Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Malwarebytes Warnung "potentiell gefährlicher Prozess gestoppt" (https://www.trojaner-board.de/101681-malwarebytes-warnung-potentiell-gefaehrlicher-prozess-gestoppt.html)

cosinus 27.07.2011 13:30
Kannst du lassen, sptd ist ok.


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Ivorya 27.07.2011 16:46
Hallo Cosinus, hier der ComboFix-Log:

Code:
ComboFix 11-07-27.01 - *user* 27.07.2011  17:22:00.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3003.1631 [GMT 2:00]
ausgeführt von:: c:\users\*user*\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\msconfig.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\twain.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-06-27 bis 2011-07-27  ))))))))))))))))))))))))))))))
.
.
2011-07-27 15:30 . 2011-07-27 15:30        --------        d-----w-        c:\users\*user*\AppData\Local\temp
2011-07-27 15:30 . 2011-07-27 15:30        --------        d-----w-        c:\users\*user*\AppData\Local\temp
2011-07-27 15:30 . 2011-07-27 15:30        --------        d-----w-        c:\users\*user*\AppData\Local\temp
2011-07-27 15:30 . 2011-07-27 15:30        --------        d-----w-        c:\users\*user*\AppData\Local\temp
2011-07-27 15:30 . 2011-07-27 15:30        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-07-27 15:19 . 2011-07-27 15:20        --------        d-----w-        C:\32788R22FWJFW
2011-07-27 11:28 . 2011-07-27 11:28        --------        d-----w-        C:\_OTL
2011-07-26 18:43 . 2011-07-26 18:43        28752        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13370541-F13C-45B8-AD6A-940F833F9788}\MpKsl7c0c5e35.sys
2011-07-26 18:43 . 2011-07-13 03:39        6881616        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13370541-F13C-45B8-AD6A-940F833F9788}\mpengine.dll
2011-07-25 17:54 . 2011-07-25 17:54        --------        d-----w-        c:\program files\ESET
2011-07-25 16:20 . 2011-07-06 17:52        41272        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-25 16:20 . 2011-07-06 17:52        22712        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-07-22 18:52 . 2011-04-21 13:55        508416        ----a-w-        c:\windows\system32\drivers\bthport.sys
2011-07-22 18:52 . 2009-06-17 13:23        30208        ----a-w-        c:\windows\system32\drivers\BTHUSB.SYS
2011-07-22 18:52 . 2011-04-20 15:55        375808        ----a-w-        c:\windows\system32\winsrv.dll
2011-07-22 18:52 . 2011-04-20 15:50        49152        ----a-w-        c:\windows\system32\csrsrv.dll
2011-07-22 18:51 . 2011-06-02 13:34        2043392        ----a-w-        c:\windows\system32\win32k.sys
2011-07-22 18:49 . 2011-04-29 15:59        276992        ----a-w-        c:\windows\system32\schannel.dll
2011-07-22 18:45 . 2011-07-22 18:45        --------        d-----w-        c:\users\*user*\AppData\Roaming\PC Suite
2011-07-21 15:38 . 2011-07-21 15:38        --------        d-----w-        c:\users\*user*\AppData\Roaming\Boolat Games
2011-07-20 15:14 . 2002-03-25 16:44        722192        ----a-w-        c:\windows\system32\VB40032.DLL
2011-07-20 15:14 . 2002-03-25 16:44        60416        ----a-w-        c:\windows\ST4UNST.EXE
2011-07-20 15:14 . 2002-03-25 16:44        171520        ----a-w-        c:\windows\setup132.exe
2011-07-05 18:47 . 2011-07-05 18:47        --------        d-----w-        c:\program files\Basement Softworks
2011-07-05 17:55 . 2011-07-05 17:55        --------        d-----w-        c:\users\*user*\dwhelper
2011-07-04 13:22 . 2011-07-04 13:22        --------        d-----w-        c:\users\*user*\AppData\Local\Oleg_Zhuk
2011-07-04 12:29 . 2010-04-27 02:25        98432        ----a-w-        c:\windows\system32\drivers\ss_bbus.sys
2011-07-04 12:29 . 2010-04-27 02:25        14848        ----a-w-        c:\windows\system32\drivers\ss_bmdfl.sys
2011-07-04 12:29 . 2010-04-27 02:25        12416        ----a-w-        c:\windows\system32\drivers\ss_bcmnt.sys
2011-07-04 12:29 . 2010-04-27 02:25        12416        ----a-w-        c:\windows\system32\drivers\ss_bcm.sys
2011-07-04 12:29 . 2010-04-27 02:25        123648        ----a-w-        c:\windows\system32\drivers\ss_bmdm.sys
2011-07-04 12:29 . 2010-04-27 02:25        12288        ----a-w-        c:\windows\system32\drivers\ss_bwhnt.sys
2011-07-04 12:29 . 2010-04-27 02:25        12288        ----a-w-        c:\windows\system32\drivers\ss_bwh.sys
2011-07-04 12:27 . 2011-07-04 12:28        --------        d-----w-        c:\users\*user*\{65149495-887c-4e76-9c8d-9ecbdc826756}
2011-07-04 12:24 . 2011-07-04 12:24        --------        d-----w-        c:\users\*user*\{7b373682-0225-406a-8128-c221bf3aba21}
2011-07-04 12:15 . 2011-07-18 19:48        --------        d-----w-        c:\users\*user*\AppData\Roaming\Samsung
2011-07-04 11:48 . 2011-07-04 11:48        --------        d-----w-        c:\programdata\PC Suite
2011-07-04 11:48 . 2011-07-04 11:48        --------        d-----w-        c:\users\*user*\AppData\Roaming\PC Suite
2011-07-04 11:36 . 2007-05-02 14:31        90624        ----a-w-        c:\windows\system32\nmwcdcls.dll
2011-07-04 11:36 . 2011-07-04 12:34        --------        d-----w-        c:\program files\Samsung
2011-07-04 11:36 . 2007-09-17 13:53        21632        ----a-w-        c:\windows\system32\drivers\pccsmcfd.sys
2011-07-04 11:35 . 2011-07-18 17:40        --------        d-----w-        c:\windows\system32\Samsung_USB_Drivers
2011-07-04 11:34 . 2010-07-29 07:50        238952        ----a-w-        c:\windows\system32\FsUsbExService.Exe
2011-07-04 11:34 . 2010-06-14 00:32        36608        ----a-w-        c:\windows\system32\FsUsbExDisk.Sys
2011-07-04 11:34 . 2009-03-31 07:39        110592        ----a-w-        c:\windows\system32\FsUsbExDevice.Dll
2011-07-04 11:33 . 2011-07-04 11:35        --------        d-----w-        c:\program files\PC Connectivity Solution
2011-07-04 11:05 . 2011-07-25 16:05        --------        d-----w-        c:\users\*user*\AppData\Local\Samsung
2011-07-04 11:01 . 2011-06-07 09:13        4659712        ----a-w-        c:\windows\system32\Redemption.dll
2011-07-04 11:01 . 2011-07-04 11:01        --------        d-----w-        c:\program files\MarkAny
2011-07-04 11:00 . 2011-07-18 17:42        --------        d-----w-        c:\users\*user*\AppData\Roaming\Samsung
2011-07-04 11:00 . 2011-07-25 16:05        --------        d-----w-        c:\programdata\Samsung
2011-07-03 17:06 . 2011-07-03 17:06        --------        d-----w-        c:\programdata\TomTom
2011-07-03 17:06 . 2011-07-03 17:06        --------        d-----w-        c:\users\*user*\AppData\Roaming\TomTom
2011-07-03 17:06 . 2011-07-03 17:06        --------        d-----w-        c:\users\*user*\AppData\Local\TomTom
2011-07-03 17:06 . 2011-07-03 17:06        --------        d-----w-        c:\program files\TomTom International B.V
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-22 20:11 . 2011-05-17 20:06        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-13 03:39 . 2011-06-10 19:47        6881616        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-07 09:13 . 2011-06-07 09:13        974848        ----a-w-        c:\windows\system32\cis-2.4.dll
2011-06-07 09:13 . 2011-06-07 09:13        81920        ----a-w-        c:\windows\system32\issacapi_bs-2.3.dll
2011-06-07 09:13 . 2011-06-07 09:13        65536        ----a-w-        c:\windows\system32\issacapi_pe-2.3.dll
2011-06-07 09:13 . 2011-06-07 09:13        57344        ----a-w-        c:\windows\system32\MTXSYNCICON.dll
2011-06-07 09:13 . 2011-06-07 09:13        57344        ----a-w-        c:\windows\system32\issacapi_se-2.3.dll
2011-06-07 09:13 . 2011-06-07 09:13        569344        ----a-w-        c:\windows\system32\muzdecode.ax
2011-06-07 09:13 . 2011-06-07 09:13        491520        ----a-w-        c:\windows\system32\muzapp.dll
2011-06-07 09:13 . 2011-06-07 09:13        49152        ----a-w-        c:\windows\system32\MaJGUILib.dll
2011-06-07 09:13 . 2011-06-07 09:13        45056        ----a-w-        c:\windows\system32\MaXMLProto.dll
2011-06-07 09:13 . 2011-06-07 09:13        40960        ----a-w-        c:\windows\system32\MTTELECHIP.dll
2011-06-07 09:13 . 2011-06-07 09:13        352256        ----a-w-        c:\windows\system32\MSLUR71.dll
2011-06-07 09:13 . 2011-06-07 09:13        24576        ----a-w-        c:\windows\system32\MASetupCleaner.exe
2011-06-07 09:13 . 2011-06-07 09:13        200704        ----a-w-        c:\windows\system32\muzwmts.dll
2011-06-07 09:13 . 2011-06-07 09:13        155648        ----a-w-        c:\windows\system32\MSFLib.dll
2011-06-07 09:13 . 2011-06-07 09:13        143360        ----a-w-        c:\windows\system32\3DAudio.ax
2011-06-07 09:13 . 2011-06-07 09:13        135168        ----a-w-        c:\windows\system32\muzaf1.dll
2011-06-07 09:13 . 2011-06-07 09:13        131072        ----a-w-        c:\windows\system32\muzmpgsp.ax
2011-06-07 09:13 . 2011-06-07 09:13        122880        ----a-w-        c:\windows\system32\muzeffect.ax
2011-06-07 09:13 . 2011-06-07 09:13        118784        ----a-w-        c:\windows\system32\MaDRM.dll
2011-06-07 09:13 . 2011-06-07 09:13        110592        ----a-w-        c:\windows\system32\muzmp4sp.ax
2011-06-07 09:13 . 2011-06-07 09:13        57344        ----a-w-        c:\windows\system32\MK_Lyric.dll
2011-06-07 09:13 . 2011-06-07 09:13        45056        ----a-w-        c:\windows\system32\MACXMLProto.dll
2011-06-07 09:13 . 2011-06-07 09:13        40960        ----a-w-        c:\windows\system32\MAMACExtract.dll
2011-06-07 09:13 . 2011-06-07 09:13        258048        ----a-w-        c:\windows\system32\muzoggsp.ax
2011-06-07 09:13 . 2011-06-07 09:13        245760        ----a-w-        c:\windows\system32\MSCLib.dll
2011-05-20 14:53 . 2011-01-01 15:27        0        ----a-w-        c:\windows\system32\ConduitEngine.tmp
2011-05-09 20:46 . 2011-06-09 14:58        6962000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F43801EB-C9D0-4695-A163-5AF7793BDF79}\mpengine.dll
2011-05-04 02:52 . 2010-05-09 12:29        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-05-02 17:16 . 2011-06-14 19:43        739328        ----a-w-        c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-14 19:43        146432        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-14 19:43        102400        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-14 19:42        214016        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-14 19:42        79872        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-14 19:42        106496        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2007-03-12 16:59 . 2007-03-12 16:59        299008        ----a-w-        c:\program files\navigram_register.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 11:05        40496        ----a-w-        c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"TomTomHOME.exe"="d:\progz\TomTom\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"AutoStartNPSAgent"="d:\progz\Samsung PC Studio\NPSAgent.exe" [2010-07-29 95576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-04-15 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-18 1430824]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-02-12 862728]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-02-20 3553280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-02-23 204800]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-12 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-12 153624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-24 13797920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\*user*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Start Extensions for Windows.lnk - d:\progz\Extensions\ExtensionsServer.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-23 727592]
Lotus Organizer EasyClip.lnk - d:\progz\Lotus\org6\organize\EASYCLIP6.EXE [2009-9-24 229433]
SetPointII.lnk - d:\progz\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^*user*^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\*user*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59        937920        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2009-03-11 13:19        156968        ------w-        c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
2009-04-11 17:31        249600        ----a-w-        c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-03-11 13:19        202024        ------w-        c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51        691656        ----a-w-        d:\progz\Deamon\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44        31072        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07        1828136        ----a-w-        c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2008-10-27 11:05        346672        ----a-w-        c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29        2221352        ----a-w-        d:\progz\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2009-03-05 12:29        173288        ------w-        c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28        1233920        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe
.
R1 MpKsl7bb49d39;MpKsl7bb49d39;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DA789E0-8613-492F-B724-D376A8580856}\MpKsl7bb49d39.sys [x]
R1 MpKsla4d62049;MpKsla4d62049;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FFBCA51B-1FA9-44D2-A35B-A10634187884}\MpKsla4d62049.sys [x]
R1 MpKslca0eafd4;MpKslca0eafd4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D4DB624-3B39-41B8-93F2-84B231F06D25}\MpKslca0eafd4.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 136176]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-07-04 280448]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-01-02 79360]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 136176]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-07-10 42608]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-28 721904]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-03-06 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-15 703008]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2009-04-18 26928]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-29 238952]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-02-20 3440640]
S2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
S2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
S2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
S2 TomTomHOMEService;TomTomHOMEService;d:\progz\TomTom\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-11-03 223232]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2005-12-18 57856]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-02-25 112992]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-30 3715072]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 90433341
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - MPKSL7C0C5E35
*NewlyCreated* - MPKSLE1D20C56
*Deregistered* - 90433341
*Deregistered* - MpKsle1d20c56
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 21:16]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 21:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0409&m=aspire_5935
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - d:\progz\Lotus\org6\organize\bandobjs.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8079C50A-AF5F-4DA2-93C8-1A0A68874DBE}: NameServer = 213.191.74.19 62.109.123.197
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\*user*\AppData\Roaming\Mozilla\Firefox\Profiles\yerqz0l7.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{662f5b27-1a14-48d4-b9b6-69b111d6cfde} - (no file)
WebBrowser-{662F5B27-1A14-48D4-B9B6-69B111D6CFDE} - (no file)
HKLM-Run-NPSStartup - (no file)
AddRemove-01_Simmental - d:\progz\Samsung PC Studio\USB Treiber\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - d:\progz\Samsung PC Studio\USB Treiber\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - d:\progz\Samsung PC Studio\USB Treiber\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - d:\progz\Samsung PC Studio\USB Treiber\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - d:\progz\Samsung PC Studio\USB Treiber\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - d:\progz\Samsung PC Studio\USB Treiber\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - d:\progz\Samsung PC Studio\USB Treiber\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - d:\progz\Samsung PC Studio\USB Treiber\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - d:\progz\Samsung PC Studio\USB Treiber\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - d:\progz\Samsung PC Studio\USB Treiber\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - d:\progz\Samsung PC Studio\USB Treiber\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - d:\progz\Samsung PC Studio\USB Treiber\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - d:\progz\Samsung PC Studio\USB Treiber\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - d:\progz\Samsung PC Studio\USB Treiber\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - d:\progz\Samsung PC Studio\USB Treiber\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - d:\progz\Samsung PC Studio\USB Treiber\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - d:\progz\Samsung PC Studio\USB Treiber\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - d:\progz\Samsung PC Studio\USB Treiber\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - d:\progz\Samsung PC Studio\USB Treiber\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - d:\progz\Samsung Kies\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - d:\progz\Samsung Kies\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-07-27 17:30
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-59915249-1296444255-759154618-1000\Software\SecuROM\License information*]
"datasecu"=hex:f9,ad,25,23,a0,c3,c7,1c,3f,69,13,f0,f1,8c,6d,e0,65,2e,b9,24,f8,
  5c,9c,74,81,82,74,b2,7c,fb,04,ed,d4,b5,d2,03,25,d4,8b,45,37,4c,55,01,a5,60,\
"rkeysecu"=hex:31,65,33,ba,bb,a6,0b,9e,13,d7,17,df,5c,16,49,bc
.
[HKEY_USERS\S-1-5-21-59915249-1296444255-759154618-1002\Software\SecuROM\License information*]
"datasecu"=hex:f5,7f,ae,9b,85,ec,52,bc,96,41,1b,18,15,2f,0a,76,ef,2d,5d,2b,08,
  8e,1d,99,6f,1f,0b,86,e7,9f,32,72,82,aa,20,e2,cd,55,78,e8,be,fe,be,e7,f6,53,\
"rkeysecu"=hex:ca,20,22,7c,fa,ce,9a,c9,35,fd,ad,ef,e6,b9,49,f3
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-07-27  17:32:34
ComboFix-quarantined-files.txt  2011-07-27 15:32
ComboFix2.txt  2010-07-24 07:54
.
Vor Suchlauf: 20 Verzeichnis(se), 53.538.922.496 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 53.535.100.928 Bytes frei
.
- - End Of File - - 7413378278DA3161862A5192893C38D6
MSE habe ich per "Prozess beenden" beenden können, aber ComboFix hat trotzdem rumgemault und dann weitergemacht. Scheint (?) ja geklappt zu haben.

cosinus 28.07.2011 09:47
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Ivorya 28.07.2011 12:56
Hallo Cosinus,

anbei GMER und OSAM. aswMBR muss ich noch machen, aber ich muss jetzt wieder ins Büro und reiche den Log dann später nach.

GMER:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-07-28 13:23:41
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-22ZAT0 rev.01.01A01
Running: g8ds557p.exe; Driver: C:\Users\*user*\AppData\Local\Temp\uwloqpod.sys


---- System - GMER 1.0.15 ----

INT 0x62  ?                                                                                                                                            86923BF8
INT 0x72  ?                                                                                                                                            86923BF8
INT 0x82  ?                                                                                                                                            84F25BF8
INT 0x82  ?                                                                                                                                            84F25BF8
INT 0x82  ?                                                                                                                                            84F25BF8
INT 0x82  ?                                                                                                                                            84F25BF8
INT 0x82  ?                                                                                                                                            86923BF8
INT 0x82  ?                                                                                                                                            84F25BF8
INT 0x92  ?                                                                                                                                            86923BF8
INT 0xB2  ?                                                                                                                                            84F24BF8
INT 0xB2  ?                                                                                                                                            84F24BF8
INT 0xB2  ?                                                                                                                                            84F24BF8
INT 0xB2  ?                                                                                                                                            84F24BF8
INT 0xB3  ?                                                                                                                                            86923BF8

---- Kernel code sections - GMER 1.0.15 ----

?        System32\Drivers\spau.sys                                                                                                                    Das System kann den angegebenen Pfad nicht finden. !
.text    USBPORT.SYS!DllUnload                                                                                                                        8EF9241B 5 Bytes  JMP 869231D8
.text    avu3wjs1.SYS                                                                                                                                  8A5C3000 22 Bytes  [82, E3, 41, 82, 6C, E2, 41, ...]
.text    avu3wjs1.SYS                                                                                                                                  8A5C3017 137 Bytes  [00, 32, A7, 79, 80, 3D, A5, ...]
.text    avu3wjs1.SYS                                                                                                                                  8A5C30A1 43 Bytes  [30, 4F, 82, 74, 26, 49, 82, ...]
.text    avu3wjs1.SYS                                                                                                                                  8A5C30CE 10 Bytes  [00, 00, 00, 00, 00, 00, 02, ...]
.text    avu3wjs1.SYS                                                                                                                                  8A5C30DA 12 Bytes  [00, 00, 02, 00, 00, 00, 24, ...]
.text    ...                                                                                                                                         
.text    C:\Windows\system32\DRIVERS\atksgt.sys                                                                                                        section is writeable [0xAE850300, 0x3B6D8, 0xE8000020]
.text    C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                                        section is writeable [0xAE8A4300, 0x1BEE, 0xE8000020]
.text    C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                                                                        section is writeable [0xAE9BC000, 0x2892, 0xE8000020]
.vmp2    C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                                                                        entry point in ".vmp2" section [0xAE9DF050]
?        C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                                                    Das System kann die angegebene Datei nicht finden. !
?        C:\Users\*user*\AppData\Local\Temp\catchme.sys                                                                                                Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text    C:\Windows\Explorer.EXE[1436] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5                                                                    75C4B37C 4 Bytes  [B0, 22, 00, 10] {MOV AL, 0x22; ADD [EAX], DL}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT      \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                                    [806906D6] \SystemRoot\System32\Drivers\spau.sys
IAT      \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                                      [80690042] \SystemRoot\System32\Drivers\spau.sys
IAT      \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                              [80690800] \SystemRoot\System32\Drivers\spau.sys
IAT      \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                                                    [806900C0] \SystemRoot\System32\Drivers\spau.sys
IAT      \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                              [8069013E] \SystemRoot\System32\Drivers\spau.sys
IAT      \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                                            [8069FE9C] \SystemRoot\System32\Drivers\spau.sys
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortNotification]                                                                    CC358B04
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortWritePortUchar]                                                                  838A5E8F
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortWritePortUlong]                                                                  458B38C6
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                                              A5A5A514
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                                                  100D8BA5
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                                            5F8A5E60
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortReadPortUchar]                                                                  30810889
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortStallExecution]                                                                  54771129
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortGetParentBusType]                                                                10C25D5E
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortRequestCallback]                                                                8B55CC00
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                                          084D8BEC
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                                            0CF0918B
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortCompleteRequest]                                                                458B0000
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortMoveMemory]                                                                      8B108910
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                                                      000CF491
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                                          04508900
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                                            053C7980
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortReadPortUshort]                                                                  560C558B
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                                            C6127557
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortInitialize]                                                                      B18D0502
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortGetDeviceBase]                                                                  00000CF8
IAT      \SystemRoot\System32\Drivers\avu3wjs1.SYS[ataport.SYS!AtaPortDeviceStateChange]                                                              A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                        [72F77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                          [72FCA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                      [72F7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                [72F6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                          [72F775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                      [72F6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                          [72FA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                              [72F7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                      [72F6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                      [72F6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                        [72F671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                                [72FFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                                  [72F9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                      [72F6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                [72F66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                              [72F6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                  [72F72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                                                  [10002480] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]                                      [10001DA0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                                                [100027D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT      C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                                  [10001290] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT      C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2572] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx]  [00B41210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.dll (Backup Manager Module/NewTech Infosystems, Inc.)

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                                                        858C71F8
Device    \Driver\volmgr \Device\VolMgrControl                                                                                                          858C31F8
Device    \Driver\usbuhci \Device\USBPDO-0                                                                                                              869FA500
Device    \Driver\usbuhci \Device\USBPDO-1                                                                                                              869FA500
Device    \Driver\usbehci \Device\USBPDO-2                                                                                                              869B21F8
Device    \Driver\usbuhci \Device\USBPDO-3                                                                                                              869FA500
Device    \Driver\usbuhci \Device\USBPDO-4                                                                                                              869FA500
Device    \Driver\usbuhci \Device\USBPDO-5                                                                                                              869FA500
Device    \Driver\usbuhci \Device\USBPDO-6                                                                                                              869FA500
Device    \Driver\volmgr \Device\HarddiskVolume1                                                                                                        858C31F8
Device    \Driver\usbehci \Device\USBPDO-7                                                                                                              869B21F8
Device    \Driver\sptd \Device\1268831978                                                                                                              spau.sys
Device    \Driver\volmgr \Device\HarddiskVolume2                                                                                                        858C31F8
Device    \Driver\cdrom \Device\CdRom0                                                                                                                  869AE1F8
Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                                                  858C51F8
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                                            858C51F8
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                                            858C51F8
Device    \Driver\atapi \Device\Ide\IdePort2                                                                                                            858C51F8
Device    \Driver\atapi \Device\Ide\IdePort3                                                                                                            858C51F8
Device    \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1                                                                                                  858C51F8
Device    \Driver\msahci \Device\Ide\PciIde0Channel0                                                                                                    858C61F8
Device    \Driver\msahci \Device\Ide\PciIde0Channel1                                                                                                    858C61F8
Device    \Driver\msahci \Device\Ide\PciIde0Channel4                                                                                                    858C61F8
Device    \Driver\msahci \Device\Ide\PciIde0Channel5                                                                                                    858C61F8
Device    \Driver\volmgr \Device\HarddiskVolume3                                                                                                        858C31F8
Device    \Driver\cdrom \Device\CdRom1                                                                                                                  869AE1F8
Device    \Driver\volmgr \Device\HarddiskVolume4                                                                                                        858C31F8
Device    \Driver\netbt \Device\NetBt_Wins_Export                                                                                                      88BE61F8
Device    \Driver\PCI_PNP1773 \Device\00000078                                                                                                          spau.sys
Device    \Driver\netbt \Device\NetBT_Tcpip_{D934D041-87F7-4D29-8E54-3F06F391E598}                                                                      88BE61F8
Device    \Driver\netbt \Device\NetBT_Tcpip_{59070B74-A9BA-4839-B4A8-49B99D46C801}                                                                      88BE61F8
Device    \Driver\Smb \Device\NetbiosSmb                                                                                                                88BBB1F8
Device    \Driver\iScsiPrt \Device\RaidPort0                                                                                                            86F49500
Device    \Driver\usbuhci \Device\USBFDO-0                                                                                                              869FA500
Device    \Driver\usbuhci \Device\USBFDO-1                                                                                                              869FA500
Device    \Driver\usbehci \Device\USBFDO-2                                                                                                              869B21F8
Device    \Driver\usbuhci \Device\USBFDO-3                                                                                                              869FA500
Device    \Driver\usbuhci \Device\USBFDO-4                                                                                                              869FA500
Device    \Driver\usbuhci \Device\USBFDO-5                                                                                                              869FA500
Device    \Driver\usbuhci \Device\USBFDO-6                                                                                                              869FA500
Device    \Driver\usbehci \Device\USBFDO-7                                                                                                              869B21F8
Device    \Driver\JMCR \Device\Scsi\JMCR1                                                                                                              869C81F8
Device    \Driver\JMCR \Device\Scsi\JMCR2                                                                                                              869C81F8
Device    \Driver\JMCR \Device\Scsi\JMCR3                                                                                                              869C81F8
Device    \Driver\avu3wjs1 \Device\Scsi\avu3wjs11Port9Path0Target0Lun0                                                                                  869CB1F8
Device    \Driver\JMCR \Device\Scsi\JMCR4                                                                                                              869C81F8
Device    \Driver\avu3wjs1 \Device\Scsi\avu3wjs11                                                                                                      869CB1F8
Device    \FileSystem\cdfs \Cdfs                                                                                                                        869811F8

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00242cf8163d                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00242cf8163d@0017d5950b35                                                      0x6E 0x79 0xBC 0xD8 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00242cf8163d@e0a6709e7039                                                      0x25 0x68 0x79 0x13 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00242cf8163d@2013e033abd7                                                      0x43 0x9A 0xC6 0x7A ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                            771343423
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                            285507792
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                            1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                          D:\Progz\Deamon\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                        0x3C 0xD2 0xF4 0x02 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                  0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                              0xB5 0x32 0x20 0x17 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                               
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                          0xF9 0x9F 0x5F 0x81 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00242cf8163d (not active ControlSet)                                             
Reg      HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00242cf8163d@0017d5950b35                                                          0x6E 0x79 0xBC 0xD8 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00242cf8163d@e0a6709e7039                                                          0x25 0x68 0x79 0x13 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00242cf8163d@2013e033abd7                                                          0x43 0x9A 0xC6 0x7A ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                         
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                              D:\Progz\Deamon\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                              0
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                            0x3C 0xD2 0xF4 0x02 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                               
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                      0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                  0xB5 0x32 0x20 0x17 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                           
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                              0xF9 0x9F 0x5F 0x81 ...

---- EOF - GMER 1.0.15 ----
OSAM:
Code:
OSAM Logfile:

       
Code:

       
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:33:41 on 28.07.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
"ODBCCP32.CPL" - "Microsoft Corporation" - C:\Windows\system32\ODBCCP32.CPL
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CreativeAudioConsole" - "Creative Technology Ltd" - C:\Program Files\Creative\AudioCS\CTAudCS.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - D:\Progz\Nero 8\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Advanced SCSI Programming Interface Driver" (ASPI) - ? - C:\Windows\System32\DRIVERS\ASPI32.sys
"AlfaFF" (AlfaFF) - "Alfa Corporation" - C:\Windows\System32\drivers\AlfaFF.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avu3wjs1" (avu3wjs1) - "Microsoft Corporation" - C:\Windows\system32\drivers\avu3wjs1.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"catchme" (catchme) - ? - C:\Users\*user*\AppData\Local\Temp\catchme.sys  (File not found)
"dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys  (File not found)
"Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\DPortIO.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"mbmiodrvr" (mbmiodrvr) - "cansoft@livewiredev.com" - C:\Windows\system32\mbmiodrvr.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MpKsl7bb49d39" (MpKsl7bb49d39) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2DA789E0-8613-492F-B724-D376A8580856}\MpKsl7bb49d39.sys  (File not found)
"MpKsl932da868" (MpKsl932da868) - "Microsoft Corporation" - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7EC26FFF-04EF-4510-823E-7E257CF82CE0}\MpKsl932da868.sys
"MpKsla4d62049" (MpKsla4d62049) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFBCA51B-1FA9-44D2-A35B-A10634187884}\MpKsla4d62049.sys  (File not found)
"MpKslca0eafd4" (MpKslca0eafd4) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D4DB624-3B39-41B8-93F2-84B231F06D25}\MpKslca0eafd4.sys  (File not found)
"mwlPSDFilter" (mwlPSDFilter) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys
"mwlPSDNServ" (mwlPSDNServ) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys
"mwlPSDVDisk" (mwlPSDVDisk) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys
"PMEM" (PMEM) - "Microsoft Corporation" - C:\Windows\system32\drivers\pmemnt.sys
"Power Control [2009/04/19 01:16:11]" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - ? - C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys
"uwloqpod" (uwloqpod) - ? - C:\Users\*user*\AppData\Local\Temp\uwloqpod.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Progz\Open Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{EC654325-1273-C2A9-2B7C-45D29BCE68FB} "Deskscapes" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "EgisTec Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI239C~1\shellext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" - "Egis Technology Inc." - C:\Program Files\Acer Bio Protection\FPLaunchCache.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - D:\Progz\Nero 8\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Progz\Open Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Progz\Open Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Progz\Open Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Progz\Open Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - D:\Progz\WinRar\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{6E718D87-6909-4FCE-92D4-EDCB2F725727} "Navigram Control" - "Navigram" - C:\PROGRA~1\Navigram\NAVIGR~1\navigram.ocx / hxxp://www.navigram.com/engine/v1111/Navigram.cab
{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} "Zylom Games Player" - "Zylom Games" - C:\Windows\Downloaded Program Files\zylomgamesplayer.dll / hxxp://game.zylom.com/activex/zylomgamesplayer.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
"Quick-Launch Area" - "Egis Technology Inc." - C:\Program Files\Acer Bio Protection\PwdBank.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{85E0B172-04FA-11D1-B7DA-00A0C90348D6} "Web Entry" - ? - D:\Progz\Lotus\org6\organize\bandobjs.dll  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{CE7C3CF0-4B15-11D1-ABED-709549C10000} "IEHlprObj Class" - ? - D:\Progz\Lotus\org6\organize\iehelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\*user*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Lotus Organizer EasyClip.lnk" - "Lotus Development Corporation" - D:\Progz\Lotus\org6\organize\EASYCLIP6.EXE  (Shortcut exists | File exists)
"SetPointII.lnk" - "Logitech Inc." - D:\Progz\Logitech\SetPoint II\SetpointII.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - D:\Progz\Samsung PC Studio\NPSAgent.exe
"ProductReg" - "Acer" - "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
"TomTomHOME.exe" - "TomTom" - "D:\Progz\TomTom\TomTom HOME 2\TomTomHOMERunner.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"EgisTecLiveUpdate" - "EgisTec Inc." - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"MSC" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"VitaKeyPdtWzd" - "Egis Technology Inc." - C:\Program Files\Acer Bio Protection\PdtWzd.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"RICOH Language Monitor2" - "RICOH CO.,Ltd." - C:\Windows\system32\rc4mon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%systemroot%\system32\SearchIndexer.exe,-103" (WSearch) - ? - C:\Windows\system32\SearchIndexer.exe /Embedding  (File not found)
"@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
"CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
"Creative Audio Engine Licensing Service" (Creative Audio Engine Licensing Service) - "Creative Labs" - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
"Creative Audio Service" (CTAudSvcService) - "Creative Technology Ltd" - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
"EgisTec Service" (IGBASVC) - "Egis Technology Inc." - C:\Program Files\Acer Bio Protection\BASVC.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"MyWinLocker Service" (MWLService) - "EgisTec Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - D:\Progz\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
"NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\RS_Service.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - D:\Progz\TomTom\TomTom HOME 2\TomTomHOMEService.exe

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Wie gesagt, aswMBR folgt dann!

Ivorya 28.07.2011 15:26
So, hier aswMBR:

Code:
aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-28 13:36:55
-----------------------------
13:36:55.001    OS Version: Windows 6.0.6002 Service Pack 2
13:36:55.001    Number of processors: 2 586 0x170A
13:36:55.001    ComputerName: *PcName* UserName: *user*
13:36:56.598    Initialize success
13:38:14.063    AVAST engine defs: 11072800
13:38:35.877    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:38:35.882    Disk 0 Vendor: WDC_WD5000BEVT-22ZAT0 01.01A01 Size: 476940MB BusType: 3
13:38:36.642    Disk 0 MBR read successfully
13:38:36.642    Disk 0 MBR scan
13:38:36.647    Disk 0 unknown MBR code
13:38:37.352    Disk 0 scanning sectors +976771072
13:38:37.754    Disk 0 scanning C:\Windows\system32\drivers
13:39:55.087    Service scanning
13:39:55.811    Service MpKsl932da868 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7EC26FFF-04EF-4510-823E-7E257CF82CE0}\MpKsl932da868.sys **LOCKED** 32
13:39:55.816    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
13:39:55.876    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
13:39:56.426    Modules scanning
13:41:33.125    Disk 0 trace - called modules:
13:41:33.230    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x858c51f8]<<
13:41:33.245    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b54730]
13:41:33.260    3 CLASSPNP.SYS[8a7a58b3] -> nt!IofCallDriver -> [0x859d3390]
13:41:33.275    5 acpi.sys[805c16bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8598eb98]
13:41:33.290    \Driver\atapi[0x85976b50] -> IRP_MJ_CREATE -> 0x858c51f8
13:41:34.105    AVAST engine scan C:\Windows
13:42:51.101    AVAST engine scan C:\Windows\system32
13:57:06.635    AVAST engine scan C:\Windows\system32\drivers
13:59:18.456    AVAST engine scan C:\Users\*user*
14:16:26.840    AVAST engine scan C:\ProgramData
14:30:23.140    Scan finished successfully
16:25:06.994    Disk 0 MBR has been saved successfully to "C:\Users\*user*\Desktop\MBR.dat"
16:25:06.994    The log file has been saved successfully to "C:\Users\*user*\Desktop\aswMBR.txt"
*knicks mach*

cosinus 28.07.2011 15:40
Zitat:
13:38:36.647 Disk 0 unknown MBR code
Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Vista installiert?
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten)

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.

Ivorya 28.07.2011 17:49
Hallo Cosinus,

mein Vista ist das einzige Betriebssystem und war bei Kauf des Laptops vorinstalliert, ich habe also keine Recovery-CD oder DVD, ich glaube aber von Acer ist irgendwas hilfreiches in der Art vorinstalliert zur Recovery, und wenn nicht das, dann zumindest zur Datensicherung.

Das werde ich aber erst am Wochenende machen können, morgen ist der letzte Tag vorm Urlaub, Schreibtisch platzt :D

Sobald geschehen, melde ich mich!

Ivorya 02.08.2011 08:55
Hallo,

ich hab soweit alle Daten gesichert und muss jetzt die ISO brennen, dafür brauch ich Rohlinge, muss ich noch besorgen hab grad keine da. Ich fahre heute Nacht für eine Woche in den Urlaub und melde mich dann danach. Wollte Bescheid sagen, nicht, dass du denkst, ich kümmere mich nicht weiter.

Bis dahin eine schöne Woche!


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:53 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131