Trojaner-Board - S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun?

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? (https://www.trojaner-board.de/118489-s-m-a-r-t-repair-virus-systemwiederherstellung-durchgefuehrt-bleibt-tun.html)

S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun?

Hallo liebe Leute,

ich habe mir gestern den SMART Repair Virus eingefangen.
Beim Surfen fragte eine unbekannte .exe-Datei (irgendwas mit aol) nach Erlaubnis, Veränderungen am Computer durchzuführen, bei "Nein" kam die Meldung sofort wieder. Habe dann einen Suchlauf mit Avira durchgeführt, der gleich etwas gefunden und gelöscht hat (habe die Meldung aber jetzt bei den Berichten nicht mehr gefunden), kurz darauf startete dann der SMART Virus mit seiner Show. Ein Avira Durchlauf gab dann nur eine Warnung aus, dass es eine Datei nicht öffnen konnte (ebenjene).
Ich habe dann den Computer im sicheren Modus neu gestartet und eine Systemwiederherstellung auf den Stand von vor ein paar Tagen durchgeführt.
Jetzt läuft soweit wieder alles, nur sind natürlich alle Daten versteckt (habe den Fix, den ich hier dazu gefunden habe, noch nicht durchgeführt).

Ich fürchte, das Problem ist damit aber nicht mit Sicherheit aus der Welt, stimmt das? Muss ich, wenn alles (hoffentlich) bereinigt ist, sonst noch irgendwas beachten? Etwa Passwörter ändern o.ä.?

Ich hoffe, ich habe beim Erstellen nichts vergessen. :)
Vielen Dank im Voraus!

Defogger habe ich durchgeführt, Fehlermeldung kam keine.

OTL.txt:

Code:

OTL logfile created on: 04.07.2012 09:21:06 - Run 1

OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Mathias\Desktop

 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,37% Memory free

5,99 Gb Paging File | 4,89 Gb Available in Paging File | 81,64% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455,99 Gb Total Space | 94,43 Gb Free Space | 20,71% Space Free | Partition Type: NTFS

 

Computer Name: MATHIAS-LAPTOP | User Name: Mathias | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.07.04 09:11:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe

PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012.05.11 09:29:59 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2012.05.11 09:29:59 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.11 09:29:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.05.11 09:29:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.11 09:29:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.09.08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe

PRC - [2011.08.21 21:46:57 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe

PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe

PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin

PRC - [2009.08.27 06:48:32 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe

PRC - [2009.08.26 20:07:24 | 000,698,912 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe

PRC - [2009.08.26 20:07:22 | 000,690,720 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe

PRC - [2009.08.26 20:07:20 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe

PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe

PRC - [2009.05.14 23:03:18 | 000,345,384 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

PRC - [2009.05.13 19:39:42 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe

PRC - [2009.04.11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

PRC - [2009.01.21 01:41:24 | 000,202,024 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

PRC - [2009.01.21 01:41:18 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

PRC - [2008.12.26 17:30:58 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe

PRC - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.08.23 14:38:42 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll

MOD - [2011.08.21 21:46:57 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe

MOD - [2011.05.26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2009.02.02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

MOD - [2009.01.21 01:41:26 | 000,872,448 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll

MOD - [2009.01.21 01:41:22 | 000,007,680 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll

MOD - [2009.01.18 16:50:02 | 000,417,792 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\AdobeXMP.dll

MOD - [2007.11.16 17:02:18 | 000,479,232 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll

MOD - [2007.11.16 17:02:18 | 000,401,408 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.07.03 22:51:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.05.11 09:29:59 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)

SRV - [2012.05.11 09:29:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.05.11 09:29:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.11 09:18:50 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2011.08.23 00:33:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009.08.26 20:07:22 | 000,690,720 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)

SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)

SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2009.01.16 20:53:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)

SRV - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)

SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2012.05.11 09:29:59 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.05.11 09:29:59 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009.06.24 12:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)

DRV - [2009.01.16 20:53:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)

DRV - [2008.12.04 18:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV - [2008.12.04 18:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV - [2008.12.04 18:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = {C4654FC7-7709-4DF2-A65C-B5B887A4ED99}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{C4654FC7-7709-4DF2-A65C-B5B887A4ED99}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_de

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.23 20:50:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.03 22:43:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.16 15:32:57 | 000,000,000 | ---D | M]

 

[2011.08.22 23:36:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions

[2012.07.03 22:42:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\5pn5sgzq.default\extensions

[2012.07.03 22:43:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\5pn5sgzq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012.07.03 22:43:48 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\5pn5sgzq.default\extensions\toolbar@ask.com

[2012.05.11 16:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.05.11 09:18:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.04.10 19:37:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.06.28 08:38:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.06.28 08:38:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.06.28 08:38:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.28 08:38:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.28 08:38:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.28 08:38:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})

O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)

O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)

O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{124D590A-07D6-4927-9591-6D2570E914EE}: DhcpNameServer = 10.0.0.138

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.04 09:11:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe

[2012.07.03 20:05:12 | 000,000,000 | -H-D | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery

[2012.06.25 22:56:42 | 000,000,000 | -H-D | C] -- C:\Users\Mathias\AppData\Local\PDF24

[2012.06.25 22:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24

[2012.06.25 22:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24

[2012.06.22 09:21:46 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\ElevatedDiagnostics

[2012.06.22 09:14:22 | 000,000,000 | -H-D | C] -- C:\Users\Mathias\Desktop\Study Aid etc

[2012.06.15 08:39:32 | 000,000,000 | -H-D | C] -- C:\Users\Mathias\AppData\Local\Macromedia

[2012.06.11 21:34:35 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\AskToolbar

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.04 09:18:48 | 000,000,000 | ---- | M] () -- C:\Users\Mathias\defogger_reenable

[2012.07.04 09:12:32 | 000,302,592 | ---- | M] () -- C:\Users\Mathias\Desktop\vomherxq.exe

[2012.07.04 09:11:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe

[2012.07.04 09:11:43 | 000,050,477 | ---- | M] () -- C:\Users\Mathias\Desktop\Defogger.exe

[2012.07.04 09:08:43 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.04 09:08:43 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.04 09:01:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.07.04 09:01:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.04 09:00:47 | 2411,855,872 | -HS- | M] () -- C:\hiberfil.sys

[2012.07.03 20:05:20 | 000,000,136 | -H-- | M] () -- C:\ProgramData\-MYC7NlSPONnkXcr

[2012.07.03 20:05:20 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-MYC7NlSPONnkXc

[2012.07.03 20:05:08 | 000,000,256 | -H-- | M] () -- C:\ProgramData\MYC7NlSPONnkXc

[2012.07.01 21:36:22 | 000,039,914 | -H-- | M] () -- C:\Users\Mathias\Desktop\main;jsessionid=23492252422C1E495BE551A2FA2473B3.pdf

[2012.06.14 22:33:58 | 000,361,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.06.14 09:40:44 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.06.14 09:40:44 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.06.14 09:40:44 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.06.14 09:40:44 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.06.05 10:07:19 | 000,001,061 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012.06.05 10:07:09 | 000,001,033 | ---- | M] () -- C:\Users\Mathias\Desktop\Dropbox.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.07.04 09:18:48 | 000,000,000 | ---- | C] () -- C:\Users\Mathias\defogger_reenable

[2012.07.04 09:12:32 | 000,302,592 | ---- | C] () -- C:\Users\Mathias\Desktop\vomherxq.exe

[2012.07.04 09:11:42 | 000,050,477 | ---- | C] () -- C:\Users\Mathias\Desktop\Defogger.exe

[2012.07.03 20:05:20 | 000,000,136 | -H-- | C] () -- C:\ProgramData\-MYC7NlSPONnkXcr

[2012.07.03 20:05:19 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-MYC7NlSPONnkXc

[2012.07.03 20:05:07 | 000,000,256 | -H-- | C] () -- C:\ProgramData\MYC7NlSPONnkXc

[2012.07.01 21:36:22 | 000,039,914 | -H-- | C] () -- C:\Users\Mathias\Desktop\main;jsessionid=23492252422C1E495BE551A2FA2473B3.pdf

[2012.06.25 22:20:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2012.06.25 22:20:02 | 000,389,120 | ---- | C] () -- C:\Windows\System32\actskn43.ocx

[2011.10.07 12:28:40 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2011.10.07 12:28:40 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7030.DAT

[2011.08.22 23:23:25 | 000,001,496 | R--- | C] () -- C:\Windows\System32\drivers\RtkAcerM.dat

[2011.08.22 23:23:24 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat

[2011.08.22 23:23:24 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2011.08.22 23:23:24 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2011.08.22 06:17:52 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

[2011.08.22 00:10:48 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat

[2011.08.21 23:57:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011.08.21 21:47:15 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe

[2011.08.21 21:47:15 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini

[2011.08.21 21:47:13 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe

[2011.08.21 21:45:04 | 000,123,780 | R--- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT

[2011.08.21 21:45:04 | 000,000,728 | R--- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat

[2011.08.21 21:45:04 | 000,000,008 | R--- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2011.06.22 10:43:30 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst2cl3.dll

[2011.04.29 03:48:52 | 000,274,432 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll

[2011.04.29 03:48:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll

[2011.04.29 03:48:52 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll

[2011.04.29 03:48:50 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll

 
 ========== LOP Check ==========

 

[2012.06.28 23:05:14 | 000,000,000 | -H-D | M] -- C:\Users\Mathias\AppData\Roaming\.anki

[2012.06.28 16:23:54 | 000,000,000 | -H-D | M] -- C:\Users\Mathias\AppData\Roaming\.matplotlib

[2011.08.22 00:07:43 | 000,000,000 | -H-D | M] -- C:\Users\Mathias\AppData\Roaming\Acer GameZone Console

[2012.07.04 09:02:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Dropbox

[2012.07.03 22:42:38 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\OpenOffice.org

[2011.08.22 00:07:44 | 000,000,000 | -H-D | M] -- C:\Users\Mathias\AppData\Roaming\PowerCinema

[2009.07.14 06:53:46 | 000,029,170 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

Extras.txt:

Code:

OTL Extras logfile created on: 04.07.2012 09:21:06 - Run 1

OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Mathias\Desktop

 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,37% Memory free

5,99 Gb Paging File | 4,89 Gb Available in Paging File | 81,64% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455,99 Gb Total Space | 94,43 Gb Free Space | 20,71% Space Free | Partition Type: NTFS

 

Computer Name: MATHIAS-LAPTOP | User Name: Mathias | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01F00A9D-185A-4D10-9228-C14B00318A8F}" = lport=139 | protocol=6 | dir=in | app=system | 

"{0780777C-D603-4F23-8858-FB7DB99401F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{153C1696-EA3B-4CF0-BBBB-C0B6B0A43231}" = rport=445 | protocol=6 | dir=out | app=system | 

"{3F435D3E-12B6-48B1-800D-EFA2D2228933}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{48484C6C-A1E6-47A3-83D3-B9410C03AA11}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{520474FF-B823-4E9E-84E8-E33119EF4355}" = lport=137 | protocol=17 | dir=in | app=system | 

"{55F3330D-6319-45D3-832E-6E816E844D1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{56170BA2-551D-435C-BE23-9618798C6CF9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{5B5E672C-5D68-4BE8-9323-4918DA8CC8A2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{6C382540-1D6A-4F8C-97F4-F7523C1BCE57}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{71956D23-D9DF-474F-BB07-08EB1DAF33F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{9253A523-4691-4BE6-8405-F5E5FF113817}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{93AA3420-11D8-40C5-975B-824C5874B4CF}" = lport=138 | protocol=17 | dir=in | app=system | 

"{99C2450F-E428-40FE-9DEC-9DC3729ED491}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{9AEDF331-C7AF-48F4-AF3A-6E234DC95A95}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{AC79484D-3DB0-49D9-B86C-703F68CD1BD4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{B4590DCF-3773-4270-A239-5AC4895B5379}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{BA7724CC-F90E-4D81-B01C-519EDA91AC34}" = rport=137 | protocol=17 | dir=out | app=system | 

"{D4FFF1D1-B312-4F41-9A61-07C532F17A0A}" = rport=139 | protocol=6 | dir=out | app=system | 

"{D61493B3-FEC3-41E8-8624-66E62DCA1A7F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{DF893A1A-2A35-4272-801A-870518F44060}" = rport=138 | protocol=17 | dir=out | app=system | 

"{DF8F0146-6A0D-4018-85A2-42AB22D44048}" = lport=445 | protocol=6 | dir=in | app=system | 

"{EB066731-22CC-4520-803F-A34E50F4130C}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{ECD2B67A-9503-4742-825A-3280DE50B891}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{F723BAE0-271F-4B36-A8C9-A206BC02ED99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01812F4C-05C0-49DE-9EF1-8310566E3AF5}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 

"{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{0DB4F180-E3D0-4029-B3D9-5F5B3AAEAF90}" = protocol=6 | dir=in | app=c:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe | 

"{1313DC88-43E4-43F0-9E0B-E1A24147BF4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{22955B12-C94D-4F55-A605-2D6BFED9EA8E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{2E5F32AD-6497-41BE-A217-CAC31848A3DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{3B75AB01-24D9-4683-B3D1-81A6FC7E9745}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{4402DD63-92A1-4298-B39C-DF3856A5C25E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{49F1200A-67B8-41E0-84B8-76A9C39BB436}" = protocol=6 | dir=out | app=system | 

"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 

"{590C0619-0518-4595-8DDF-19EF077A6A17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 

"{61846197-4A36-4066-BFBE-5C25B4C62B19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{6904E211-8DA3-4955-A21A-C53989AA85D2}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{6BCD1C50-894C-41C5-A467-41DE5BE77B3D}" = protocol=17 | dir=in | app=c:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe | 

"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 

"{763F5E67-36E2-44FA-B037-B18A2F7547F6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 

"{90A932C0-74AD-4B78-A0AE-4542937CF962}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{950EAF1C-9823-49DF-93E1-EB09B259CD74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A2366D76-05E3-49DA-BCA1-F99553DA6F6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{A2F69815-1078-4016-B1D4-89B6312C28FC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 

"{B1AD0714-6EC5-4530-B61B-C22794343030}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{B2E7A0F8-0B5B-4528-8E35-CEF1D8885FD5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{B8EDCBEC-700B-4D19-920E-A674346B4DF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 

"{C5EA0BAE-7DE3-4691-A83B-05A0EEFFDEE9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{C77CDDAE-17C5-4019-9313-145E140472DD}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 

"{D7E60BED-8C9C-4635-A57F-2F8CBD53D905}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{DB2510C8-A74B-4F21-828F-3DAE6BB3B947}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{ED6668AE-187A-4388-8840-D6CF18126208}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{FAB4A4D9-123F-4A2A-AEF6-71813D6CFCB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"TCP Query User{62C17BEA-48BB-4689-9F62-A51FCB70F01F}C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe | 

"UDP Query User{014349F4-2F45-481C-BDA9-BBFF40927DEE}C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033F0CE1-B6FC-EC7A-7914-81F14C8DBA0F}" = Catalyst Control Center Core Implementation

"{05B95480-732A-1081-8A94-D924326AF36F}" = CCC Help English

"{0945589B-6CC4-FA00-3CBE-BD6028B26063}" = CCC Help Turkish

"{0EAE6EF9-010E-0734-D0A0-2BB8040F90EA}" = CCC Help French

"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

"{133C8002-B64F-C9E7-7DAC-21BAE58DC041}" = CCC Help Russian

"{150715F0-2800-A3C5-836E-F4F98AE3A775}" = ccc-core-static

"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{22EFABF6-7373-7755-4EA4-5240E7CCEEF7}" = Catalyst Control Center Graphics Previews Vista

"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{270629EB-D776-04FC-0631-256177B7A021}" = CCC Help Swedish

"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2

"{29D2987A-9FBC-1BD3-E463-12D50D94DBFC}" = Catalyst Control Center Graphics Full New

"{2AB22900-5718-4617-523B-9DFDECB4749D}" = CCC Help Italian

"{3956AEA0-9299-CA45-5BF1-5A721F8E3A21}" = CCC Help Chinese Traditional

"{3C152296-D7E4-59F4-B07E-43587CE985FE}" = CCC Help Norwegian

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update

"{502D4628-92AD-416A-0580-00D64320DBB7}" = ATI Catalyst Install Manager

"{51B83F5C-5660-4B73-AB18-C68993FEDEB3}" = Catalyst Control Center - Branding

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail

"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion

"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works

"{66CB1DC8-FBA1-7436-08F3-061F7CB72C80}" = Skins

"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker

"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie

"{6C497312-7C1E-BB3C-D143-B8FD0C894CF1}" = CCC Help Polish

"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole

"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash

"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call

"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{88FC0C01-E4AA-3C3E-4612-3F11E69EF188}" = CCC Help German

"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{98E3A37D-D424-C725-E06A-71C1151F682A}" = CCC Help Finnish

"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller

"{A141F87A-A73B-368D-AB65-A997B3D1D2C4}" = CCC Help Spanish

"{AAD2CA33-F716-4D1B-31F9-B52A847C4AF1}" = CCC Help Hungarian

"{AB104276-19BC-D12E-90EE-D358003A4EAF}" = CCC Help Greek

"{ABBD20D8-60E7-885B-734A-DE745BFDF43B}" = CCC Help Czech

"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AEE701D3-6AF7-A8D5-145E-D0C01D528FAD}" = ccc-utility

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B5080F69-EE95-49DC-F8A1-B7CBB2B5028D}" = CCC Help Korean

"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent

"{B6CB5308-3B67-9861-97F5-0EB31CE21E63}" = CCC Help Chinese Standard

"{B7020783-0AB1-8D67-E850-673BD0C61E7F}" = CCC Help Thai

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes

"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour

"{D0354121-07AF-DE06-1D0F-7490EFE2F67A}" = Catalyst Control Center Graphics Full Existing

"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216

"{DA163DB8-C795-9EF2-7CF2-8B570BA9E39E}" = CCC Help Portuguese

"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials

"{E36BE564-B727-A80D-E9F0-7FFEB69120E5}" = CCC Help Dutch

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E5A56A6C-7656-969C-457A-E7600A6F169B}" = Catalyst Control Center Graphics Light

"{E5D9A29A-8903-968F-6394-CB8CC151084C}" = Catalyst Control Center Localization All

"{EE03DA2C-2154-7298-4461-F76C615932A9}" = CCC Help Japanese

"{EE9DEA81-3B77-7135-0E5B-B8C3092FE88A}" = CCC Help Danish

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"7-Zip" = 7-Zip 9.20

"Acer Screensaver" = Acer ScreenSaver

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Anki" = Anki

"Avira AntiVir Desktop" = Avira Free Antivirus

"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"DivX Setup" = DivX-Setup

"DVD Decrypter" = DVD Decrypter (Remove Only)

"GridVista" = Acer GridVista

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager

"LManager" = Launch Manager

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"VLC media player" = VLC media player 1.1.11

"WinLiveSuite_Wave3" = Windows Live Essentials

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 03.07.2012 16:52:12 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 488

Description = wlmail (5924) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live

 Mail\Calendars\***@hotmail.com\: Versuch, Datei "C:\Users\Mathias\AppData\Local\Microsoft\Windows

 Live Mail\Calendars\***@hotmail.com\DBStore\WLCalendarStore.pat" zu

 erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen.

 Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.

 

Error - 03.07.2012 16:52:12 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 217

Description = wlmail (5924) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live

 Mail\Calendars\***@hotmail.com\: Fehler (-1032) während der Sicherung

 einer Datenbank (Datei C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Mail\Calendars\***@hotmail.com\DBStore\WLCalendarStore.edb).

 Die Datenbank kann nicht wiederhergestellt werden.

 

Error - 03.07.2012 16:52:12 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 215

Description = wlmail (5924) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live

 Mail\Calendars\***@hotmail.com\: Die Sicherung wurde abgebrochen, weil

 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen

 wurde.

 

Error - 03.07.2012 16:52:19 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 488

Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live

 Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\: Versuch, Datei "C:\Users\Mathias\AppData\Local\Microsoft\Windows

 Live Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\DBStore\contacts.pat" zu erstellen,

 ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler

 -1032 (0xfffffbf8) beim Erstellen von Dateien.

 

Error - 03.07.2012 16:52:19 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 217

Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live

 Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\: Fehler (-1032) während der Sicherung

 einer Datenbank (Datei C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\DBStore\contacts.edb).

 Die Datenbank kann nicht wiederhergestellt werden.

 

Error - 03.07.2012 16:52:19 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 215

Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live

 Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\: Die Sicherung wurde abgebrochen,

 weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen

 wurde.

 

Error - 03.07.2012 16:52:38 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 488

Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live

 Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\: Versuch, Datei "C:\Users\Mathias\AppData\Local\Microsoft\Windows

 Live Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\DBStore\contacts.pat" zu erstellen,

 ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler

 -1032 (0xfffffbf8) beim Erstellen von Dateien.

 

Error - 03.07.2012 16:52:38 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 217

Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live

 Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\: Fehler (-1032) während der Sicherung

 einer Datenbank (Datei C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\DBStore\contacts.edb).

 Die Datenbank kann nicht wiederhergestellt werden.

 

Error - 03.07.2012 16:52:38 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 215

Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live

 Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\: Die Sicherung wurde abgebrochen,

 weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen

 wurde.

 

Error - 04.07.2012 03:02:34 | Computer Name = Mathias-Laptop | Source = WinMgmt | ID = 10

Description = 

 

[ System Events ]

Error - 26.03.2012 14:11:10 | Computer Name = Mathias-Laptop | Source = Tcpip | ID = 4199

Description = Das System hat einen Adressenkonflikt der IP-Adresse 10.0.0.2 mit 

dem Computer mit der  Netzwerkhardwareadresse 00-03-91-B6-E1-E3 ermittelt. Netzwerkvorgänge

 könnten daher auf diesem  System unterbrochen werden.

 

Error - 26.03.2012 18:01:04 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 27.03.2012 02:49:49 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 27.03.2012 02:49:49 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 27.03.2012 12:59:38 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 27.03.2012 13:42:35 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 27.03.2012 13:51:37 | Computer Name = Mathias-Laptop | Source = Tcpip | ID = 4199

Description = Das System hat einen Adressenkonflikt der IP-Adresse 0.0.0.0 mit dem

 Computer mit der  Netzwerkhardwareadresse 70-1A-04-45-CB-37 ermittelt. Netzwerkvorgänge

 könnten daher auf diesem  System unterbrochen werden.

 

Error - 27.03.2012 15:36:12 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 27.03.2012 17:12:43 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 27.03.2012 18:07:10 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029

Description = Display is not active

 

 

< End of report >

gmer.txt:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-07-04 11:28:43

Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0

Running: vomherxq.exe; Driver: C:\Users\Mathias\AppData\Local\Temp\kwriqkog.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            900C8A2E                                   ZwCreateSection

SSDT            900C8A38                                   ZwRequestWaitReplyPort

SSDT            900C8A33                                   ZwSetContextThread

SSDT            900C8A3D                                   ZwSetSecurityObject

SSDT            900C8A42                                   ZwSystemDebugControl

SSDT            900C89CF                                   ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwRollbackTransaction + 13E9  83290599 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2     832B5092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           ntkrnlpa.exe!RtlSidHashLookup + 340        832BC990 4 Bytes  [2E, 8A, 0C, 90] {MOV CL, CS:[EAX+EDX*4]}

.text           ntkrnlpa.exe!RtlSidHashLookup + 69C        832BCCEC 4 Bytes  [38, 8A, 0C, 90]

.text           ntkrnlpa.exe!RtlSidHashLookup + 6E0        832BCD30 4 Bytes  [33, 8A, 0C, 90]

.text           ntkrnlpa.exe!RtlSidHashLookup + 75C        832BCDAC 4 Bytes  [3D, 8A, 0C, 90]

.text           ntkrnlpa.exe!RtlSidHashLookup + 7B0        832BCE00 4 Bytes  [42, 8A, 0C, 90] {INC EDX; MOV CL, [EAX+EDX*4]}

.text           ...                                        

.text           C:\Windows\system32\DRIVERS\atikmdag.sys   section is writeable [0x91431000, 0x2D5378, 0xE8000020]

PAGE            peauth.sys                                 A1047B9B 72 Bytes  [20, 55, 58, EA, 21, 76, B4, ...]

PAGE            peauth.sys                                 A104802C 102 Bytes  CALL BE117902 
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0    Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1    Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1     fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1     rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2     fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2     rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 

Device          \Driver\ACPI_HAL \Device\0000004a          halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 

AttachedDevice  \FileSystem\fastfat \Fat                   fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Danke für deine Hilfe!

Malwarebytes:

Code:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.07.05.06
 

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

Mathias :: MATHIAS-LAPTOP [Administrator]
 

05.07.2012 20:06:09

mbam-log-2012-07-05 (20-06-09).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 406532

Laufzeit: 2 Stunde(n), 5 Minute(n), 28 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

ESET-Log:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=045dd1791f317243a25b1086620cfcb6

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-07 10:56:32

# local_time=2012-07-07 12:56:32 (+0100, Mitteleuropäische Sommerzeit)

# country="Austria"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode=1792 16777215 100 0 22002185 22002185 0 0

# compatibility_mode=5893 16776574 100 85 94091432 94091432 0 0

# compatibility_mode=8192 67108863 100 0 190 190 0 0

# scanned=217188

# found=1

# cleaned=0

# scan_time=5903

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\34725bc2-71d673b1        Java/Exploit.CVE-2012-0507.CN trojan (unable to clean)        00000000000000000000000000000000        I

In der Zwischenzeit hat auch Avira noch eine Meldung abgegeben:

Code:



Avira Free Antivirus

Erstellungsdatum der Reportdatei: Donnerstag, 05. Juli 2012  20:35
 

Es wird nach 3831448 Virenstämmen gesucht.
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows 7 Home Premium

Windowsversion : (plain)  [6.1.7600]

Boot Modus     : Normal gebootet

Benutzername   : SYSTEM

Computername   : MATHIAS-LAPTOP
 

Versionsinformationen:

BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00

AVSCAN.EXE     : 12.3.0.15     466896 Bytes  11.05.2012 07:29:59

AVSCAN.DLL     : 12.3.0.15      66256 Bytes  11.05.2012 07:29:59

LUKE.DLL       : 12.3.0.15      68304 Bytes  11.05.2012 07:29:59

AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  11.05.2012 07:29:59

AVREG.DLL      : 12.3.0.17     232200 Bytes  11.05.2012 07:29:59

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39

VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 18:17:51

VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 14:59:31

VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 19:57:29

VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 15:37:48

VBASE006.VDF   : 7.11.34.117     2048 Bytes  29.06.2012 15:37:48

VBASE007.VDF   : 7.11.34.118     2048 Bytes  29.06.2012 15:37:48

VBASE008.VDF   : 7.11.34.119     2048 Bytes  29.06.2012 15:37:48

VBASE009.VDF   : 7.11.34.120     2048 Bytes  29.06.2012 15:37:48

VBASE010.VDF   : 7.11.34.121     2048 Bytes  29.06.2012 15:37:48

VBASE011.VDF   : 7.11.34.122     2048 Bytes  29.06.2012 15:37:48

VBASE012.VDF   : 7.11.34.123     2048 Bytes  29.06.2012 15:37:48

VBASE013.VDF   : 7.11.34.124     2048 Bytes  29.06.2012 15:37:48

VBASE014.VDF   : 7.11.34.201   169472 Bytes  02.07.2012 19:27:08

VBASE015.VDF   : 7.11.34.202     2048 Bytes  02.07.2012 19:27:08

VBASE016.VDF   : 7.11.34.203     2048 Bytes  02.07.2012 19:27:08

VBASE017.VDF   : 7.11.34.204     2048 Bytes  02.07.2012 19:27:08

VBASE018.VDF   : 7.11.34.205     2048 Bytes  02.07.2012 19:27:08

VBASE019.VDF   : 7.11.34.206     2048 Bytes  02.07.2012 19:27:08

VBASE020.VDF   : 7.11.34.207     2048 Bytes  02.07.2012 19:27:08

VBASE021.VDF   : 7.11.34.208     2048 Bytes  02.07.2012 19:27:08

VBASE022.VDF   : 7.11.34.209     2048 Bytes  02.07.2012 19:27:08

VBASE023.VDF   : 7.11.34.210     2048 Bytes  02.07.2012 19:27:08

VBASE024.VDF   : 7.11.34.211     2048 Bytes  02.07.2012 19:27:08

VBASE025.VDF   : 7.11.34.212     2048 Bytes  02.07.2012 19:27:08

VBASE026.VDF   : 7.11.34.213     2048 Bytes  02.07.2012 19:27:08

VBASE027.VDF   : 7.11.34.214     2048 Bytes  02.07.2012 19:27:09

VBASE028.VDF   : 7.11.34.215     2048 Bytes  02.07.2012 19:27:09

VBASE029.VDF   : 7.11.34.216     2048 Bytes  02.07.2012 19:27:09

VBASE030.VDF   : 7.11.34.217     2048 Bytes  02.07.2012 19:27:09

VBASE031.VDF   : 7.11.35.2      70144 Bytes  03.07.2012 21:23:50

Engineversion  : 8.2.10.102

AEVDF.DLL      : 8.1.2.8       106867 Bytes  02.06.2012 07:34:55

AESCRIPT.DLL   : 8.1.4.28      455035 Bytes  03.07.2012 21:23:54

AESCN.DLL      : 8.1.8.2       131444 Bytes  28.01.2012 12:21:33

AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 19:56:00

AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06

AEPACK.DLL     : 8.2.16.22     807288 Bytes  03.07.2012 21:23:54

AEOFFICE.DLL   : 8.1.2.40      201082 Bytes  03.07.2012 21:23:53

AEHEUR.DLL     : 8.1.4.58     4993399 Bytes  03.07.2012 21:23:53

AEHELP.DLL     : 8.1.23.2      258422 Bytes  03.07.2012 21:23:50

AEGEN.DLL      : 8.1.5.30      422261 Bytes  14.06.2012 19:53:54

AEEXP.DLL      : 8.1.0.58       82292 Bytes  03.07.2012 21:23:55

AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 21:46:01

AECORE.DLL     : 8.1.25.10     201080 Bytes  01.06.2012 07:35:51

AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01

AVWINLL.DLL    : 12.3.0.15      27344 Bytes  11.05.2012 07:29:58

AVPREF.DLL     : 12.3.0.15      51920 Bytes  11.05.2012 07:29:59

AVREP.DLL      : 12.3.0.15     179208 Bytes  11.05.2012 07:29:59

AVARKT.DLL     : 12.3.0.15     211408 Bytes  11.05.2012 07:29:59

AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  11.05.2012 07:29:59

SQLITE3.DLL    : 3.7.0.1       398288 Bytes  11.05.2012 07:29:59

AVSMTP.DLL     : 12.3.0.15      63440 Bytes  11.05.2012 07:29:59

NETNT.DLL      : 12.3.0.15      17104 Bytes  11.05.2012 07:29:59

RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  11.05.2012 07:29:58

RCTEXT.DLL     : 12.3.0.15      98512 Bytes  11.05.2012 07:29:58
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: AVGuardAsyncScan

Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4ff41162\guard_slideup.avp

Protokollierung.......................: standard

Primäre Aktion........................: reparieren

Sekundäre Aktion......................: quarantäne

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: aus

Durchsuche aktive Programme...........: ein

Durchsuche Registrierung..............: aus

Suche nach Rootkits...................: aus

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: vollständig
 

Beginn des Suchlaufs: Donnerstag, 05. Juli 2012  20:35
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'ePowerEvent.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'unsecapp.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'ePowerTray.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'ISUSPM.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'Updater.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SynTPHelper.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'LManager.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'PLFSetI.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'PMVService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'mwlDaemon.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'EgisUpdate.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'BackupManagerTray.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'ArcadeDeluxeAgent.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SchedulerSvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'IScheduleSvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'MWLService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'ePowerSvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'CLHNService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'atieclxx.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'atiesrxx.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\Users\Mathias\AppData\Local\Temp\584ioR0RkNv5fs.exe.tmp'

C:\Users\Mathias\AppData\Local\Temp\584ioR0RkNv5fs.exe.tmp

  [FUND]      Ist das Trojanische Pferd TR/FakeSysdef.A.6

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '550870c1.qua' verschoben!
 
 

Ende des Suchlaufs: Donnerstag, 05. Juli 2012  20:36

Benötigte Zeit: 00:21 Minute(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

      0 Verzeichnisse wurden überprüft

     70 Dateien wurden geprüft

      1 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      1 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

     69 Dateien ohne Befall

      0 Archive wurden durchsucht

      0 Warnungen

      1 Hinweise

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Das war der erste Scan mit Malwarebytes, im entsprechenden Reiter scheint auch nur jenes auf, das ich oben gepostet habe.
Avira hat die Meldung übrigens vor (oder während, weiß ich leider nicht mehr) dem Malwarebytes-Scan abgegeben und die Datei in Quarantäne verschoben.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Hier ist die Log-Datei:

Code:

# AdwCleaner v1.701 - Logfile created 07/10/2012 at 17:45:15

# Updated 02/07/2012 by Xplode

# Operating system : Windows 7 Home Premium  (32 bits)

# User : Mathias - MATHIAS-LAPTOP

# Running from : C:\Users\Mathias\Desktop\adwcleaner.exe

# Option [Search]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 

Folder Found : C:\Users\Mathias\AppData\Local\AskToolbar

Folder Found : C:\Users\Mathias\AppData\Local\Temp\AskSearch

Folder Found : C:\Users\Mathias\AppData\LocalLow\AskToolbar

Folder Found : C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\5pn5sgzq.default\extensions\toolbar@ask.com

Folder Found : C:\Program Files\Ask.com

Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 

***** [Registry] *****
 

Key Found : HKCU\Software\APN

Key Found : HKCU\Software\AppDataLow\Software\AskToolbar

Key Found : HKCU\Software\Ask.com

Key Found : HKCU\Software\AskToolbar

Key Found : HKLM\SOFTWARE\APN

Key Found : HKLM\SOFTWARE\AskToolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
 

***** [Registre - GUID] *****
 

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v12.0 (de)
 

Profile name : default 

File : C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\5pn5sgzq.default\prefs.js
 

Found : user_pref("extensions.asktb.AviraIDW-TS", "1319701434568");

Found : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xm[...]

Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");

Found : user_pref("extensions.asktb.cbid", "JM");

Found : user_pref("extensions.asktb.config-updated", true);

Found : user_pref("extensions.asktb.crumb", "2011.08.21+14.44.42-toolbar001iad-AT-Vmllbm5hLEF1c3RyaWE%3D");

Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]

Found : user_pref("extensions.asktb.dtid", "YYYYYYYYAT");

Found : user_pref("extensions.asktb.fresh-install", false);

Found : user_pref("extensions.asktb.guid", "be26886d-d368-4784-ab17-684f2c44a485");

Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]

Found : user_pref("extensions.asktb.if", "first");

Found : user_pref("extensions.asktb.l", "dis");

Found : user_pref("extensions.asktb.last-config-req", "1338370809198");

Found : user_pref("extensions.asktb.last-search-timestamp", "1314051615670");

Found : user_pref("extensions.asktb.last-v", "3.13.1.100008");

Found : user_pref("extensions.asktb.locale", "de_US");

Found : user_pref("extensions.asktb.location", "Vienna,Austria");

Found : user_pref("extensions.asktb.notification-shown", true);

Found : user_pref("extensions.asktb.o", "100000080");

Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Found : user_pref("extensions.asktb.qsrc", "2871");

Found : user_pref("extensions.asktb.r", "3");

Found : user_pref("extensions.asktb.sa", "NO");

Found : user_pref("extensions.asktb.search-history-queries", "test");

Found : user_pref("extensions.asktb.search-suggestions-enabled", true);

Found : user_pref("extensions.asktb.silent-upgrade", true);

Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);

Found : user_pref("extensions.asktb.themeid", "");

Found : user_pref("extensions.asktb.to", "");

Found : user_pref("extensions.asktb.v", "3.13.1.100012");
 

*************************
 

AdwCleaner[R1].txt - [5679 octets] - [10/07/2012 17:45:15]
 

########## EOF - C:\AdwCleaner[R1].txt - [5807 octets] ##########

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Bei der nun deinstallierten Avira-Toolbar war ja auch der Browserschutz integriert. Brauche ich den nicht?

Code:

# AdwCleaner v1.701 - Logfile created 07/11/2012 at 17:47:04

# Updated 02/07/2012 by Xplode

# Operating system : Windows 7 Home Premium  (32 bits)

# User : Mathias - MATHIAS-LAPTOP

# Running from : C:\Users\Mathias\Desktop\adwcleaner.exe

# Option [Delete]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 

Folder Deleted : C:\Users\Mathias\AppData\Local\AskToolbar

Folder Deleted : C:\Users\Mathias\AppData\Local\Temp\AskSearch

Folder Deleted : C:\Users\Mathias\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\5pn5sgzq.default\extensions\toolbar@ask.com

Folder Deleted : C:\Program Files\Ask.com

Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 

***** [Registry] *****
 

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\AskToolbar

Key Deleted : HKLM\SOFTWARE\APN

Key Deleted : HKLM\SOFTWARE\AskToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
 

***** [Registre - GUID] *****
 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v12.0 (de)
 

Profile name : default 

File : C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\5pn5sgzq.default\prefs.js
 

Deleted : user_pref("extensions.asktb.AviraIDW-TS", "1319701434568");

Deleted : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xm[...]

Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");

Deleted : user_pref("extensions.asktb.cbid", "JM");

Deleted : user_pref("extensions.asktb.config-updated", true);

Deleted : user_pref("extensions.asktb.crumb", "2011.08.21+14.44.42-toolbar001iad-AT-Vmllbm5hLEF1c3RyaWE%3D");

Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]

Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYAT");

Deleted : user_pref("extensions.asktb.fresh-install", false);

Deleted : user_pref("extensions.asktb.guid", "be26886d-d368-4784-ab17-684f2c44a485");

Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]

Deleted : user_pref("extensions.asktb.if", "first");

Deleted : user_pref("extensions.asktb.l", "dis");

Deleted : user_pref("extensions.asktb.last-config-req", "1338370809198");

Deleted : user_pref("extensions.asktb.last-search-timestamp", "1314051615670");

Deleted : user_pref("extensions.asktb.last-v", "3.13.1.100008");

Deleted : user_pref("extensions.asktb.locale", "de_US");

Deleted : user_pref("extensions.asktb.location", "Vienna,Austria");

Deleted : user_pref("extensions.asktb.notification-shown", true);

Deleted : user_pref("extensions.asktb.o", "100000080");

Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Deleted : user_pref("extensions.asktb.qsrc", "2871");

Deleted : user_pref("extensions.asktb.r", "3");

Deleted : user_pref("extensions.asktb.sa", "NO");

Deleted : user_pref("extensions.asktb.search-history-queries", "test");

Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);

Deleted : user_pref("extensions.asktb.silent-upgrade", true);

Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);

Deleted : user_pref("extensions.asktb.themeid", "");

Deleted : user_pref("extensions.asktb.to", "");

Deleted : user_pref("extensions.asktb.v", "3.13.1.100012");
 

*************************
 

AdwCleaner[R1].txt - [5808 octets] - [10/07/2012 17:45:15]

AdwCleaner[S1].txt - [5749 octets] - [11/07/2012 17:47:04]
 

########## EOF - C:\AdwCleaner[S1].txt - [5877 octets] ##########

Ich finde den Browserschutz ziemlich unnötig, v.a. weil der an so einer dämlichen Toolbar gekoppelt ist :balla:

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Ok, dann habe ich keine Bedenken.

1.) Bin seit der Systemwiederherstellung uneingeschränkt im normalen Modus unterwegs.
2.) Im Startmenü scheint nichts zu fehlen, habe keine leeren Ordner entdeckt. Nur die ganzen anderen Daten sind eben versteckt (habe den Fix, den ich hier dazu gefunden habe, noch nicht durchgeführt).

Das Dateien wurde von der Ransomware versteckt, wenn überhaupt kannst du mit unhide noch was wiederherstellen. Wenn nicht bist du ohne Backup angeschmiert

Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hab ich gemacht, hat auch geklappt, danke. Muss ich wegen den Funden von ESET und Avira noch was machen? Ich mache an diesem Computer auch alle sensiblen Dinge wie Onlinebanking, Einkauf, Amtswege, darum möchte ich sichergehen, dass er wirklich sauber ist.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Code:

OTL logfile created on: 13.07.2012 23:17:46 - Run 2

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Mathias\Desktop

 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,44% Memory free

5,99 Gb Paging File | 4,77 Gb Available in Paging File | 79,62% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455,99 Gb Total Space | 93,91 Gb Free Space | 20,59% Space Free | Partition Type: NTFS

 

Computer Name: MATHIAS-LAPTOP | User Name: Mathias | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.07.13 23:15:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe

PRC - [2012.05.11 09:29:59 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2012.05.11 09:29:59 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.11 09:29:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.05.11 09:29:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.11 09:29:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.08.21 21:46:57 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe

PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe

PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin

PRC - [2009.08.27 06:48:32 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe

PRC - [2009.08.26 20:07:24 | 000,698,912 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe

PRC - [2009.08.26 20:07:22 | 000,690,720 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe

PRC - [2009.08.26 20:07:20 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe

PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe

PRC - [2009.05.14 23:03:18 | 000,345,384 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

PRC - [2009.05.13 19:39:42 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe

PRC - [2009.04.11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

PRC - [2009.01.21 01:41:24 | 000,202,024 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

PRC - [2009.01.21 01:41:18 | 000,333,096 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe

PRC - [2009.01.21 01:41:18 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

PRC - [2008.12.26 17:30:58 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe

PRC - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.08.23 14:38:42 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll

MOD - [2011.08.21 21:46:57 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe

MOD - [2011.05.26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2009.02.02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

MOD - [2009.01.21 01:41:36 | 000,167,936 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\System\_PyMediaLib.dll

MOD - [2009.01.21 01:41:32 | 000,012,288 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\System\_PyPCMSvrInfo.dll

MOD - [2009.01.21 01:41:30 | 000,036,864 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\System\_PyPCMAgentInfo.dll

MOD - [2009.01.21 01:41:26 | 000,872,448 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll

MOD - [2009.01.21 01:41:22 | 000,007,680 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll

MOD - [2009.01.21 01:41:18 | 000,065,536 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\zlib.pyd

MOD - [2009.01.21 01:41:14 | 000,692,224 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Koan\_bsddb.pyd

MOD - [2009.01.21 01:41:14 | 000,479,232 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Koan\_ssl.pyd

MOD - [2009.01.21 01:41:14 | 000,135,168 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Koan\pyexpat.pyd

MOD - [2009.01.21 01:41:14 | 000,049,152 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Koan\_socket.pyd

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.07.12 18:15:45 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.05.11 09:29:59 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)

SRV - [2012.05.11 09:29:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.05.11 09:29:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.11 09:18:50 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2011.08.23 00:33:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009.08.26 20:07:22 | 000,690,720 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)

SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)

SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2009.01.16 20:53:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)

SRV - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)

SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2012.05.11 09:29:59 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.05.11 09:29:59 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009.06.24 12:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)

DRV - [2009.01.16 20:53:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)

DRV - [2008.12.04 18:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV - [2008.12.04 18:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV - [2008.12.04 18:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738

IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]

IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738

IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\..\SearchScopes,DefaultScope = {C4654FC7-7709-4DF2-A65C-B5B887A4ED99}

IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\..\SearchScopes\{C4654FC7-7709-4DF2-A65C-B5B887A4ED99}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_de

IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.23 20:50:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.03 22:43:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.16 15:32:57 | 000,000,000 | ---D | M]

 

[2011.08.22 23:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions

[2012.07.11 17:47:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\5pn5sgzq.default\extensions

[2012.07.03 22:43:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\5pn5sgzq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012.05.11 16:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.05.11 09:18:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.04.10 19:37:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.06.28 08:38:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.06.28 08:38:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.06.28 08:38:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.28 08:38:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.28 08:38:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.28 08:38:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)

O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)

O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKU\S-1-5-21-870723337-732186457-395206212-1000..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{124D590A-07D6-4927-9591-6D2570E914EE}: DhcpNameServer = 10.0.0.138

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.13 20:51:50 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Mathias\Desktop\unhide.exe

[2012.07.07 11:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.07.07 11:14:37 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Mathias\Desktop\esetsmartinstaller_enu.exe

[2012.07.05 20:00:35 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Malwarebytes

[2012.07.05 20:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.07.05 20:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.07.05 20:00:31 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.07.05 20:00:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.07.05 19:57:53 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Mathias\Desktop\mbam-setup-1.61.0.1400.exe

[2012.07.04 09:11:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe

[2012.07.03 20:05:12 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery

[2012.06.25 22:56:42 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\PDF24

[2012.06.25 22:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24

[2012.06.25 22:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24

[2012.06.22 09:21:46 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\ElevatedDiagnostics

[2012.06.22 09:14:22 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Desktop\Study Aid etc

[2012.06.15 08:39:32 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\Macromedia

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.13 23:15:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe

[2012.07.13 22:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.07.13 20:52:19 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Mathias\Desktop\unhide.exe

[2012.07.13 20:51:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.11 17:55:55 | 000,011,104 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.11 17:55:55 | 000,011,104 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.11 17:48:19 | 2411,855,872 | -HS- | M] () -- C:\hiberfil.sys

[2012.07.10 17:43:56 | 000,618,655 | ---- | M] () -- C:\Users\Mathias\Desktop\adwcleaner.exe

[2012.07.07 11:14:38 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Mathias\Desktop\esetsmartinstaller_enu.exe

[2012.07.05 20:00:32 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.05 19:58:12 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Mathias\Desktop\mbam-setup-1.61.0.1400.exe

[2012.07.04 09:18:48 | 000,000,000 | ---- | M] () -- C:\Users\Mathias\defogger_reenable

[2012.07.04 09:12:32 | 000,302,592 | ---- | M] () -- C:\Users\Mathias\Desktop\vomherxq.exe

[2012.07.04 09:11:43 | 000,050,477 | ---- | M] () -- C:\Users\Mathias\Desktop\Defogger.exe

[2012.07.03 20:05:20 | 000,000,136 | ---- | M] () -- C:\ProgramData\-MYC7NlSPONnkXcr

[2012.07.03 20:05:20 | 000,000,000 | ---- | M] () -- C:\ProgramData\-MYC7NlSPONnkXc

[2012.07.03 20:05:08 | 000,000,256 | ---- | M] () -- C:\ProgramData\MYC7NlSPONnkXc

[2012.07.01 21:36:22 | 000,039,914 | ---- | M] () -- C:\Users\Mathias\Desktop\main;jsessionid=23492252422C1E495BE551A2FA2473B3.pdf

[2012.06.14 22:33:58 | 000,361,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.06.14 09:40:44 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.06.14 09:40:44 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.06.14 09:40:44 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.06.14 09:40:44 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

 
 ========== Files Created - No Company Name ==========

 

[2012.07.10 17:43:55 | 000,618,655 | ---- | C] () -- C:\Users\Mathias\Desktop\adwcleaner.exe

[2012.07.05 20:00:32 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.04 09:18:48 | 000,000,000 | ---- | C] () -- C:\Users\Mathias\defogger_reenable

[2012.07.04 09:12:32 | 000,302,592 | ---- | C] () -- C:\Users\Mathias\Desktop\vomherxq.exe

[2012.07.04 09:11:42 | 000,050,477 | ---- | C] () -- C:\Users\Mathias\Desktop\Defogger.exe

[2012.07.03 20:05:20 | 000,000,136 | ---- | C] () -- C:\ProgramData\-MYC7NlSPONnkXcr

[2012.07.03 20:05:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\-MYC7NlSPONnkXc

[2012.07.03 20:05:07 | 000,000,256 | ---- | C] () -- C:\ProgramData\MYC7NlSPONnkXc

[2012.07.01 21:36:22 | 000,039,914 | ---- | C] () -- C:\Users\Mathias\Desktop\main;jsessionid=23492252422C1E495BE551A2FA2473B3.pdf

[2012.06.25 22:20:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2012.06.25 22:20:02 | 000,389,120 | ---- | C] () -- C:\Windows\System32\actskn43.ocx

[2011.10.07 12:28:40 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2011.10.07 12:28:40 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7030.DAT

[2011.08.22 23:23:25 | 000,001,496 | R--- | C] () -- C:\Windows\System32\drivers\RtkAcerM.dat

[2011.08.22 23:23:24 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat

[2011.08.22 23:23:24 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2011.08.22 23:23:24 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2011.08.22 06:17:52 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

[2011.08.22 00:10:48 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat

[2011.08.21 23:57:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011.08.21 21:47:15 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe

[2011.08.21 21:47:15 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini

[2011.08.21 21:47:13 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe

[2011.08.21 21:45:04 | 000,123,780 | R--- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT

[2011.08.21 21:45:04 | 000,000,728 | R--- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat

[2011.08.21 21:45:04 | 000,000,008 | R--- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2011.06.22 10:43:30 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst2cl3.dll

[2011.04.29 03:48:52 | 000,274,432 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll

[2011.04.29 03:48:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll

[2011.04.29 03:48:52 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll

[2011.04.29 03:48:50 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll

 
 ========== LOP Check ==========

 

[2011.08.22 00:08:07 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console

[2011.08.22 00:08:07 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console

[2012.06.28 23:05:14 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\.anki

[2012.06.28 16:23:54 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\.matplotlib

[2011.08.22 00:07:43 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Acer GameZone Console

[2012.07.11 17:49:18 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Dropbox

[2012.07.03 22:42:38 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\OpenOffice.org

[2012.07.12 18:19:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\PowerCinema

[2009.07.14 06:53:46 | 000,029,674 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.06.28 23:05:14 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\.anki

[2012.06.28 16:23:54 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\.matplotlib

[2011.08.22 00:07:43 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Acer GameZone Console

[2012.07.03 22:42:23 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Adobe

[2011.11.04 12:34:18 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Apple Computer

[2011.08.22 00:07:43 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\ATI

[2011.10.26 19:35:57 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Avira

[2011.11.07 16:48:31 | 000,000,000 | R--D | M] -- C:\Users\Mathias\AppData\Roaming\Brother

[2012.07.11 17:49:18 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Dropbox

[2011.08.21 21:44:10 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Google

[2011.08.22 23:53:29 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Identities

[2012.07.03 22:43:47 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\InstallShield

[2011.08.22 00:07:43 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Macromedia

[2012.07.05 20:00:35 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Malwarebytes

[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Media Center Programs

[2012.07.03 23:23:14 | 000,000,000 | --SD | M] -- C:\Users\Mathias\AppData\Roaming\Microsoft

[2012.07.03 22:42:33 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Mozilla

[2012.07.03 22:42:38 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\OpenOffice.org

[2012.07.12 18:19:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\PowerCinema

[2012.07.03 22:43:48 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\vlc

 
 < %APPDATA%\*.exe /s >

[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe

[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Uninstall.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.02.12 18:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\X64\IaStor.sys

[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\X86\IaStor.sys

[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e0c941a8b0e04b56\iaStor.sys

[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_7009a7672ee571e2\iaStor.sys

[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys

[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys

[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys

[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys

[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys

[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys

[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

FF - user.js - File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

[2012.07.03 20:05:20 | 000,000,136 | ---- | M] () -- C:\ProgramData\-MYC7NlSPONnkXcr

[2012.07.03 20:05:20 | 000,000,000 | ---- | M] () -- C:\ProgramData\-MYC7NlSPONnkXc

[2012.07.03 20:05:08 | 000,000,256 | ---- | M] () -- C:\ProgramData\MYC7NlSPONnkXc

:Files

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

C:\ProgramData\-MYC7NlSPONnkXcr moved successfully.

C:\ProgramData\-MYC7NlSPONnkXc moved successfully.

C:\ProgramData\MYC7NlSPONnkXc moved successfully.

========== FILES ==========

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.

C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 75 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Mathias

->Temp folder emptied: 248193753 bytes

->Temporary Internet Files folder emptied: 374308796 bytes

->FireFox cache emptied: 347752645 bytes

->Flash cache emptied: 2980 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 119939370 bytes

RecycleBin emptied: 233239941 bytes

 

Total Files Cleaned = 1.262,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Mathias

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.54.0 log created on 07142012_161932
 

Files\Folders moved on Reboot...
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Code:

13:18:37.0598 4060        TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35

13:18:37.0770 4060        ============================================================

13:18:37.0770 4060        Current date / time: 2012/07/15 13:18:37.0770

13:18:37.0770 4060        SystemInfo:

13:18:37.0770 4060        

13:18:37.0770 4060        OS Version: 6.1.7600 ServicePack: 0.0

13:18:37.0770 4060        Product type: Workstation

13:18:37.0770 4060        ComputerName: MATHIAS-LAPTOP

13:18:37.0770 4060        UserName: Mathias

13:18:37.0770 4060        Windows directory: C:\Windows

13:18:37.0770 4060        System windows directory: C:\Windows

13:18:37.0770 4060        Processor architecture: Intel x86

13:18:37.0770 4060        Number of processors: 2

13:18:37.0770 4060        Page size: 0x1000

13:18:37.0770 4060        Boot type: Normal boot

13:18:37.0770 4060        ============================================================

13:18:38.0332 4060        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:18:38.0332 4060        ============================================================

13:18:38.0332 4060        \Device\Harddisk0\DR0:

13:18:38.0332 4060        MBR partitions:

13:18:38.0332 4060        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x38FFD000

13:18:38.0332 4060        ============================================================

13:18:38.0347 4060        C: <-> \Device\Harddisk0\DR0\Partition0

13:18:38.0347 4060        ============================================================

13:18:38.0347 4060        Initialize success

13:18:38.0347 4060        ============================================================

13:18:53.0854 3656        ============================================================

13:18:53.0854 3656        Scan started

13:18:53.0854 3656        Mode: Manual; SigCheck; TDLFS; 

13:18:53.0854 3656        ============================================================

13:18:54.0353 3656        1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

13:18:54.0493 3656        1394ohci - ok

13:18:54.0556 3656        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

13:18:54.0587 3656        ACPI - ok

13:18:54.0665 3656        AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

13:18:54.0712 3656        AcpiPmi - ok

13:18:54.0852 3656        AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

13:18:54.0868 3656        AdobeFlashPlayerUpdateSvc - ok

13:18:54.0961 3656        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

13:18:55.0008 3656        adp94xx - ok

13:18:55.0071 3656        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

13:18:55.0102 3656        adpahci - ok

13:18:55.0117 3656        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

13:18:55.0133 3656        adpu320 - ok

13:18:55.0180 3656        AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

13:18:55.0242 3656        AeLookupSvc - ok

13:18:55.0336 3656        AFD             (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

13:18:55.0414 3656        AFD - ok

13:18:55.0445 3656        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

13:18:55.0476 3656        agp440 - ok

13:18:55.0554 3656        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

13:18:55.0585 3656        aic78xx - ok

13:18:55.0663 3656        ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

13:18:55.0741 3656        ALG - ok

13:18:55.0773 3656        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

13:18:55.0804 3656        aliide - ok

13:18:55.0866 3656        AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe

13:18:55.0944 3656        AMD External Events Utility - ok

13:18:55.0944 3656        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

13:18:55.0960 3656        amdagp - ok

13:18:55.0975 3656        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

13:18:55.0991 3656        amdide - ok

13:18:56.0022 3656        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

13:18:56.0085 3656        AmdK8 - ok

13:18:56.0085 3656        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

13:18:56.0163 3656        AmdPPM - ok

13:18:56.0225 3656        amdsata         (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

13:18:56.0256 3656        amdsata - ok

13:18:56.0303 3656        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

13:18:56.0334 3656        amdsbs - ok

13:18:56.0350 3656        amdxata         (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

13:18:56.0365 3656        amdxata - ok

13:18:56.0506 3656        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe

13:18:56.0521 3656        AntiVirSchedulerService - ok

13:18:56.0615 3656        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

13:18:56.0631 3656        AntiVirService - ok

13:18:56.0724 3656        AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

13:18:56.0755 3656        AntiVirWebService - ok

13:18:56.0818 3656        AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

13:18:56.0911 3656        AppID - ok

13:18:57.0005 3656        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

13:18:57.0161 3656        AppIDSvc - ok

13:18:57.0161 3656        Appinfo         (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll

13:18:57.0192 3656        Appinfo - ok

13:18:57.0317 3656        Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

13:18:57.0317 3656        Apple Mobile Device - ok

13:18:57.0379 3656        arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

13:18:57.0395 3656        arc - ok

13:18:57.0426 3656        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

13:18:57.0442 3656        arcsas - ok

13:18:57.0504 3656        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

13:18:57.0613 3656        AsyncMac - ok

13:18:57.0691 3656        atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

13:18:57.0723 3656        atapi - ok

13:18:57.0847 3656        athr            (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys

13:18:57.0925 3656        athr - ok

13:18:58.0378 3656        atikmdag        (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys

13:18:58.0581 3656        atikmdag - ok

13:18:58.0768 3656        AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll

13:18:58.0846 3656        AudioEndpointBuilder - ok

13:18:58.0846 3656        Audiosrv        (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll

13:18:58.0893 3656        Audiosrv - ok

13:18:58.0986 3656        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys

13:18:59.0017 3656        avgntflt - ok

13:18:59.0080 3656        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys

13:18:59.0095 3656        avipbb - ok

13:18:59.0220 3656        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

13:18:59.0236 3656        avkmgr - ok

13:18:59.0345 3656        AxInstSV        (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll

13:18:59.0392 3656        AxInstSV - ok

13:18:59.0501 3656        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

13:18:59.0610 3656        b06bdrv - ok

13:18:59.0704 3656        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

13:18:59.0751 3656        b57nd60x - ok

13:18:59.0844 3656        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

13:18:59.0922 3656        BDESVC - ok

13:18:59.0985 3656        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

13:19:00.0031 3656        Beep - ok

13:19:00.0094 3656        BFE             (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll

13:19:00.0156 3656        BFE - ok

13:19:00.0234 3656        BITS            (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll

13:19:00.0312 3656        BITS - ok

13:19:00.0328 3656        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

13:19:00.0359 3656        blbdrive - ok

13:19:00.0484 3656        Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe

13:19:00.0515 3656        Bonjour Service - ok

13:19:00.0593 3656        bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

13:19:00.0624 3656        bowser - ok

13:19:00.0655 3656        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:19:00.0687 3656        BrFiltLo - ok

13:19:00.0702 3656        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:19:00.0718 3656        BrFiltUp - ok

13:19:00.0780 3656        Browser         (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll

13:19:00.0843 3656        Browser - ok

13:19:00.0874 3656        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

13:19:00.0936 3656        Brserid - ok

13:19:00.0952 3656        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

13:19:01.0014 3656        BrSerWdm - ok

13:19:01.0014 3656        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:19:01.0061 3656        BrUsbMdm - ok

13:19:01.0077 3656        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

13:19:01.0108 3656        BrUsbSer - ok

13:19:01.0108 3656        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

13:19:01.0139 3656        BTHMODEM - ok

13:19:01.0201 3656        bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

13:19:01.0248 3656        bthserv - ok

13:19:01.0295 3656        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

13:19:01.0357 3656        cdfs - ok

13:19:01.0435 3656        cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

13:19:01.0467 3656        cdrom - ok

13:19:01.0529 3656        CertPropSvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll

13:19:01.0591 3656        CertPropSvc - ok

13:19:01.0607 3656        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

13:19:01.0623 3656        circlass - ok

13:19:01.0669 3656        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

13:19:01.0701 3656        CLFS - ok

13:19:01.0872 3656        CLHNService     (2b272d0a6e5071829b516ffdc7f841ca) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

13:19:01.0888 3656        CLHNService - ok

13:19:02.0044 3656        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:19:02.0059 3656        clr_optimization_v2.0.50727_32 - ok

13:19:02.0153 3656        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:19:02.0169 3656        clr_optimization_v4.0.30319_32 - ok

13:19:02.0200 3656        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

13:19:02.0231 3656        CmBatt - ok

13:19:02.0262 3656        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

13:19:02.0278 3656        cmdide - ok

13:19:02.0340 3656        CNG             (db5e008b3744dd60c8498cbbf2a1cfa6) C:\Windows\system32\Drivers\cng.sys

13:19:02.0403 3656        CNG - ok

13:19:02.0465 3656        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

13:19:02.0481 3656        Compbatt - ok

13:19:02.0559 3656        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

13:19:02.0590 3656        CompositeBus - ok

13:19:02.0605 3656        COMSysApp - ok

13:19:02.0637 3656        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

13:19:02.0652 3656        crcdisk - ok

13:19:02.0777 3656        CryptSvc        (520a108a2657f4bca7fced9ca7d885de) C:\Windows\system32\cryptsvc.dll

13:19:02.0839 3656        CryptSvc - ok

13:19:02.0902 3656        DcomLaunch      (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll

13:19:02.0949 3656        DcomLaunch - ok

13:19:02.0995 3656        defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

13:19:03.0073 3656        defragsvc - ok

13:19:03.0120 3656        DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

13:19:03.0167 3656        DfsC - ok

13:19:03.0261 3656        Dhcp            (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll

13:19:03.0307 3656        Dhcp - ok

13:19:03.0339 3656        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

13:19:03.0417 3656        discache - ok

13:19:03.0479 3656        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

13:19:03.0495 3656        Disk - ok

13:19:03.0588 3656        DKbFltr         (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys

13:19:03.0604 3656        DKbFltr - ok

13:19:03.0635 3656        Dnscache        (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll

13:19:03.0729 3656        Dnscache - ok

13:19:03.0791 3656        dot3svc         (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll

13:19:03.0853 3656        dot3svc - ok

13:19:03.0869 3656        DPS             (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll

13:19:03.0916 3656        DPS - ok

13:19:03.0978 3656        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

13:19:04.0009 3656        drmkaud - ok

13:19:04.0087 3656        DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

13:19:04.0165 3656        DXGKrnl - ok

13:19:04.0197 3656        EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

13:19:04.0228 3656        EapHost - ok

13:19:04.0524 3656        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

13:19:04.0680 3656        ebdrv - ok

13:19:04.0836 3656        EFS             (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe

13:19:04.0899 3656        EFS - ok

13:19:05.0023 3656        ehRecvr         (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe

13:19:05.0117 3656        ehRecvr - ok

13:19:05.0148 3656        ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

13:19:05.0195 3656        ehSched - ok

13:19:05.0320 3656        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

13:19:05.0367 3656        elxstor - ok

13:19:05.0523 3656        ePowerSvc       (9bf5d9a187a5ca392c0dda4197092a8f) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe

13:19:05.0554 3656        ePowerSvc - ok

13:19:05.0569 3656        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

13:19:05.0601 3656        ErrDev - ok

13:19:05.0694 3656        EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

13:19:05.0757 3656        EventSystem - ok

13:19:05.0835 3656        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

13:19:05.0913 3656        exfat - ok

13:19:05.0944 3656        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

13:19:06.0006 3656        fastfat - ok

13:19:06.0069 3656        Fax             (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe

13:19:06.0131 3656        Fax - ok

13:19:06.0131 3656        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

13:19:06.0162 3656        fdc - ok

13:19:06.0178 3656        fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

13:19:06.0256 3656        fdPHost - ok

13:19:06.0303 3656        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

13:19:06.0365 3656        FDResPub - ok

13:19:06.0396 3656        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

13:19:06.0412 3656        FileInfo - ok

13:19:06.0427 3656        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

13:19:06.0474 3656        Filetrace - ok

13:19:06.0490 3656        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

13:19:06.0521 3656        flpydisk - ok

13:19:06.0568 3656        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

13:19:06.0599 3656        FltMgr - ok

13:19:06.0724 3656        FontCache       (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll

13:19:06.0786 3656        FontCache - ok

13:19:06.0911 3656        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

13:19:06.0927 3656        FontCache3.0.0.0 - ok

13:19:06.0958 3656        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

13:19:06.0973 3656        FsDepends - ok

13:19:07.0005 3656        Fs_Rec          (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys

13:19:07.0020 3656        Fs_Rec - ok

13:19:07.0098 3656        fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

13:19:07.0129 3656        fvevol - ok

13:19:07.0207 3656        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:19:07.0223 3656        gagp30kx - ok

13:19:07.0254 3656        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

13:19:07.0270 3656        GEARAspiWDM - ok

13:19:07.0317 3656        gpsvc           (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll

13:19:07.0363 3656        gpsvc - ok

13:19:07.0395 3656        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

13:19:07.0441 3656        hcw85cir - ok

13:19:07.0504 3656        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:19:07.0535 3656        HDAudBus - ok

13:19:07.0551 3656        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

13:19:07.0582 3656        HidBatt - ok

13:19:07.0597 3656        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

13:19:07.0644 3656        HidBth - ok

13:19:07.0660 3656        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

13:19:07.0707 3656        HidIr - ok

13:19:07.0738 3656        hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll

13:19:07.0785 3656        hidserv - ok

13:19:07.0816 3656        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

13:19:07.0847 3656        HidUsb - ok

13:19:07.0878 3656        hkmsvc          (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll

13:19:07.0941 3656        hkmsvc - ok

13:19:07.0972 3656        HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll

13:19:08.0034 3656        HomeGroupListener - ok

13:19:08.0112 3656        HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll

13:19:08.0175 3656        HomeGroupProvider - ok

13:19:08.0221 3656        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

13:19:08.0253 3656        HpSAMD - ok

13:19:08.0331 3656        HsfXAudioService (1e7c79cbaf71aa92e0eee924907dcb55) C:\Windows\system32\XAudio32.dll

13:19:08.0377 3656        HsfXAudioService - ok

13:19:08.0487 3656        HSF_DPV         (efed6bd9b9d5f407adca918bbe2d410d) C:\Windows\system32\DRIVERS\HSX_DPV.sys

13:19:08.0549 3656        HSF_DPV - ok

13:19:08.0580 3656        HSXHWAZL        (c2eb8396c46e13f76037d70eae8820a9) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

13:19:08.0611 3656        HSXHWAZL - ok

13:19:08.0705 3656        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

13:19:08.0767 3656        HTTP - ok

13:19:08.0767 3656        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

13:19:08.0783 3656        hwpolicy - ok

13:19:08.0845 3656        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

13:19:08.0877 3656        i8042prt - ok

13:19:08.0923 3656        iaStor          (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys

13:19:08.0986 3656        iaStor - ok

13:19:09.0079 3656        iaStorV         (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

13:19:09.0157 3656        iaStorV - ok

13:19:09.0345 3656        idsvc           (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:19:09.0423 3656        idsvc - ok

13:19:09.0485 3656        iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

13:19:09.0501 3656        iirsp - ok

13:19:09.0610 3656        IKEEXT          (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll

13:19:09.0688 3656        IKEEXT - ok

13:19:09.0953 3656        IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys

13:19:10.0078 3656        IntcAzAudAddService - ok

13:19:10.0312 3656        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

13:19:10.0327 3656        intelide - ok

13:19:10.0374 3656        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

13:19:10.0405 3656        intelppm - ok

13:19:10.0437 3656        IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

13:19:10.0515 3656        IPBusEnum - ok

13:19:10.0515 3656        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:19:10.0561 3656        IpFilterDriver - ok

13:19:10.0639 3656        iphlpsvc        (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll

13:19:10.0717 3656        iphlpsvc - ok

13:19:10.0733 3656        IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

13:19:10.0749 3656        IPMIDRV - ok

13:19:10.0749 3656        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

13:19:10.0795 3656        IPNAT - ok

13:19:10.0936 3656        iPod Service    (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe

13:19:10.0967 3656        iPod Service - ok

13:19:11.0045 3656        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

13:19:11.0092 3656        IRENUM - ok

13:19:11.0107 3656        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

13:19:11.0123 3656        isapnp - ok

13:19:11.0170 3656        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

13:19:11.0201 3656        iScsiPrt - ok

13:19:11.0279 3656        k57nd60x        (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys

13:19:11.0341 3656        k57nd60x - ok

13:19:11.0404 3656        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

13:19:11.0419 3656        kbdclass - ok

13:19:11.0466 3656        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

13:19:11.0513 3656        kbdhid - ok

13:19:11.0529 3656        KeyIso          (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

13:19:11.0544 3656        KeyIso - ok

13:19:11.0591 3656        KSecDD          (52fc17c8589f11747d01d3cf592673d0) C:\Windows\system32\Drivers\ksecdd.sys

13:19:11.0607 3656        KSecDD - ok

13:19:11.0653 3656        KSecPkg         (3e5474b03568cfab834da3c38e8c9efa) C:\Windows\system32\Drivers\ksecpkg.sys

13:19:11.0669 3656        KSecPkg - ok

13:19:11.0716 3656        KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

13:19:11.0763 3656        KtmRm - ok

13:19:11.0825 3656        LanmanServer    (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll

13:19:11.0872 3656        LanmanServer - ok

13:19:11.0903 3656        LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll

13:19:11.0934 3656        LanmanWorkstation - ok

13:19:12.0012 3656        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

13:19:12.0075 3656        lltdio - ok

13:19:12.0153 3656        lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

13:19:12.0215 3656        lltdsvc - ok

13:19:12.0231 3656        lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

13:19:12.0262 3656        lmhosts - ok

13:19:12.0309 3656        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:19:12.0324 3656        LSI_FC - ok

13:19:12.0340 3656        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:19:12.0355 3656        LSI_SAS - ok

13:19:12.0355 3656        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:19:12.0371 3656        LSI_SAS2 - ok

13:19:12.0387 3656        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:19:12.0402 3656        LSI_SCSI - ok

13:19:12.0449 3656        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

13:19:12.0511 3656        luafv - ok

13:19:12.0543 3656        Mcx2Svc         (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll

13:19:12.0558 3656        Mcx2Svc - ok

13:19:12.0605 3656        mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

13:19:12.0652 3656        mdmxsdk - ok

13:19:12.0699 3656        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

13:19:12.0714 3656        megasas - ok

13:19:12.0730 3656        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

13:19:12.0745 3656        MegaSR - ok

13:19:12.0808 3656        MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

13:19:12.0870 3656        MMCSS - ok

13:19:12.0886 3656        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

13:19:12.0964 3656        Modem - ok

13:19:12.0995 3656        monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

13:19:13.0026 3656        monitor - ok

13:19:13.0073 3656        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

13:19:13.0089 3656        mouclass - ok

13:19:13.0151 3656        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

13:19:13.0198 3656        mouhid - ok

13:19:13.0213 3656        mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

13:19:13.0229 3656        mountmgr - ok

13:19:13.0401 3656        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

13:19:13.0432 3656        MozillaMaintenance - ok

13:19:13.0494 3656        mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

13:19:13.0572 3656        mpio - ok

13:19:13.0588 3656        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

13:19:13.0666 3656        mpsdrv - ok

13:19:13.0713 3656        MpsSvc          (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll

13:19:13.0806 3656        MpsSvc - ok

13:19:13.0822 3656        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

13:19:13.0837 3656        MRxDAV - ok

13:19:13.0915 3656        mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:19:13.0978 3656        mrxsmb - ok

13:19:14.0025 3656        mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:19:14.0040 3656        mrxsmb10 - ok

13:19:14.0071 3656        mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:19:14.0071 3656        mrxsmb20 - ok

13:19:14.0118 3656        msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

13:19:14.0118 3656        msahci - ok

13:19:14.0165 3656        msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

13:19:14.0181 3656        msdsm - ok

13:19:14.0227 3656        MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

13:19:14.0274 3656        MSDTC - ok

13:19:14.0305 3656        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

13:19:14.0352 3656        Msfs - ok

13:19:14.0368 3656        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

13:19:14.0399 3656        mshidkmdf - ok

13:19:14.0415 3656        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

13:19:14.0415 3656        msisadrv - ok

13:19:14.0477 3656        MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

13:19:14.0539 3656        MSiSCSI - ok

13:19:14.0555 3656        msiserver - ok

13:19:14.0586 3656        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

13:19:14.0633 3656        MSKSSRV - ok

13:19:14.0664 3656        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

13:19:14.0758 3656        MSPCLOCK - ok

13:19:14.0758 3656        MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

13:19:14.0789 3656        MSPQM - ok

13:19:14.0820 3656        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

13:19:14.0851 3656        MsRPC - ok

13:19:14.0898 3656        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

13:19:14.0914 3656        mssmbios - ok

13:19:14.0929 3656        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

13:19:14.0961 3656        MSTEE - ok

13:19:14.0976 3656        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

13:19:14.0992 3656        MTConfig - ok

13:19:15.0023 3656        Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

13:19:15.0039 3656        Mup - ok

13:19:15.0101 3656        mwlPSDFilter    (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

13:19:15.0117 3656        mwlPSDFilter - ok

13:19:15.0132 3656        mwlPSDNServ     (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

13:19:15.0148 3656        mwlPSDNServ - ok

13:19:15.0163 3656        mwlPSDVDisk     (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

13:19:15.0179 3656        mwlPSDVDisk - ok

13:19:15.0304 3656        MWLService      (fd257cd94057d02108b954156d7b2770) C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe

13:19:15.0335 3656        MWLService - ok

13:19:15.0366 3656        napagent        (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll

13:19:15.0429 3656        napagent - ok

13:19:15.0507 3656        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

13:19:15.0569 3656        NativeWifiP - ok

13:19:15.0663 3656        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

13:19:15.0725 3656        NDIS - ok

13:19:15.0803 3656        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

13:19:15.0850 3656        NdisCap - ok

13:19:15.0943 3656        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

13:19:15.0990 3656        NdisTapi - ok

13:19:16.0068 3656        Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

13:19:16.0115 3656        Ndisuio - ok

13:19:16.0131 3656        NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

13:19:16.0177 3656        NdisWan - ok

13:19:16.0193 3656        NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

13:19:16.0240 3656        NDProxy - ok

13:19:16.0287 3656        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

13:19:16.0333 3656        NetBIOS - ok

13:19:16.0365 3656        NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

13:19:16.0396 3656        NetBT - ok

13:19:16.0427 3656        Netlogon        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

13:19:16.0443 3656        Netlogon - ok

13:19:16.0536 3656        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

13:19:16.0599 3656        Netman - ok

13:19:16.0677 3656        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

13:19:16.0723 3656        netprofm - ok

13:19:16.0848 3656        NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:19:16.0879 3656        NetTcpPortSharing - ok

13:19:16.0973 3656        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

13:19:16.0989 3656        nfrd960 - ok

13:19:17.0020 3656        NlaSvc          (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll

13:19:17.0051 3656        NlaSvc - ok

13:19:17.0082 3656        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

13:19:17.0113 3656        Npfs - ok

13:19:17.0129 3656        nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

13:19:17.0160 3656        nsi - ok

13:19:17.0176 3656        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

13:19:17.0223 3656        nsiproxy - ok

13:19:17.0347 3656        Ntfs            (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

13:19:17.0425 3656        Ntfs - ok

13:19:17.0550 3656        NTI IScheduleSvc (944e3911888b9fffd843b91c8abbd3f6) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

13:19:17.0566 3656        NTI IScheduleSvc - ok

13:19:17.0613 3656        NTIBackupSvc    (973dcb15731339fca176e534055cf115) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

13:19:17.0613 3656        NTIBackupSvc - ok

13:19:17.0753 3656        NTIDrvr         (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys

13:19:17.0769 3656        NTIDrvr - ok

13:19:17.0800 3656        NTISchedulerSvc (58751f9248d50bce1053976c9e2f0859) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

13:19:17.0815 3656        NTISchedulerSvc - ok

13:19:17.0847 3656        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

13:19:17.0878 3656        Null - ok

13:19:17.0940 3656        nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

13:19:18.0003 3656        nvraid - ok

13:19:18.0049 3656        nvstor          (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

13:19:18.0065 3656        nvstor - ok

13:19:18.0081 3656        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

13:19:18.0096 3656        nv_agp - ok

13:19:18.0268 3656        odserv          (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

13:19:18.0330 3656        odserv - ok

13:19:18.0346 3656        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

13:19:18.0393 3656        ohci1394 - ok

13:19:18.0455 3656        ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:19:18.0471 3656        ose - ok

13:19:18.0517 3656        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

13:19:18.0564 3656        p2pimsvc - ok

13:19:18.0642 3656        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

13:19:18.0673 3656        p2psvc - ok

13:19:18.0689 3656        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

13:19:18.0720 3656        Parport - ok

13:19:18.0767 3656        partmgr         (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys

13:19:18.0783 3656        partmgr - ok

13:19:18.0814 3656        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

13:19:18.0845 3656        Parvdm - ok

13:19:18.0861 3656        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

13:19:18.0876 3656        PcaSvc - ok

13:19:18.0907 3656        pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

13:19:18.0923 3656        pci - ok

13:19:18.0954 3656        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

13:19:18.0954 3656        pciide - ok

13:19:18.0970 3656        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

13:19:18.0985 3656        pcmcia - ok

13:19:19.0032 3656        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

13:19:19.0048 3656        pcw - ok

13:19:19.0157 3656        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

13:19:19.0297 3656        PEAUTH - ok

13:19:19.0469 3656        pla             (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll

13:19:19.0594 3656        pla - ok

13:19:19.0750 3656        PlugPlay        (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll

13:19:19.0797 3656        PlugPlay - ok

13:19:19.0812 3656        PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

13:19:19.0859 3656        PNRPAutoReg - ok

13:19:19.0906 3656        PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

13:19:19.0921 3656        PNRPsvc - ok

13:19:19.0984 3656        PolicyAgent     (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll

13:19:20.0062 3656        PolicyAgent - ok

13:19:20.0109 3656        Power           (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll

13:19:20.0155 3656        Power - ok

13:19:20.0327 3656        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

13:19:20.0374 3656        PptpMiniport - ok

13:19:20.0467 3656        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

13:19:20.0514 3656        Processor - ok

13:19:20.0592 3656        ProfSvc         (aea3bdbdba667aa6f678cb38907e4f5e) C:\Windows\system32\profsvc.dll

13:19:20.0670 3656        ProfSvc - ok

13:19:20.0686 3656        ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

13:19:20.0701 3656        ProtectedStorage - ok

13:19:20.0779 3656        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

13:19:20.0842 3656        Psched - ok

13:19:20.0967 3656        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

13:19:21.0045 3656        ql2300 - ok

13:19:21.0201 3656        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

13:19:21.0216 3656        ql40xx - ok

13:19:21.0294 3656        QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

13:19:21.0388 3656        QWAVE - ok

13:19:21.0435 3656        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

13:19:21.0466 3656        QWAVEdrv - ok

13:19:21.0466 3656        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

13:19:21.0544 3656        RasAcd - ok

13:19:21.0606 3656        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:19:21.0669 3656        RasAgileVpn - ok

13:19:21.0731 3656        RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

13:19:21.0825 3656        RasAuto - ok

13:19:21.0871 3656        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:19:21.0934 3656        Rasl2tp - ok

13:19:22.0012 3656        RasMan          (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll

13:19:22.0059 3656        RasMan - ok

13:19:22.0090 3656        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

13:19:22.0137 3656        RasPppoe - ok

13:19:22.0183 3656        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

13:19:22.0230 3656        RasSstp - ok

13:19:22.0261 3656        rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

13:19:22.0308 3656        rdbss - ok

13:19:22.0339 3656        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

13:19:22.0355 3656        rdpbus - ok

13:19:22.0371 3656        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:19:22.0402 3656        RDPCDD - ok

13:19:22.0464 3656        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

13:19:22.0511 3656        RDPENCDD - ok

13:19:22.0542 3656        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

13:19:22.0573 3656        RDPREFMP - ok

13:19:22.0636 3656        RDPWD           (c5b8d47a4688de9d335204ea757c2240) C:\Windows\system32\drivers\RDPWD.sys

13:19:22.0698 3656        RDPWD - ok

13:19:22.0776 3656        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

13:19:22.0839 3656        rdyboost - ok

13:19:22.0885 3656        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

13:19:22.0932 3656        RemoteAccess - ok

13:19:22.0995 3656        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

13:19:23.0088 3656        RemoteRegistry - ok

13:19:23.0135 3656        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

13:19:23.0197 3656        RpcEptMapper - ok

13:19:23.0213 3656        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

13:19:23.0244 3656        RpcLocator - ok

13:19:23.0291 3656        RpcSs           (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll

13:19:23.0322 3656        RpcSs - ok

13:19:23.0400 3656        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

13:19:23.0463 3656        rspndr - ok

13:19:23.0525 3656        RTHDMIAzAudService (87407b31ea6ff0dc4765258164b98bea) C:\Windows\system32\drivers\RtHDMIV.sys

13:19:23.0572 3656        RTHDMIAzAudService - ok

13:19:23.0634 3656        RTSTOR          (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS

13:19:23.0681 3656        RTSTOR - ok

13:19:23.0743 3656        SamSs           (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

13:19:23.0775 3656        SamSs - ok

13:19:23.0821 3656        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

13:19:23.0837 3656        sbp2port - ok

13:19:23.0931 3656        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

13:19:23.0977 3656        SCardSvr - ok

13:19:23.0993 3656        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

13:19:24.0024 3656        scfilter - ok

13:19:24.0102 3656        Schedule        (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll

13:19:24.0196 3656        Schedule - ok

13:19:24.0227 3656        SCPolicySvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll

13:19:24.0274 3656        SCPolicySvc - ok

13:19:24.0305 3656        SDRSVC          (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll

13:19:24.0383 3656        SDRSVC - ok

13:19:24.0430 3656        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

13:19:24.0492 3656        secdrv - ok

13:19:24.0508 3656        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

13:19:24.0555 3656        seclogon - ok

13:19:24.0601 3656        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll

13:19:24.0648 3656        SENS - ok

13:19:24.0711 3656        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

13:19:24.0773 3656        SensrSvc - ok

13:19:24.0820 3656        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

13:19:24.0851 3656        Serenum - ok

13:19:24.0882 3656        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

13:19:24.0913 3656        Serial - ok

13:19:24.0929 3656        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

13:19:24.0945 3656        sermouse - ok

13:19:24.0991 3656        SessionEnv      (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll

13:19:25.0023 3656        SessionEnv - ok

13:19:25.0038 3656        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

13:19:25.0069 3656        sffdisk - ok

13:19:25.0069 3656        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

13:19:25.0085 3656        sffp_mmc - ok

13:19:25.0101 3656        sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

13:19:25.0132 3656        sffp_sd - ok

13:19:25.0132 3656        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

13:19:25.0147 3656        sfloppy - ok

13:19:25.0194 3656        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

13:19:25.0272 3656        SharedAccess - ok

13:19:25.0319 3656        ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll

13:19:25.0350 3656        ShellHWDetection - ok

13:19:25.0366 3656        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

13:19:25.0366 3656        sisagp - ok

13:19:25.0397 3656        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:19:25.0413 3656        SiSRaid2 - ok

13:19:25.0428 3656        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

13:19:25.0491 3656        SiSRaid4 - ok

13:19:25.0522 3656        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

13:19:25.0584 3656        Smb - ok

13:19:25.0678 3656        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

13:19:25.0725 3656        SNMPTRAP - ok

13:19:25.0756 3656        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

13:19:25.0771 3656        spldr - ok

13:19:25.0865 3656        Spooler         (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe

13:19:25.0912 3656        Spooler - ok

13:19:26.0161 3656        sppsvc          (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe

13:19:26.0271 3656        sppsvc - ok

13:19:26.0411 3656        sppuinotify     (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll

13:19:26.0442 3656        sppuinotify - ok

13:19:26.0520 3656        srv             (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

13:19:26.0551 3656        srv - ok

13:19:26.0598 3656        srv2            (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

13:19:26.0614 3656        srv2 - ok

13:19:26.0676 3656        srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

13:19:26.0707 3656        srvnet - ok

13:19:26.0739 3656        SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

13:19:26.0801 3656        SSDPSRV - ok

13:19:26.0863 3656        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

13:19:26.0879 3656        ssmdrv - ok

13:19:26.0895 3656        SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

13:19:26.0957 3656        SstpSvc - ok

13:19:26.0988 3656        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

13:19:27.0004 3656        stexstor - ok

13:19:27.0066 3656        StiSvc          (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll

13:19:27.0113 3656        StiSvc - ok

13:19:27.0144 3656        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

13:19:27.0160 3656        swenum - ok

13:19:27.0207 3656        swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

13:19:27.0238 3656        swprv - ok

13:19:27.0347 3656        SynTP           (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys

13:19:27.0409 3656        SynTP - ok

13:19:27.0534 3656        SysMain         (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll

13:19:27.0643 3656        SysMain - ok

13:19:27.0690 3656        TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll

13:19:27.0737 3656        TabletInputService - ok

13:19:27.0768 3656        TapiSrv         (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll

13:19:27.0846 3656        TapiSrv - ok

13:19:27.0877 3656        TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

13:19:27.0924 3656        TBS - ok

13:19:28.0143 3656        Tcpip           (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys

13:19:28.0189 3656        Tcpip - ok

13:19:28.0236 3656        TCPIP6          (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys

13:19:28.0283 3656        TCPIP6 - ok

13:19:28.0377 3656        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

13:19:28.0455 3656        tcpipreg - ok

13:19:28.0501 3656        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

13:19:28.0548 3656        TDPIPE - ok

13:19:28.0579 3656        TDTCP           (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys

13:19:28.0595 3656        TDTCP - ok

13:19:28.0611 3656        tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

13:19:28.0657 3656        tdx - ok

13:19:28.0689 3656        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

13:19:28.0704 3656        TermDD - ok

13:19:28.0751 3656        TermService     (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll

13:19:28.0813 3656        TermService - ok

13:19:28.0829 3656        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

13:19:28.0860 3656        Themes - ok

13:19:28.0876 3656        THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

13:19:28.0907 3656        THREADORDER - ok

13:19:28.0969 3656        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

13:19:29.0032 3656        TrkWks - ok

13:19:29.0094 3656        TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe

13:19:29.0141 3656        TrustedInstaller - ok

13:19:29.0188 3656        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:19:29.0235 3656        tssecsrv - ok

13:19:29.0328 3656        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

13:19:29.0375 3656        tunnel - ok

13:19:29.0406 3656        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

13:19:29.0422 3656        uagp35 - ok

13:19:29.0453 3656        UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys

13:19:29.0469 3656        UBHelper - ok

13:19:29.0484 3656        udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

13:19:29.0531 3656        udfs - ok

13:19:29.0578 3656        UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

13:19:29.0609 3656        UI0Detect - ok

13:19:29.0656 3656        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

13:19:29.0718 3656        uliagpkx - ok

13:19:29.0765 3656        umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

13:19:29.0812 3656        umbus - ok

13:19:29.0827 3656        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

13:19:29.0843 3656        UmPass - ok

13:19:29.0874 3656        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

13:19:29.0921 3656        upnphost - ok

13:19:29.0999 3656        USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

13:19:30.0046 3656        USBAAPL - ok

13:19:30.0077 3656        usbccgp         (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys

13:19:30.0124 3656        usbccgp - ok

13:19:30.0171 3656        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

13:19:30.0202 3656        usbcir - ok

13:19:30.0264 3656        usbehci         (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys

13:19:30.0280 3656        usbehci - ok

13:19:30.0358 3656        usbhub          (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys

13:19:30.0389 3656        usbhub - ok

13:19:30.0451 3656        usbohci         (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys

13:19:30.0498 3656        usbohci - ok

13:19:30.0545 3656        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

13:19:30.0592 3656        usbprint - ok

13:19:30.0670 3656        usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

13:19:30.0717 3656        usbscan - ok

13:19:30.0779 3656        USBSTOR         (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:19:30.0826 3656        USBSTOR - ok

13:19:30.0857 3656        usbuhci         (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys

13:19:30.0873 3656        usbuhci - ok

13:19:30.0935 3656        usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys

13:19:30.0997 3656        usbvideo - ok

13:19:31.0029 3656        UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

13:19:31.0075 3656        UxSms - ok

13:19:31.0107 3656        VaultSvc        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

13:19:31.0122 3656        VaultSvc - ok

13:19:31.0169 3656        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

13:19:31.0200 3656        vdrvroot - ok

13:19:31.0247 3656        vds             (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe

13:19:31.0309 3656        vds - ok

13:19:31.0372 3656        vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

13:19:31.0387 3656        vga - ok

13:19:31.0434 3656        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

13:19:31.0450 3656        VgaSave - ok

13:19:31.0465 3656        vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

13:19:31.0481 3656        vhdmp - ok

13:19:31.0543 3656        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

13:19:31.0575 3656        viaagp - ok

13:19:31.0575 3656        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

13:19:31.0606 3656        ViaC7 - ok

13:19:31.0621 3656        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

13:19:31.0621 3656        viaide - ok

13:19:31.0653 3656        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

13:19:31.0668 3656        volmgr - ok

13:19:31.0731 3656        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

13:19:31.0762 3656        volmgrx - ok

13:19:31.0777 3656        volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

13:19:31.0809 3656        volsnap - ok

13:19:31.0855 3656        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

13:19:31.0871 3656        vsmraid - ok

13:19:31.0996 3656        VSS             (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe

13:19:32.0058 3656        VSS - ok

13:19:32.0074 3656        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

13:19:32.0105 3656        vwifibus - ok

13:19:32.0167 3656        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

13:19:32.0199 3656        vwififlt - ok

13:19:32.0214 3656        W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

13:19:32.0261 3656        W32Time - ok

13:19:32.0308 3656        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

13:19:32.0323 3656        WacomPen - ok

13:19:32.0370 3656        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

13:19:32.0401 3656        WANARP - ok

13:19:32.0401 3656        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

13:19:32.0433 3656        Wanarpv6 - ok

13:19:32.0589 3656        WatAdminSvc     (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe

13:19:32.0682 3656        WatAdminSvc - ok

13:19:32.0791 3656        wbengine        (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe

13:19:32.0885 3656        wbengine - ok

13:19:32.0901 3656        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

13:19:32.0932 3656        WbioSrvc - ok

13:19:32.0979 3656        wcncsvc         (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll

13:19:33.0010 3656        wcncsvc - ok

13:19:33.0025 3656        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

13:19:33.0088 3656        WcsPlugInService - ok

13:19:33.0135 3656        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

13:19:33.0166 3656        Wd - ok

13:19:33.0213 3656        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

13:19:33.0244 3656        Wdf01000 - ok

13:19:33.0259 3656        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

13:19:33.0291 3656        WdiServiceHost - ok

13:19:33.0291 3656        WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

13:19:33.0322 3656        WdiSystemHost - ok

13:19:33.0353 3656        WebClient       (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll

13:19:33.0478 3656        WebClient - ok

13:19:33.0509 3656        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

13:19:33.0665 3656        Wecsvc - ok

13:19:33.0759 3656        wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

13:19:33.0805 3656        wercplsupport - ok

13:19:33.0883 3656        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

13:19:33.0930 3656        WerSvc - ok

13:19:33.0977 3656        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

13:19:34.0024 3656        WfpLwf - ok

13:19:34.0039 3656        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

13:19:34.0055 3656        WIMMount - ok

13:19:34.0149 3656        winachsf        (d0116c473ef3c381a42bb55036a1adb1) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

13:19:34.0195 3656        winachsf - ok

13:19:34.0351 3656        WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

13:19:34.0429 3656        WinDefend - ok

13:19:34.0445 3656        WinHttpAutoProxySvc - ok

13:19:34.0617 3656        Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

13:19:34.0695 3656        Winmgmt - ok

13:19:34.0804 3656        WinRM           (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll

13:19:34.0882 3656        WinRM - ok

13:19:34.0991 3656        WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

13:19:35.0022 3656        WinUsb - ok

13:19:35.0163 3656        Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

13:19:35.0241 3656        Wlansvc - ok

13:19:35.0303 3656        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

13:19:35.0334 3656        WmiAcpi - ok

13:19:35.0428 3656        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

13:19:35.0475 3656        wmiApSrv - ok

13:19:35.0693 3656        WMPNetworkSvc   (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe

13:19:35.0787 3656        WMPNetworkSvc - ok

13:19:35.0818 3656        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

13:19:35.0849 3656        WPCSvc - ok

13:19:35.0880 3656        WPDBusEnum      (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll

13:19:35.0911 3656        WPDBusEnum - ok

13:19:35.0989 3656        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

13:19:36.0036 3656        ws2ifsl - ok

13:19:36.0052 3656        wscsvc          (a661a76333057b383a06e65f0073222f) C:\Windows\System32\wscsvc.dll

13:19:36.0099 3656        wscsvc - ok

13:19:36.0099 3656        WSearch - ok

13:19:36.0301 3656        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll

13:19:36.0364 3656        wuauserv - ok

13:19:36.0504 3656        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

13:19:36.0551 3656        WudfPf - ok

13:19:36.0613 3656        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:19:36.0645 3656        WUDFRd - ok

13:19:36.0691 3656        wudfsvc         (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll

13:19:36.0738 3656        wudfsvc - ok

13:19:36.0769 3656        WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

13:19:36.0801 3656        WwanSvc - ok

13:19:36.0832 3656        XAudio          (22a08b9faecd6a306868f59b7f03f188) C:\Windows\system32\DRIVERS\XAudio32.sys

13:19:36.0847 3656        XAudio - ok

13:19:36.0910 3656        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

13:19:37.0269 3656        \Device\Harddisk0\DR0 - ok

13:19:37.0269 3656        Boot (0x1200)   (cb488b7dc49fb432a3e67692bedfc159) \Device\Harddisk0\DR0\Partition0

13:19:37.0269 3656        \Device\Harddisk0\DR0\Partition0 - ok

13:19:37.0269 3656        ============================================================

13:19:37.0269 3656        Scan finished

13:19:37.0269 3656        ============================================================

13:19:37.0284 1668        Detected object count: 0

13:19:37.0284 1668        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

So, Combofix ist durch, Log ist unten. Ist es normal, dass mein alter Desktophintergrund jetzt weg ist?

Code:

ComboFix 12-07-14.01 - Mathias 15.07.2012  20:28:43.1.2 - x86

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.43.1031.18.3067.2258 [GMT 2:00]

ausgeführt von:: c:\users\Mathias\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert 

Kopie von - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt 

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-06-15 bis 2012-07-15  ))))))))))))))))))))))))))))))

.

.

2012-07-15 18:40 . 2012-07-15 18:40        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-07-14 14:19 . 2012-07-14 14:19        --------        d-----w-        C:\_OTL

2012-07-14 10:14 . 2012-07-14 10:14        476976        ----a-w-        c:\windows\system32\npdeployJava1.dll

2012-07-14 10:14 . 2012-07-14 10:14        --------        d-----w-        c:\program files\Java

2012-07-13 21:42 . 2012-06-12 02:44        2344448        ----a-w-        c:\windows\system32\win32k.sys

2012-07-11 15:37 . 2012-06-02 04:51        67440        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2012-07-11 15:37 . 2012-06-02 04:51        134000        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys

2012-07-11 15:37 . 2012-06-02 04:50        369336        ----a-w-        c:\windows\system32\drivers\cng.sys

2012-07-11 15:37 . 2012-06-02 04:48        225280        ----a-w-        c:\windows\system32\schannel.dll

2012-07-11 15:37 . 2012-06-02 04:47        219136        ----a-w-        c:\windows\system32\ncrypt.dll

2012-07-11 15:37 . 2012-06-06 05:09        1389568        ----a-w-        c:\windows\system32\msxml6.dll

2012-07-11 15:37 . 2012-06-06 05:09        1236992        ----a-w-        c:\windows\system32\msxml3.dll

2012-07-11 15:37 . 2012-06-06 05:09        987136        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll

2012-07-07 09:14 . 2012-07-07 09:14        --------        d-----w-        c:\program files\ESET

2012-07-05 18:00 . 2012-07-05 18:00        --------        d-----w-        c:\users\Mathias\AppData\Roaming\Malwarebytes

2012-07-05 18:00 . 2012-07-05 18:00        --------        d-----w-        c:\programdata\Malwarebytes

2012-07-05 18:00 . 2012-07-05 18:00        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-07-05 18:00 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-07-03 20:50 . 2012-06-02 22:19        53784        ----a-w-        c:\windows\system32\wuauclt.exe

2012-07-03 20:50 . 2012-06-02 22:19        45080        ----a-w-        c:\windows\system32\wups2.dll

2012-07-03 20:50 . 2012-06-02 22:19        1933848        ----a-w-        c:\windows\system32\wuaueng.dll

2012-07-03 20:50 . 2012-06-02 22:12        2422272        ----a-w-        c:\windows\system32\wucltux.dll

2012-07-03 20:50 . 2012-06-02 22:19        35864        ----a-w-        c:\windows\system32\wups.dll

2012-07-03 20:50 . 2012-06-02 22:19        577048        ----a-w-        c:\windows\system32\wuapi.dll

2012-07-03 20:50 . 2012-06-02 22:12        88576        ----a-w-        c:\windows\system32\wudriver.dll

2012-07-03 20:49 . 2012-06-02 13:19        171904        ----a-w-        c:\windows\system32\wuwebv.dll

2012-07-03 20:49 . 2012-06-02 13:12        33792        ----a-w-        c:\windows\system32\wuapp.exe

2012-06-25 20:56 . 2012-06-25 20:56        --------        d-----w-        c:\users\Mathias\AppData\Local\PDF24

2012-06-25 20:54 . 2012-07-03 20:43        --------        d-----w-        c:\program files\PDF24

2012-06-25 20:20 . 2001-10-28 15:42        116224        ----a-w-        c:\windows\system32\pdfcmnnt.dll

2012-06-25 20:20 . 2010-07-20 00:39        389120        ----a-w-        c:\windows\system32\actskn43.ocx

2012-06-22 07:21 . 2012-06-22 07:21        --------        d-----w-        c:\users\Mathias\AppData\Local\ElevatedDiagnostics

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-14 10:14 . 2011-08-23 12:15        472880        ----a-w-        c:\windows\system32\deployJava1.dll

2012-07-12 16:15 . 2012-03-30 20:20        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-07-12 16:15 . 2011-08-22 21:43        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-11 07:29 . 2011-10-26 17:35        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-05-11 07:29 . 2011-10-26 17:35        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-05-02 04:52 . 2012-06-13 11:32        163328        ----a-w-        c:\windows\system32\profsvc.dll

2012-04-28 03:19 . 2012-06-13 11:32        177152        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-04-26 04:48 . 2012-06-13 11:32        57856        ----a-w-        c:\windows\system32\rdpwsx.dll

2012-04-26 04:48 . 2012-06-13 11:32        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll

2012-04-26 04:43 . 2012-06-13 11:32        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe

2012-04-24 04:47 . 2012-06-13 11:32        139264        ----a-w-        c:\windows\system32\cryptsvc.dll

2012-04-24 04:47 . 2012-06-13 11:32        103936        ----a-w-        c:\windows\system32\cryptnet.dll

2012-04-24 04:47 . 2012-06-13 11:32        1156608        ----a-w-        c:\windows\system32\crypt32.dll

2012-05-11 07:18 . 2011-08-22 21:35        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-05-14 21:02        120104        ----a-w-        c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]

"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-08-26 494112]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]

"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]

"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]

"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]

"PLFSetI"="c:\windows\PLFSetI.exe" [2011-08-21 200704]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-27 1194504]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-11 348624]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]

S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]

S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]

S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]

S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HsfXAudioService        REG_MULTI_SZ           HsfXAudioService

.

Inhalt des "geplante Tasks" Ordners

.

2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 16:15]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 10.0.0.138

FF - ProfilePath - c:\users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\5pn5sgzq.default\

FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu

FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(2104)

c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll

c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\atieclxx.exe

c:\windows\system32\taskhost.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\conhost.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-07-15  20:47:39 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-07-15 18:47

.

Vor Suchlauf: 15 Verzeichnis(se), 97.639.481.344 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 97.764.229.120 Bytes frei

.

- - End Of File - - 3AEC809E3E5AC154F8B246C095AF2DD3

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

GMER:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-07-16 21:50:29

Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0

Running: vomherxq.exe; Driver: C:\Users\Mathias\AppData\Local\Temp\kwriqkog.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            97C53FC6                                                                                                                                     ZwCreateSection

SSDT            97C53FD0                                                                                                                                     ZwRequestWaitReplyPort

SSDT            97C53FCB                                                                                                                                     ZwSetContextThread

SSDT            97C53FD5                                                                                                                                     ZwSetSecurityObject

SSDT            97C53FDA                                                                                                                                     ZwSystemDebugControl

SSDT            97C53F67                                                                                                                                     ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwRollbackTransaction + 13E9                                                                                                    83285599 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                       832AA092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           ntkrnlpa.exe!RtlSidHashLookup + 340                                                                                                          832B1990 4 Bytes  [C6, 3F, C5, 97]

.text           ntkrnlpa.exe!RtlSidHashLookup + 69C                                                                                                          832B1CEC 4 Bytes  [D0, 3F, C5, 97]

.text           ntkrnlpa.exe!RtlSidHashLookup + 6E0                                                                                                          832B1D30 4 Bytes  [CB, 3F, C5, 97]

.text           ntkrnlpa.exe!RtlSidHashLookup + 75C                                                                                                          832B1DAC 4 Bytes  [D5, 3F, C5, 97]

.text           ntkrnlpa.exe!RtlSidHashLookup + 7B0                                                                                                          832B1E00 4 Bytes  [DA, 3F, C5, 97]

.text           ...                                                                                                                                          

.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                     section is writeable [0x91203000, 0x2D5378, 0xE8000020]

PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                                                                          9C9AE000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]

PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                                                                          9C9AE123 629 Bytes  [95, 9A, 9C, FE, 05, 34, 95, ...]

PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                                                                          9C9AE399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]

PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                                                                          9C9AE3FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]

PAGE            spsys.sys!?SPRevision@@3PADA + 543B                                                                                                          9C9AE4AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]

PAGE            ...                                                                                                                                          
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[436] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx]  [00961210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.DLL (Backup Manager Module/NewTech Infosystems, Inc.)

IAT             C:\Windows\Explorer.EXE[1748] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]                                      [01571E00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)

IAT             C:\Windows\Explorer.EXE[1748] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                                                  [01572A00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)

IAT             C:\Windows\Explorer.EXE[1748] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                                  [015711D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)

IAT             C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[3616] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]            [75345E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[3616] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]             [75345E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[3616] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]          [75345E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[3616] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]           [75345E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                       mwlPSDFilter.sys (PSD Filter Driver/Egis Incorporated.)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B0C661A5755946340A759F646D476ECA\Usage@WinMailFeat       1089407521
 

---- EOF - GMER 1.0.15 ----

OSAM:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 20:24:49 on 16.07.2012
 

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit

Default Browser: Mozilla Corporation Firefox 12.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\Users\Mathias\AppData\Local\Temp\catchme.sys  (File not found)

"mwlPSDFilter" (mwlPSDFilter) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys

"mwlPSDNServ" (mwlPSDNServ) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys

"mwlPSDVDisk" (mwlPSDVDisk) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys

"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

"ProductReg" - "Acer" - "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"ArcadeDeluxeAgent" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k

"CLMLServer" - "CyberLink" - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"

"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"EgisTecLiveUpdate" - "Egis Technology Inc." - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"

"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"

"LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe

"mwlDaemon" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

"PlayMovie" - "Acer Corp." - "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

"PLFSetI" - ? - C:\Windows\PLFSetI.exe

"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe

"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

"MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe

"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

"NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-07-16 21:57:03

-----------------------------

21:57:03.094    OS Version: Windows 6.1.7600 

21:57:03.094    Number of processors: 2 586 0x170A

21:57:03.094    ComputerName: MATHIAS-LAPTOP  UserName: Mathias

21:57:32.937    Initialize success

21:59:19.429    AVAST engine defs: 12071601

21:59:36.838    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

21:59:36.838    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3

21:59:36.854    Disk 0 MBR read successfully

21:59:36.870    Disk 0 MBR scan

21:59:36.870    Disk 0 Windows 7 default MBR code

21:59:36.885    Disk 0 Partition 1 00     27 Hidden NTFS WinRE MSDOS5.0    10000 MB offset 2048

21:59:36.901    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       466938 MB offset 20482048

21:59:36.916    Disk 0 scanning sectors +976771072

21:59:36.979    Disk 0 scanning C:\Windows\system32\drivers

21:59:56.775    Service scanning

22:00:26.291    Modules scanning

22:00:43.170    Disk 0 trace - called modules:

22:00:43.217    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 

22:00:43.217    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86edc638]

22:00:43.232    3 CLASSPNP.SYS[8bb8059e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8608d028]

22:00:45.245    AVAST engine scan C:\Windows

22:00:53.263    AVAST engine scan C:\Windows\system32

22:05:02.380    AVAST engine scan C:\Windows\system32\drivers

22:05:15.983    AVAST engine scan C:\Users\Mathias

22:22:36.115    AVAST engine scan C:\ProgramData

22:23:06.207    Scan finished successfully

22:23:33.024    Disk 0 MBR has been saved successfully to "C:\Users\Mathias\Desktop\MBR.dat"

22:23:33.024    The log file has been saved successfully to "C:\Users\Mathias\Desktop\aswMBR.txt"

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Super, vielen Dank für deine kompetente und ausdauernde Hilfe! Muss ich sonst noch etwas machen, bspw. mit Funden in Quarantäne, Programme wieder deinstallieren (oder das ausdrücklich nicht tun?), bzw. kann ich wieder auch sensible Daten über diesen Computer behandeln?

Danke nochmal!

Malwarebytes:

Code:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.07.18.08
 

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

Mathias :: MATHIAS-LAPTOP [Administrator]
 

18.07.2012 20:44:32

mbam-log-2012-07-18 (20-44-32).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 381285

Laufzeit: 2 Stunde(n), 11 Minute(n), 13 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

SUPERAntiSpyware:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 07/19/2012 at 08:53 PM
 

Application Version : 5.5.1006
 

Core Rules Database Version : 8914

Trace Rules Database Version: 6726
 

Scan type       : Complete Scan

Total Scan Time : 02:45:50
 

Operating System Information

Windows 7 Home Premium 32-bit (Build 6.01.7600)

UAC On - Limited User
 

Memory items scanned      : 712

Memory threats detected   : 0

Registry items scanned    : 34754

Registry threats detected : 0

File items scanned        : 161804

File threats detected     : 57
 

Adware.Tracking Cookie

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\0GVBH43A.txt [ /ad.zanox.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\ARA1BZI7.txt [ /atdmt.combing.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\EDAKTY35.txt [ /smartadserver.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\NDRJXEU9.txt [ /doubleclick.net ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\UKVN2JPQ.txt [ /dyntracker.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\9NGGH48S.txt [ /atdmt.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\VNGFTGUH.txt [ /ad.dyntracker.de ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\WJU4XBLX.txt [ /mediaplex.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\IB1M9MJU.txt [ /zanox.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\CAIK2Q79.txt [ /www.zanox-affiliate.de ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\ZXQSZHWU.txt [ /zanox-affiliate.de ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\LDE2DNIW.txt [ /fastclick.net ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\AVTM8MDO.txt [ /apmebf.com ]

        C:\USERS\MATHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\E5EZ3QZ0.txt [ Cookie:mathias@atdmt.combing.com/ ]

        C:\USERS\MATHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathias@2o7[1].txt [ Cookie:mathias@2o7.net/ ]

        C:\USERS\MATHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathias@statse.webtrendslive[1].txt [ Cookie:mathias@statse.webtrendslive.com/ ]

        C:\USERS\MATHIAS\Cookies\ARA1BZI7.txt [ Cookie:mathias@atdmt.combing.com/ ]

        C:\USERS\MATHIAS\Cookies\NDRJXEU9.txt [ Cookie:mathias@doubleclick.net/ ]

        C:\USERS\MATHIAS\Cookies\UKVN2JPQ.txt [ Cookie:mathias@dyntracker.com/ ]

        C:\USERS\MATHIAS\Cookies\WJU4XBLX.txt [ Cookie:mathias@mediaplex.com/ ]

        C:\USERS\MATHIAS\Cookies\IB1M9MJU.txt [ Cookie:mathias@zanox.com/ ]

        C:\USERS\MATHIAS\Cookies\ZXQSZHWU.txt [ Cookie:mathias@zanox-affiliate.de/ ]

        C:\USERS\MATHIAS\Cookies\LDE2DNIW.txt [ Cookie:mathias@fastclick.net/ ]

        .yadro.ru [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        livestat.derstandard.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .countomat.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        servestats.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        servestats.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        stats.vertriebsassistent.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        ebusiness.springer-business-media.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .c.gigcount.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        statse.webtrendslive.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        in.getclicky.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .s.clickability.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .s.clickability.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .statcounter.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .xiti.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

Zitat:

UAC On - Limited User

Hast du SASW nicht per Rechtsklick als Administrator ausgeführt?

Ach Mist, du hast natürlich Recht.
Also hier nochmal:

EDIT: Komisch, jetzt steht wieder Limited User da, dabei bin ich mir sicher, dass ich es als Administrator ausgeführt habe.

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 07/20/2012 at 07:24 PM
 

Application Version : 5.5.1006
 

Core Rules Database Version : 8914

Trace Rules Database Version: 6726
 

Scan type       : Complete Scan

Total Scan Time : 02:40:22
 

Operating System Information

Windows 7 Home Premium 32-bit (Build 6.01.7600)

UAC On - Limited User
 

Memory items scanned      : 727

Memory threats detected   : 0

Registry items scanned    : 34754

Registry threats detected : 0

File items scanned        : 162069

File threats detected     : 57
 

Adware.Tracking Cookie

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\0GVBH43A.txt [ /ad.zanox.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\ARA1BZI7.txt [ /atdmt.combing.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\EDAKTY35.txt [ /smartadserver.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\NDRJXEU9.txt [ /doubleclick.net ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\UKVN2JPQ.txt [ /dyntracker.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\9NGGH48S.txt [ /atdmt.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\VNGFTGUH.txt [ /ad.dyntracker.de ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\W5T7LJQC.txt [ /mediaplex.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\IB1M9MJU.txt [ /zanox.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\CAIK2Q79.txt [ /www.zanox-affiliate.de ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\ZXQSZHWU.txt [ /zanox-affiliate.de ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\MHLHEE00.txt [ /fastclick.net ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\AVTM8MDO.txt [ /apmebf.com ]

        C:\USERS\MATHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\E5EZ3QZ0.txt [ Cookie:mathias@atdmt.combing.com/ ]

        C:\USERS\MATHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathias@2o7[1].txt [ Cookie:mathias@2o7.net/ ]

        C:\USERS\MATHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathias@statse.webtrendslive[1].txt [ Cookie:mathias@statse.webtrendslive.com/ ]

        C:\USERS\MATHIAS\Cookies\ARA1BZI7.txt [ Cookie:mathias@atdmt.combing.com/ ]

        C:\USERS\MATHIAS\Cookies\NDRJXEU9.txt [ Cookie:mathias@doubleclick.net/ ]

        C:\USERS\MATHIAS\Cookies\UKVN2JPQ.txt [ Cookie:mathias@dyntracker.com/ ]

        C:\USERS\MATHIAS\Cookies\W5T7LJQC.txt [ Cookie:mathias@mediaplex.com/ ]

        C:\USERS\MATHIAS\Cookies\IB1M9MJU.txt [ Cookie:mathias@zanox.com/ ]

        C:\USERS\MATHIAS\Cookies\ZXQSZHWU.txt [ Cookie:mathias@zanox-affiliate.de/ ]

        C:\USERS\MATHIAS\Cookies\MHLHEE00.txt [ Cookie:mathias@fastclick.net/ ]

        .yadro.ru [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        livestat.derstandard.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .countomat.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        servestats.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        servestats.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        stats.vertriebsassistent.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        ebusiness.springer-business-media.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .c.gigcount.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        statse.webtrendslive.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        in.getclicky.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .s.clickability.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .s.clickability.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .statcounter.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .xiti.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

Also, ich habe den Computer nochmal neu gestartet und das Programm wieder als Administrator laufen lassen, das Ergebnis ist aber das gleiche:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 07/21/2012 at 03:40 PM
 

Application Version : 5.5.1006
 

Core Rules Database Version : 8914

Trace Rules Database Version: 6726
 

Scan type       : Complete Scan

Total Scan Time : 02:48:04
 

Operating System Information

Windows 7 Home Premium 32-bit (Build 6.01.7600)

UAC On - Limited User
 

Memory items scanned      : 716

Memory threats detected   : 0

Registry items scanned    : 34753

Registry threats detected : 0

File items scanned        : 162624

File threats detected     : 58
 

Adware.Tracking Cookie

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\FQM7062M.txt [ /ad.zanox.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\ARA1BZI7.txt [ /atdmt.combing.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\EDAKTY35.txt [ /smartadserver.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\NDRJXEU9.txt [ /doubleclick.net ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\UKVN2JPQ.txt [ /dyntracker.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\9NGGH48S.txt [ /atdmt.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\VNGFTGUH.txt [ /ad.dyntracker.de ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\TF8N5GBC.txt [ /mediaplex.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\MVVH56T4.txt [ /zanox.com ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\CAIK2Q79.txt [ /www.zanox-affiliate.de ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\ZXQSZHWU.txt [ /zanox-affiliate.de ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\88Q0T3K3.txt [ /fastclick.net ]

        C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Cookies\AVTM8MDO.txt [ /apmebf.com ]

        C:\USERS\MATHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\E5EZ3QZ0.txt [ Cookie:mathias@atdmt.combing.com/ ]

        C:\USERS\MATHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathias@2o7[1].txt [ Cookie:mathias@2o7.net/ ]

        C:\USERS\MATHIAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathias@statse.webtrendslive[1].txt [ Cookie:mathias@statse.webtrendslive.com/ ]

        C:\USERS\MATHIAS\Cookies\ARA1BZI7.txt [ Cookie:mathias@atdmt.combing.com/ ]

        C:\USERS\MATHIAS\Cookies\NDRJXEU9.txt [ Cookie:mathias@doubleclick.net/ ]

        C:\USERS\MATHIAS\Cookies\UKVN2JPQ.txt [ Cookie:mathias@dyntracker.com/ ]

        C:\USERS\MATHIAS\Cookies\TF8N5GBC.txt [ Cookie:mathias@mediaplex.com/ ]

        C:\USERS\MATHIAS\Cookies\MVVH56T4.txt [ Cookie:mathias@zanox.com/ ]

        C:\USERS\MATHIAS\Cookies\ZXQSZHWU.txt [ Cookie:mathias@zanox-affiliate.de/ ]

        C:\USERS\MATHIAS\Cookies\88Q0T3K3.txt [ Cookie:mathias@fastclick.net/ ]

        .yadro.ru [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .fuckyouverymuch.dk [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        livestat.derstandard.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .countomat.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .findix.at [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .ffindr.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        servestats.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        servestats.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        stats.vertriebsassistent.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        ebusiness.springer-business-media.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .c.gigcount.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        statse.webtrendslive.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        in.getclicky.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .s.clickability.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .s.clickability.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .statcounter.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        .xiti.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

        wstat.wibiya.com [ C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PN5SGZQ.DEFAULT\COOKIES.SQLITE ]

Evtl. ist das ein Bug von SASW das ist mir schön öfter aufgefallen, aber nicht in jedem Log steht das.

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Ok danke für den Tipp, um die Cookies werde ich mich kümmern.
Bei meinem System läuft alles ohne Probleme, zumindest ohne für mich ersichtliche. Muss ich sonst noch etwas machen, mit den Funden in Quarantäne bspw.?
Danke für deine Hilfe, Arne!

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Super! Ich werd das noch machen und dann ist der Schlamassel endlich abgeschlossen. Danke nochmal für deine kompetente und geduldige Hilfe! :daumenhoc