20:39:24.0367 2672	Tcpip - ok
20:39:24.0382 2672	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
20:39:24.0414 2672	TCPIP6 - ok
20:39:24.0476 2672	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
20:39:24.0538 2672	tcpipreg - ok
20:39:24.0570 2672	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
20:39:24.0616 2672	TDPIPE - ok
20:39:24.0663 2672	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
20:39:24.0694 2672	TDTCP - ok
20:39:24.0741 2672	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
20:39:24.0804 2672	tdx - ok
20:39:24.0850 2672	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
20:39:24.0866 2672	TermDD - ok
20:39:24.0928 2672	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
20:39:24.0975 2672	TermService - ok
20:39:25.0022 2672	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
20:39:25.0053 2672	Themes - ok
20:39:25.0100 2672	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:39:25.0131 2672	THREADORDER - ok
20:39:25.0131 2672	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
20:39:25.0194 2672	TrkWks - ok
20:39:25.0303 2672	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
20:39:25.0365 2672	TrustedInstaller - ok
20:39:25.0396 2672	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:39:25.0428 2672	tssecsrv - ok
20:39:25.0490 2672	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
20:39:25.0521 2672	TsUsbFlt - ok
20:39:25.0521 2672	tsusbhub - ok
20:39:25.0584 2672	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
20:39:25.0646 2672	tunnel - ok
20:39:25.0677 2672	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:39:25.0693 2672	uagp35 - ok
20:39:25.0724 2672	UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
20:39:25.0740 2672	UBHelper - ok
20:39:25.0786 2672	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
20:39:25.0833 2672	udfs - ok
20:39:25.0880 2672	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
20:39:25.0927 2672	UI0Detect - ok
20:39:25.0958 2672	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
20:39:25.0974 2672	uliagpkx - ok
20:39:26.0005 2672	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
20:39:26.0020 2672	umbus - ok
20:39:26.0083 2672	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:39:26.0114 2672	UmPass - ok
20:39:26.0161 2672	UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
20:39:26.0192 2672	UmRdpService - ok
20:39:26.0239 2672	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
20:39:26.0317 2672	upnphost - ok
20:39:26.0348 2672	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
20:39:26.0379 2672	usbccgp - ok
20:39:26.0442 2672	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
20:39:26.0457 2672	usbcir - ok
20:39:26.0488 2672	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
20:39:26.0504 2672	usbehci - ok
20:39:26.0535 2672	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
20:39:26.0582 2672	usbhub - ok
20:39:26.0644 2672	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
20:39:26.0707 2672	usbohci - ok
20:39:26.0738 2672	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:39:26.0754 2672	usbprint - ok
20:39:26.0816 2672	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:39:26.0847 2672	USBSTOR - ok
20:39:26.0863 2672	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:39:26.0878 2672	usbuhci - ok
20:39:26.0910 2672	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
20:39:26.0925 2672	usbvideo - ok
20:39:26.0956 2672	usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
20:39:27.0003 2672	usb_rndisx - ok
20:39:27.0050 2672	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
20:39:27.0081 2672	UxSms - ok
20:39:27.0128 2672	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:39:27.0144 2672	VaultSvc - ok
20:39:27.0206 2672	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
20:39:27.0222 2672	vdrvroot - ok
20:39:27.0300 2672	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
20:39:27.0346 2672	vds - ok
20:39:27.0393 2672	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:39:27.0440 2672	vga - ok
20:39:27.0471 2672	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:39:27.0503 2672	VgaSave - ok
20:39:27.0518 2672	VGPU - ok
20:39:27.0565 2672	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
20:39:27.0596 2672	vhdmp - ok
20:39:27.0659 2672	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
20:39:27.0674 2672	viaagp - ok
20:39:27.0721 2672	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:39:27.0768 2672	ViaC7 - ok
20:39:27.0799 2672	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
20:39:27.0815 2672	viaide - ok
20:39:27.0846 2672	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
20:39:27.0861 2672	vmbus - ok
20:39:27.0861 2672	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
20:39:27.0908 2672	VMBusHID - ok
20:39:27.0924 2672	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
20:39:27.0939 2672	volmgr - ok
20:39:27.0971 2672	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:39:27.0986 2672	volmgrx - ok
20:39:28.0033 2672	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
20:39:28.0049 2672	volsnap - ok
20:39:28.0127 2672	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:39:28.0142 2672	vsmraid - ok
20:39:28.0236 2672	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
20:39:28.0314 2672	VSS - ok
20:39:28.0345 2672	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
20:39:28.0376 2672	vwifibus - ok
20:39:28.0407 2672	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
20:39:28.0423 2672	vwififlt - ok
20:39:28.0470 2672	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
20:39:28.0485 2672	vwifimp - ok
20:39:28.0548 2672	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
20:39:28.0610 2672	W32Time - ok
20:39:28.0657 2672	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:39:28.0688 2672	WacomPen - ok
20:39:28.0766 2672	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:39:28.0829 2672	WANARP - ok
20:39:28.0829 2672	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:39:28.0860 2672	Wanarpv6 - ok
20:39:28.0938 2672	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
20:39:28.0985 2672	wbengine - ok
20:39:29.0031 2672	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
20:39:29.0078 2672	WbioSrvc - ok
20:39:29.0203 2672	WcesComm        (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
20:39:29.0234 2672	WcesComm - ok
20:39:29.0281 2672	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
20:39:29.0343 2672	wcncsvc - ok
20:39:29.0375 2672	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
20:39:29.0437 2672	WcsPlugInService - ok
20:39:29.0515 2672	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:39:29.0546 2672	Wd - ok
20:39:29.0577 2672	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:39:29.0593 2672	Wdf01000 - ok
20:39:29.0609 2672	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:39:29.0655 2672	WdiServiceHost - ok
20:39:29.0655 2672	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:39:29.0671 2672	WdiSystemHost - ok
20:39:29.0733 2672	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
20:39:29.0780 2672	WebClient - ok
20:39:29.0827 2672	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
20:39:29.0858 2672	Wecsvc - ok
20:39:29.0874 2672	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
20:39:29.0905 2672	wercplsupport - ok
20:39:29.0936 2672	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
20:39:29.0967 2672	WerSvc - ok
20:39:29.0999 2672	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:39:30.0014 2672	WfpLwf - ok
20:39:30.0030 2672	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:39:30.0045 2672	WIMMount - ok
20:39:30.0217 2672	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
20:39:30.0279 2672	WinDefend - ok
20:39:30.0295 2672	WinHttpAutoProxySvc - ok
20:39:30.0389 2672	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
20:39:30.0451 2672	Winmgmt - ok
20:39:30.0545 2672	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
20:39:30.0607 2672	WinRM - ok
20:39:30.0732 2672	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
20:39:30.0794 2672	WinUsb - ok
20:39:30.0872 2672	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
20:39:30.0919 2672	Wlansvc - ok
20:39:30.0966 2672	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
20:39:30.0981 2672	WmiAcpi - ok
20:39:31.0091 2672	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
20:39:31.0137 2672	wmiApSrv - ok
20:39:31.0403 2672	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:39:31.0449 2672	WMPNetworkSvc - ok
20:39:31.0481 2672	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
20:39:31.0496 2672	WPCSvc - ok
20:39:31.0543 2672	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
20:39:31.0590 2672	WPDBusEnum - ok
20:39:31.0683 2672	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:39:31.0761 2672	ws2ifsl - ok
20:39:31.0793 2672	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
20:39:31.0824 2672	wscsvc - ok
20:39:31.0839 2672	WSearch - ok
20:39:31.0933 2672	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
20:39:31.0995 2672	wuauserv - ok
20:39:32.0198 2672	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
20:39:32.0245 2672	WudfPf - ok
20:39:32.0292 2672	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:39:32.0323 2672	WUDFRd - ok
20:39:32.0370 2672	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
20:39:32.0401 2672	wudfsvc - ok
20:39:32.0448 2672	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
20:39:32.0510 2672	WwanSvc - ok
20:39:32.0557 2672	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:39:32.0807 2672	\Device\Harddisk0\DR0 - ok
20:39:32.0807 2672	Boot (0x1200)   (3a01482251629bf09357270b2369ed3f) \Device\Harddisk0\DR0\Partition0
20:39:32.0807 2672	\Device\Harddisk0\DR0\Partition0 - ok
20:39:32.0807 2672	============================================================
20:39:32.0807 2672	Scan finished
20:39:32.0807 2672	============================================================
20:39:32.0822 4624	Detected object count: 4
20:39:32.0822 4624	Actual detected object count: 4
20:40:01.0869 4624	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:01.0869 4624	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:40:01.0869 4624	FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:01.0869 4624	FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:40:01.0869 4624	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:01.0869 4624	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:40:01.0869 4624	SystemStore ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:01.0869 4624	SystemStore ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 19.07.2012, 21:37   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? - Standard

TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.07.2012, 15:48   #21
StarCGN
 
TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? - Standard

TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv?



Auch erledigt, ging ja auch recht zügig.

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-19.02 - *** 20.07.2012  15:14:14.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3067.2167 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-20 bis 2012-07-20  ))))))))))))))))))))))))))))))
.
.
2012-07-20 08:06 . 2012-06-29 08:44	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D34061DF-807A-4113-98EA-2DD868621E52}\mpengine.dll
2012-07-19 09:22 . 2012-07-19 09:22	--------	d-----w-	c:\users\***\AppData\Local\IsolatedStorage
2012-07-19 09:19 . 2012-07-19 09:19	--------	d-----w-	c:\users\***\AppData\Local\Freemium TubeBox
2012-07-19 09:19 . 2012-07-19 09:19	--------	d-----w-	c:\program files\Freemium
2012-07-19 09:19 . 2012-07-19 09:22	--------	d-----w-	c:\users\***\AppData\Roaming\Freemium
2012-07-17 13:50 . 2012-07-17 13:50	--------	d-----w-	C:\_OTL
2012-07-14 11:29 . 2012-07-14 11:29	--------	d-----w-	c:\program files\ESET
2012-07-13 11:41 . 2012-07-20 08:02	--------	d-----r-	c:\users\***\Dropbox
2012-07-13 11:39 . 2012-07-20 12:57	--------	d-----w-	c:\users\***\AppData\Roaming\Dropbox
2012-07-12 18:42 . 2012-06-12 02:40	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-07-12 16:52 . 2012-07-12 16:52	--------	d-----w-	c:\program files\7-Zip
2012-07-03 20:16 . 2012-07-12 17:24	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-07-03 20:16 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-03 18:38 . 2012-07-03 18:38	20322816	----a-w-	c:\windows\system32\imageres.dll
2012-06-28 16:36 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-28 16:36 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-28 16:36 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-28 16:36 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-28 16:36 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-28 16:36 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-28 16:36 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-28 16:36 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-28 16:36 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-26 16:20 . 2012-06-26 16:20	--------	d-----w-	c:\users\***\AppData\Local\Macromedia
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 12:56 . 2012-03-30 11:16	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-29 12:56 . 2011-06-21 12:57	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 10:25 . 2012-04-14 06:47	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-05-27 07:04 . 2012-05-27 07:04	163048	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-15 03:03 . 2012-06-14 06:16	981504	----a-w-	c:\windows\system32\wininet.dll
2012-05-09 13:45 . 2012-04-14 06:51	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-09 13:45 . 2012-04-14 06:51	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-01 04:44 . 2012-06-14 06:16	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-04-28 04:41 . 2012-06-14 06:17	919040	----a-w-	c:\windows\system32\rdpcorets.dll
2012-04-28 03:17 . 2012-06-14 06:17	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-14 06:16	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-14 06:16	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-14 06:16	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-14 06:16	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 06:16	1158656	----a-w-	c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 06:16	103936	----a-w-	c:\windows\system32\cryptnet.dll
2012-04-27 14:36 . 2012-01-22 16:52	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02	120104	----a-w-	c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-24 870920]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-07-29 200704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-3 26868192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-08-05 19:08	273544	----a-w-	c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 SystemStore;System Store;c:\program files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mymrjm36.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-ObjectDock Plus 2 - c:\programdata\{0F4A7EFE-5950-4389-BF36-1E625D72456B}\shareware.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2704)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
.
Zeit der Fertigstellung: 2012-07-20  15:23:23
ComboFix-quarantined-files.txt  2012-07-20 13:23
.
Vor Suchlauf: 14 Verzeichnis(se), 98.089.308.160 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 98.177.789.952 Bytes frei
.
- - End Of File - - DE6338130D1B93E2CE573890073882A1
         
--- --- ---

Alt 20.07.2012, 19:29   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? - Standard

TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv?



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.07.2012, 22:03   #23
StarCGN
 
TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? - Standard

TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv?



Meine Herren, das war ja ein richtiger Scan-Marathon. Aber endlich alle 3 Scans erledigt.

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-20 20:24:57
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O
Running: 2q72fcqr.exe; Driver: C:\Users\MARCEL~1\AppData\Local\Temp\kgldipow.sys


---- System - GMER 1.0.15 ----

SSDT   91BE83BE                                                                                                                                      ZwCreateSection
SSDT   91BE83C8                                                                                                                                      ZwRequestWaitReplyPort
SSDT   91BE83C3                                                                                                                                      ZwSetContextThread
SSDT   91BE83CD                                                                                                                                      ZwSetSecurityObject
SSDT   91BE83D2                                                                                                                                      ZwSystemDebugControl
SSDT   91BE835F                                                                                                                                      ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                      8343F3C9 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                        83478D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                           8347FEAC 4 Bytes  [BE, 83, BE, 91]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                                           83480208 4 Bytes  [C8, 83, BE, 91] {ENTER 0xbe83, 0x91}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                                           8348024C 4 Bytes  [C3, 83, BE, 91]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                                           834802C8 4 Bytes  [CD, 83, BE, 91]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                                           8348031C 4 Bytes  [D2, 83, BE, 91]
.text  ...                                                                                                                                           
.text  C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                      section is writeable [0x92018000, 0x2D5378, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT    C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2016] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx]  [013C1210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.DLL (Backup Manager Module/NewTech Infosystems, Inc.)
IAT    C:\Windows\Explorer.EXE[3492] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]                                       [00871E00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT    C:\Windows\Explorer.EXE[3492] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                                                   [00872A00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT    C:\Windows\Explorer.EXE[3492] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                                   [008711D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT    C:\Windows\System32\rundll32.exe[3620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                                         [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT    C:\Windows\System32\rundll32.exe[3620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                                          [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT    C:\Windows\System32\rundll32.exe[3620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                                       [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT    C:\Windows\System32\rundll32.exe[3620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                                        [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]             [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]              [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]           [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]            [74E3FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
--- --- ---


OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:34:10 on 20.07.2012

OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 12.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys  (File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\MARCEL~1\AppData\Local\Temp\catchme.sys  (File not found)
"dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"kgldipow" (kgldipow) - ? - C:\Users\MARCEL~1\AppData\Local\Temp\kgldipow.sys  (Hidden registry entry, rootkit activity | File not found)
"mwlPSDFilter" (mwlPSDFilter) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys
"mwlPSDNServ" (mwlPSDNServ) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys
"mwlPSDVDisk" (mwlPSDVDisk) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys  (File not found)
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys
"VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{0561EC90-CE54-4f0c-9C55-E226110A740C} "{0561EC90-CE54-4f0c-9C55-E226110A740C}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Exctractor" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
"PokerStars.net" - "PokerStars" - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AmIcoSinglun" - "AlcorMicro Co., Ltd." - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
"EgisTecLiveUpdate" - "Egis Technology Inc." - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe
"mwlDaemon" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
"PLFSetI" - ? - C:\Windows\PLFSetI.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PCL hpz3llhn" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3llhn.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
"NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"System Store" (SystemStore) - ? - C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]

Code:
ATTFilter
 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-20 20:38:26
-----------------------------
20:38:26.456    OS Version: Windows 6.1.7601 Service Pack 1
20:38:26.456    Number of processors: 2 586 0x170A
20:38:26.456    ComputerName: HOME-PC  UserName: 
20:38:28.141    Initialize success
20:40:04.861    AVAST engine defs: 12072000
20:40:25.640    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:40:25.656    Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
20:40:25.703    Disk 0 MBR read successfully
20:40:25.703    Disk 0 MBR scan
20:40:25.718    Disk 0 Windows 7 default MBR code
20:40:25.765    Disk 0 Partition 1 00     27 Hidden NTFS WinRE MSDOS5.0    10000 MB offset 2048
20:40:25.781    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       466938 MB offset 20482048
20:40:25.796    Disk 0 scanning sectors +976771072
20:40:25.921    Disk 0 scanning C:\Windows\system32\drivers
20:41:37.073    Service scanning
20:42:21.049    Modules scanning
20:44:21.466    Disk 0 trace - called modules:
20:44:21.482    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
20:44:21.497    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87505170]
20:44:21.497    3 CLASSPNP.SYS[8bf8859e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85d36028]
20:44:23.010    AVAST engine scan C:\Windows
20:47:42.987    AVAST engine scan C:\Windows\system32
21:14:33.440    AVAST engine scan C:\Windows\system32\drivers
21:19:28.343    AVAST engine scan C:\Users\***
21:49:48.539    AVAST engine scan C:\ProgramData
21:58:32.154    Scan finished successfully
21:59:48.188    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
21:59:48.204    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
         

Alt 21.07.2012, 16:46   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? - Standard

TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv?



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.07.2012, 17:52   #25
StarCGN
 
TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? - Standard

TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv?



WOW!!! Mit Malwarebytes sieht es ganz gut aus, aber was findet bitte SUPERAntiSpyware alles?
Ist doch richtig, dass ich bei der SUPERAntiSpyware nicht ohne deine Anweisung auf "Remove Threads" geklickt habe oder?
Hier die beiden Logs:

Code:
ATTFilter
 Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.21.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
*** :: HOME-PC [Administrator]

21.07.2012 16:56:44
mbam-log-2012-07-21 (18-43-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 379530
Laufzeit: 1 Stunde(n), 45 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt.

(Ende)
         
Code:
ATTFilter
 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/22/2012 at 05:45 PM

Application Version : 5.5.1006

Core Rules Database Version : 8939
Trace Rules Database Version: 6751

Scan type       : Complete Scan
Total Scan Time : 01:47:16

Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 780
Memory threats detected   : 0
Registry items scanned    : 36084
Registry threats detected : 0
File items scanned        : 125147
File threats detected     : 102

Adware.Tracking Cookie
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\MPRAAPDO.txt [ /zanox.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\FCVCWRNA.txt [ /imrworldwide.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\BJM2LD4J.txt [ /tomtailor.dyntracker.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\PA97ERLA.txt [ /fastclick.net ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\QW9Y5FTN.txt [ /adfarm1.adition.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\O0J5AD5K.txt [ /tradedoubler.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Z5XD11A7.txt [ /www.zanox-affiliate.de ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9VOA5N53.txt [ /atdmt.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\H98HL1SW.txt [ /www.usenext.de ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\J32IAG5P.txt [ /tracking.quisma.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\TRRB9290.txt [ /komtrack.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\WU3QDSME.txt [ /track.effiliation.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\SME3XU64.txt [ /ad1.adfarm1.adition.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\1QOXOB4I.txt [ /ad.dyntracker.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\09ZWXPTM.txt [ /adform.net ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\HMU99BSE.txt [ /unitymedia.de ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\DLWP1TRN.txt [ /track.effiliation.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\EYDSOKS0.txt [ /apmebf.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9OXN9S8T.txt [ /webmasterplan.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\W0WYGXYD.txt [ /ad.zanox.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\XMQO25W5.txt [ /komtrack.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\QU38JLXX.txt [ /track.adform.net ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\WSDWR8ET.txt [ /ad.yieldmanager.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9KA4LFQK.txt [ /zanox-affiliate.de ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\PIZTDTQO.txt [ /butlers.traffective-tracking.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\UJEHDIC9.txt [ /mediaplex.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\S0RGI5RM.txt [ /ad.dyntracker.de ]
	C:\USERS\***\Cookies\MPRAAPDO.txt [ Cookie:***@zanox.com/ ]
	C:\USERS\***\Cookies\FCVCWRNA.txt [ Cookie:***@imrworldwide.com/cgi-bin ]
	C:\USERS\***\Cookies\PA97ERLA.txt [ Cookie:***@fastclick.net/ ]
	C:\USERS\***\Cookies\QW9Y5FTN.txt [ Cookie:***@adfarm1.adition.com/ ]
	C:\USERS\***\Cookies\O0J5AD5K.txt [ Cookie:***@tradedoubler.com/ ]
	C:\USERS\***\Cookies\Z5XD11A7.txt [ Cookie:***@www.zanox-affiliate.de/ ]
	C:\USERS\***\Cookies\9VOA5N53.txt [ Cookie:***@atdmt.com/ ]
	C:\USERS\***\Cookies\J32IAG5P.txt [ Cookie:***@tracking.quisma.com/ ]
	C:\USERS\***\Cookies\WU3QDSME.txt [ Cookie:***@track.effiliation.com/ ]
	C:\USERS\***\Cookies\SME3XU64.txt [ Cookie:***@ad1.adfarm1.adition.com/ ]
	C:\USERS\***\Cookies\1QOXOB4I.txt [ Cookie:***@ad.dyntracker.com/ ]
	C:\USERS\***\Cookies\09ZWXPTM.txt [ Cookie:***@adform.net/ ]
	C:\USERS\***\Cookies\DLWP1TRN.txt [ Cookie:***@track.effiliation.com/servlet/ ]
	C:\USERS\***\Cookies\XMQO25W5.txt [ Cookie:***@komtrack.com/tr ]
	C:\USERS\***\Cookies\WSDWR8ET.txt [ Cookie:***@ad.yieldmanager.com/ ]
	C:\USERS\***\Cookies\9KA4LFQK.txt [ Cookie:***@zanox-affiliate.de/ ]
	C:\USERS\***\Cookies\PIZTDTQO.txt [ Cookie:***@butlers.traffective-tracking.com/ ]
	C:\USERS\***\Cookies\UJEHDIC9.txt [ Cookie:***@mediaplex.com/ ]
	C:\USERS\***\Cookies\S0RGI5RM.txt [ Cookie:***@ad.dyntracker.de/ ]
	C:\USERS\NADJA\AppData\Roaming\Microsoft\Windows\Cookies\A3IMA573.txt [ Cookie:nadja@apmebf.com/ ]
	C:\USERS\NADJA\AppData\Roaming\Microsoft\Windows\Cookies\57L96CMB.txt [ Cookie:nadja@mediaplex.com/ ]
	C:\USERS\NADJA\Cookies\A3IMA573.txt [ Cookie:nadja@apmebf.com/ ]
	C:\USERS\NADJA\Cookies\57L96CMB.txt [ Cookie:nadja@mediaplex.com/ ]
	www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	tracking.mlsat02.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.dyntracker.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	tradefx.advertserve.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	media-manager.ksk-koeln.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]
	media-manager.ksk-koeln.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R58EP3D6.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Bifrose
	C:\_OTL\MOVEDFILES\07172012_155048\C_PROGRAM FILES\VISTACODECPACK\TOOLS\VISTAUSER.EXE
         

Geändert von StarCGN (22.07.2012 um 18:01 Uhr)

Alt 23.07.2012, 15:34   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? - Standard

TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv?



Sieht ok aus, da wurden nur Überreste und Cookies gefunden, kann alles weg
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.07.2012, 11:23   #27
StarCGN
 
TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? - Standard

TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv?



Ansonsten gibt es keinerlei Probleme mehr mit dem System. Wenn Du sagst, dass der folgende Eintrag auch nicht problematisch ist bin ich beruhigt.

Trojan.Agent/Gen-Bifrose
C:\_OTL\MOVEDFILES\07172012_155048\C_PROGRAM FILES\VISTACODECPACK\TOOLS\VISTAUSER.EXE

Ich sollte, meine ich, beim Defogger am Anfang was ausstellen. Kann das nun wieder eingestellt werden (bin gerade überfragt was es war) und welche Programme kann ich jetzt deinstallieren bzw. empfiehlst Du mir das ich welche zur Sicherheit drauf lassen soll, wie z.B. SuperAntiSypWare.

Ansonsten kann ich nur sagen

Ihr Jungs habt es echt drauf - einsame spitze. Ich kann dieses Forum nur jedem empfehlen! Liebsten Dank für die Hilfe.

Alt 24.07.2012, 20:35   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? - Standard

TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv?



Code:
ATTFilter
Trojan.Agent/Gen-Bifrose
C:\_OTL\MOVEDFILES\07172012_155048\C_PROGRAM FILES\VISTACODECPACK\TOOLS\VISTAUSER.EXE
         
Wie schonmal erwähnt ist Der Ordner "_OTL" der Quarantänebereich von OTL. Das ist folgerichtig, dass dort Schädlinge sind. Sie sind dort aber harmlos weil inaktiv.

Defogger wäre nur relevant, wenn du ein Tool für virtuelle optische Laufwerke installiert hast also zB DaemonTools was wie viele andere solcher Tools den sog. SPTD-Treiber verwenden


Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv?
aktiv, avira, befall, e-banking, erledigt, frage, fragen, geladen, geschichte, googeln, hallo zusammen, herzlichen, hoffe, laptop, laufen, löschen, malwarebytes, minute, programme, quarantäne, recht, super, tr/atraps.gen, viren, weiterhelfen, überprüfen, zaccess, zusammen



Ähnliche Themen: TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv?


  1. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  2. Trojaner Befall TR/ATRAPS.GEN ,TR/ATRAPS.GEN2 , TR/Cutwail.jhg , TR/ZAccess.H , TR/Sirefef.A.37
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (17)
  3. TR/ATRAPS.Gen2 und TR/ATRAPS.Gen wird alle paar Minuten von Antivir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (22)
  4. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  5. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  6. Laptop befallen mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 31.07.2012 (5)
  7. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 28.07.2012 (25)
  8. Viren,BDS/ZAccess.T,TR/ATRAPS.gen,TR/ATRAPS.gen2 in C:/Dokumente/Einstellungen/Administrator..
    Alles rund um Windows - 22.07.2012 (1)
  9. Trojaner TR/ATRAPS.gen und TR/ATRAPS.Gen2 lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (30)
  10. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  11. TR/ATRAPS.GEN, TR/ATRAPS.Gen2 6 seit ein paar Minuten auch noch ein Sirefef.P.528
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (1)
  12. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  13. TR/ATRAPS.GEN, TR/ATRAPS.GEN2 in C:\Windows\Installer\{...} und JAVA/Dldr.Lamar.CI
    Mülltonne - 09.07.2012 (2)
  14. Nach Befall tr/atraps.gen tr/atraps.gen2 formatiert - Computer startet selbständig neu
    Log-Analyse und Auswertung - 09.07.2012 (1)
  15. Virus (Rootkit.0Access, TR/ATRAPS.Gen, TR/ATRAPS.Gen2) entfernt; tatsächlich clean?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (7)
  16. Und noch einer: Trojaner TR/ATRAPS.Gen2 und TR/ATRAPS.Gen und W32/Patched.UA HILFE!!!
    Log-Analyse und Auswertung - 28.06.2012 (7)
  17. Antivir meldet ständig wiederholten Fund von TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)

Zum Thema TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? - adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Schließe alle offenen Programme und Browser. Starte die adwcleaner.exe mit einem Doppelklick. Klicke auf Delete . Bestätige jeweils mit Ok . Dein Rechner - TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv?...
Archiv
Du betrachtest: TR/ATRAPS.Gen und TR/ATRAPS.Gen 2 noch auf Laptop aktiv? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.