| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Deutsche Bank als Startseite+ nicht funktionierendes AntivirenprogrammWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.02.2013, 20:25
| #1 |
| |  Deutsche Bank als Startseite+ nicht funktionierendes Antivirenprogramm Hallo Zusammen, ich habe ein kleines Problem mit meinem Computer. Vorab bitte ich mir zu verzeihen, dass mein Fachvokabular sowie meine Computerkenntnisse sehr begrenzt sind! Nun zu meinem Problem und zwar ändert sich die Startseite meines Firefoxbrowsers selbstständig auf die Seite der Deutschen Bank, egal wie oft ich das manuel zu ändern versuche. Zusätzlich funktioniert mein Antivierenprogramm (Avira) auch nicht richtig. Es macht keine Updates mehr. Ich habe versuch das Probelm zu googeln. Habe auch Lösungsvorschläge gefunden. Zum Beispiel habe ich mir Spyware Terminator 2012 und Malewarebytes Anti-Maleware runtergelasen und durchlaufen lassen. Das Spyware Programm hatte auch etwas gefunden und entfernt. Jedoch blieben die Problem bestehen. Ebenfalls versuchte ich mir einfach eine aktuellere Version des Avira Programmes herunter zu laden, jedoch brachte dies auch das ehr wenig/nichts. Könnte mir jemand sagen, was ich noch tuen kann? |
|
11.02.2013, 12:31
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Deutsche Bank als Startseite+ nicht funktionierendes Antivirenprogramm Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
|
12.02.2013, 19:59
| #3 |
| | Deutsche Bank als Startseite+ nicht funktionierendes Antivirenprogramm Danke !
__________________Extras.Txt Code:
ATTFilter OTL Extras logfile created on: 12.02.2013 19:28:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\horst\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1013,30 Mb Total Physical Memory | 172,86 Mb Available Physical Memory | 17,06% Memory free
1,99 Gb Paging File | 0,59 Gb Available in Paging File | 29,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 85,00 Gb Total Space | 44,66 Gb Free Space | 52,54% Space Free | Partition Type: NTFS
Drive D: | 127,79 Gb Total Space | 11,74 Gb Free Space | 9,18% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 6,85 Gb Free Space | 91,90% Space Free | Partition Type: FAT32
Computer Name: HORST-PC | User Name: horst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3657556864-2306374585-1095554477-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0957231D-F60D-4E7E-A75D-5A56E75742F8}" = lport=139 | protocol=6 | dir=in | app=system |
"{1573F8FE-39C2-461B-8319-43C83BB45D2D}" = rport=445 | protocol=6 | dir=out | app=system |
"{1C754694-E1C9-41CC-AE0E-64A537828D83}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36304AB2-C641-4B10-A2B5-7C1B44770123}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C641FD7-19B5-4290-A7C5-E91CE0452B17}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57C15920-5E11-4A50-9A96-4D6277A91F7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{601E9C1A-7B38-400A-90F3-B3B96F83931C}" = lport=445 | protocol=6 | dir=in | app=system |
"{604896CF-2E1C-40F8-8AAD-C15BB41D5C1A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{66E0B4E9-9E85-4149-A511-1BDBB4F3F0F2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{67EFA992-7FA2-4244-B000-A617D7227419}" = lport=138 | protocol=17 | dir=in | app=system |
"{6D944BA5-4E91-427D-8D2E-EF4D2818EFED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7CEF722B-9F7A-40CB-9AA1-C5251141F628}" = rport=139 | protocol=6 | dir=out | app=system |
"{853D0CA6-C38D-4862-AD40-37601C7BD5D2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AD339190-6A01-439D-920A-E2627F73DD06}" = rport=137 | protocol=17 | dir=out | app=system |
"{BD2D1E97-82E9-4630-8E6E-94902C045893}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D390FA54-6EED-4540-97CF-15D04DB4FDD5}" = lport=137 | protocol=17 | dir=in | app=system |
"{E328FB76-710B-458F-9573-D37816D2C681}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E490AD2C-8C0D-4BE6-9F9F-6BB5210C0B87}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EB27144A-727E-443E-8CAA-184A468A3D57}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ED4B2A71-A481-4B08-851F-C1E0C6B4282A}" = rport=138 | protocol=17 | dir=out | app=system |
"{F532DC3A-1EA2-4506-9B1A-DD7198DE6C63}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FA71B36E-2B51-4297-8667-10F56D47AC88}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10D45F0C-8D7C-4E09-BF86-519C2436E141}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{29B52817-2576-4F8D-BEEF-90076A960788}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{29DFEE21-6114-4710-88AF-5B3A137DAC69}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{4D5D957C-16DB-45E4-B9B8-1F7B6CE27904}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{77279607-8F9C-484F-8017-C5DC9182F8AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9A25BA2C-DE91-4C8B-A942-89D4A9E55989}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{A41E2F07-3FCC-473D-9DC4-CEBCEC3314D6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C27F1DE7-B788-4785-BA86-FC3D30FD1EF0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CCFF7EF1-9810-46A4-9D5D-81CCD0AD6E4A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E4241274-52E5-4BD9-AF86-7EBCDE2C3C91}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E6521CE7-1B8E-4314-B3DD-E9B32D7CAC38}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E94B521F-5D95-428E-84EC-98A8A678325F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FB2666FB-539A-4F8A-B886-291824107E2D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{749BDD29-D756-4B9B-8022-3E666A24C13F}" = Samsung Support Center
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F771F1D4-EDD4-4D68-82DC-811583C099CD}" = Easy Network Manager
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"ACDLabs in C__Program_Files_ACDFREE12_" = ACD/Labs Software in C:\Program Files\ACDFREE12\
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CToolbar_UNINSTALL" = Web Security Guard with Crawler Toolbar
"Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Security Task Manager" = Security Task Manager 1.8d
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3657556864-2306374585-1095554477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.02.2013 11:32:00 | Computer Name = horst-PC | Source = RasClient | ID = 20227
Description =
Error - 01.02.2013 11:32:34 | Computer Name = horst-PC | Source = RasClient | ID = 20227
Description =
Error - 01.02.2013 11:32:56 | Computer Name = horst-PC | Source = RasClient | ID = 20227
Description =
Error - 01.02.2013 19:37:24 | Computer Name = horst-PC | Source = RasClient | ID = 20227
Description =
Error - 01.02.2013 19:37:56 | Computer Name = horst-PC | Source = RasClient | ID = 20227
Description =
Error - 01.02.2013 19:38:26 | Computer Name = horst-PC | Source = RasClient | ID = 20227
Description =
Error - 01.02.2013 19:38:56 | Computer Name = horst-PC | Source = RasClient | ID = 20227
Description =
Error - 03.02.2013 03:33:11 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mpam-4698867e.exe, Version: 1.143.1436.0,
Zeitstempel: 0x4acadacd Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00017176 ID des fehlerhaften
Prozesses: 0x980 Startzeit der fehlerhaften Anwendung: 0x01ce01e0b5e9da66 Pfad der
fehlerhaften Anwendung: C:\Users\horst\AppData\Local\Temp\mpam-4698867e.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: f5ed365d-6dd3-11e2-8e19-001bb1133d6f
Error - 03.02.2013 03:38:36 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mpam-6566731b.exe, Version: 1.143.1436.0,
Zeitstempel: 0x4acadacd Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00017176 ID des fehlerhaften
Prozesses: 0xd20 Startzeit der fehlerhaften Anwendung: 0x01ce01e1760a3315 Pfad der
fehlerhaften Anwendung: C:\Users\horst\AppData\Local\Temp\mpam-6566731b.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: b794fa67-6dd4-11e2-8e19-001bb1133d6f
Error - 03.02.2013 03:43:55 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mpam-9ef3dca0.exe, Version: 1.143.1436.0,
Zeitstempel: 0x4acadacd Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00017176 ID des fehlerhaften
Prozesses: 0x1034 Startzeit der fehlerhaften Anwendung: 0x01ce01e23618da29 Pfad der
fehlerhaften Anwendung: C:\Users\horst\AppData\Local\Temp\mpam-9ef3dca0.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 75e8e189-6dd5-11e2-8e19-001bb1133d6f
[ System Events ]
Error - 25.01.2013 00:59:46 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService erreicht.
Error - 25.01.2013 11:32:03 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 25.01.2013 22:05:38 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 26.01.2013 03:43:30 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Norton Online Backup" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 26.01.2013 03:43:33 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 26.01.2013 05:52:11 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 27.01.2013 14:28:08 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Norton Online Backup" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 27.01.2013 14:28:12 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 28.01.2013 15:29:02 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 29.01.2013 00:59:42 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService erreicht.
< End of report >
OTL.Txt Code:
ATTFilter OTL logfile created on: 12.02.2013 19:28:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\horst\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,30 Mb Total Physical Memory | 172,86 Mb Available Physical Memory | 17,06% Memory free 1,99 Gb Paging File | 0,59 Gb Available in Paging File | 29,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 85,00 Gb Total Space | 44,66 Gb Free Space | 52,54% Space Free | Partition Type: NTFS Drive D: | 127,79 Gb Total Space | 11,74 Gb Free Space | 9,18% Space Free | Partition Type: NTFS Drive G: | 7,45 Gb Total Space | 6,85 Gb Free Space | 91,90% Space Free | Partition Type: FAT32 Computer Name: HORST-PC | User Name: horst | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\horst\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Spyware Terminator\st_rsser.exe (Crawler.com) PRC - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) PRC - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () PRC - C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe () PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Samsung\SFB\SmartRestarter.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.) PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files\AnyPC Client\APLanMgrC.exe (DoctorSoft) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (NOBU) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe service File not found SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (ST2012_Svc) -- C:\Program Files\Spyware Terminator\st_rsser.exe (Crawler.com) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe () SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys () DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747 IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com) IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60747 IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\SearchScopes\{F29DC7DC-0E2F-4851-A203-951AB9017CB0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=9bc7ef2c-6390-4566-92d5-3ab3c80b7123&apn_sauid=4A4B7705-C8AC-456E-AE9B-06825D318C74 IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://deutsche-bank.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=9bc7ef2c-6390-4566-92d5-3ab3c80b7123&apn_ptnrs=%5EAGS&apn_sauid=4A4B7705-C8AC-456E-AE9B-06825D318C74&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - user.js..browser.startup.homepage: "hxxp://deutsche-bank.de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2013.02.04 19:00:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.10 22:32:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.10 22:32:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.21 20:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\Extensions [2013.02.03 09:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\Firefox\Profiles\ik6ww1g4.default\extensions [2013.02.03 09:11:28 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\horst\AppData\Roaming\mozilla\Firefox\Profiles\ik6ww1g4.default\extensions\toolbar@ask.com [2013.01.31 18:52:25 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\ik6ww1g4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.03 09:11:28 | 000,002,344 | ---- | M] () -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\ik6ww1g4.default\searchplugins\askcom.xml [2013.02.10 22:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013.02.10 22:32:46 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.24 21:46:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml [2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found. O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8887E514-3C3B-4C11-A12C-0AF78DF05D82}: DhcpNameServer = 80.69.103.78 80.69.100.102 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1C56BD0-7CFA-4BA8-8183-FA4269AF4094}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{41d4fefa-3204-11e2-b4e7-001bb1133d6f}\Shell - "" = AutoRun O33 - MountPoints2\{41d4fefa-3204-11e2-b4e7-001bb1133d6f}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{41d4ff18-3204-11e2-b4e7-001bb1133d6f}\Shell - "" = AutoRun O33 - MountPoints2\{41d4ff18-3204-11e2-b4e7-001bb1133d6f}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{41d5003d-3204-11e2-b4e7-001e101f1d99}\Shell - "" = AutoRun O33 - MountPoints2\{41d5003d-3204-11e2-b4e7-001e101f1d99}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.12 19:12:47 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\TeamViewer [2013.02.12 19:10:32 | 003,878,360 | ---- | C] (TeamViewer) -- C:\Users\horst\Desktop\TeamViewerQS_de.exe [2013.02.12 18:59:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\horst\Desktop\OTL.exe [2013.02.10 22:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.09 23:27:49 | 000,000,000 | ---D | C] -- C:\Users\horst\Desktop\Justified.Season 3.HDTV.XviD-ASAP [2013.02.09 23:27:34 | 000,000,000 | ---D | C] -- C:\Users\horst\Desktop\Season 2 [2013.02.04 21:13:48 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Local\Programs [2013.02.04 21:12:26 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\horst\Desktop\mbam-setup-1.70.0.1100.exe [2013.02.04 18:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar [2013.02.04 18:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler [2013.02.04 18:58:51 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Spyware Terminator [2013.02.04 18:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2013.02.04 18:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012 [2013.02.04 18:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator [2013.02.04 18:53:43 | 000,937,224 | ---- | C] (Crawler.com ) -- C:\Users\horst\Desktop\SpywareTerminator30074Setup.exe [2013.02.03 09:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.03 09:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2013.02.03 08:55:39 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Avira [2013.02.03 08:49:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013.02.03 08:48:59 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013.02.03 08:48:59 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013.02.03 08:48:59 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013.02.03 08:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.02.03 08:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.01.20 09:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox.bak ========== Files - Modified Within 30 Days ========== [2013.02.12 19:11:21 | 003,878,360 | ---- | M] (TeamViewer) -- C:\Users\horst\Desktop\TeamViewerQS_de.exe [2013.02.12 19:00:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\horst\Desktop\OTL.exe [2013.02.12 18:46:04 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.02.12 17:35:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.02.09 19:47:19 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013.02.09 19:47:19 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013.02.09 19:16:53 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.09 19:16:53 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.09 19:05:16 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys [2013.02.04 21:14:27 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.04 21:13:31 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\horst\Desktop\mbam-setup-1.70.0.1100.exe [2013.02.04 18:58:44 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2013.02.04 18:54:21 | 000,937,224 | ---- | M] (Crawler.com ) -- C:\Users\horst\Desktop\SpywareTerminator30074Setup.exe [2013.02.03 09:11:32 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.03 08:36:50 | 105,661,272 | ---- | M] () -- C:\Users\horst\Desktop\avira_free_antivirus_2890de.exe [2013.02.02 19:17:31 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.02.02 19:17:31 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.02.02 19:17:31 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.02.02 19:17:31 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat ========== Files Created - No Company Name ========== [2013.02.04 21:14:27 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.04 18:58:54 | 000,032,768 | ---- | C] () -- C:\windows\System32\drivers\sp_rsdrv2.sys [2013.02.04 18:58:44 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2013.02.03 08:49:43 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.03 08:35:47 | 105,661,272 | ---- | C] () -- C:\Users\horst\Desktop\avira_free_antivirus_2890de.exe [2012.09.26 14:47:54 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012.07.17 01:01:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2012.06.21 19:50:33 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.06.27 06:20:41 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Advanced Chemistry Development [2012.12.17 20:59:32 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\ALDITALKVerbindungsassistent [2012.11.07 19:21:19 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Kifi [2013.02.03 08:48:21 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Lore [2012.06.25 16:31:26 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\OpenOffice.org [2013.02.04 18:58:51 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Spyware Terminator [2013.02.12 19:12:47 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\TeamViewer [2013.02.03 08:57:25 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Vycugu ========== Purity Check ========== < End of report > |
|
13.02.2013, 10:50
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Deutsche Bank als Startseite+ nicht funktionierendes Antivirenprogramm Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.02.2013, 18:54
| #5 |
| | Deutsche Bank als Startseite+ nicht funktionierendes Antivirenprogramm Tut mir leid, ich wusste das diese Programme auch sowas haben... Bei Avira funktioniert das Exportieren nicht und Spyware Terminator gibt es sowas anscheinen nicht ( also ich habs nicht gefunden)   Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.04.08 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 horst :: HORST-PC [Administrator] Schutz: Aktiviert 04.02.2013 21:22:03 mbam-log-2013-02-04 (21-22-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 324606 Laufzeit: 20 Stunde(n), 2 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
14.02.2013, 10:45
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Deutsche Bank als Startseite+ nicht funktionierendes Antivirenprogramm Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Deutsche Bank als Startseite+ nicht funktionierendes Antivirenprogramm |
|
16.02.2013, 06:57
| #7 |
| | Deutsche Bank als Startseite+ nicht funktionierendes Antivirenprogramm Hallo, habe nun die beiden Scans durchgeführt. Mbar hatte nichts gefunden. Hier zuerst die Log-Datei von Gmer. Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-15 16:41:12
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.PB2O 232,89GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\horst\AppData\Local\Temp\fgloipoc.sys
---- Processes - GMER 2.0 ----
Process hidden process (*** hidden *** ) 4632
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb1133d6f
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313ab68e9
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb1133d6f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313ab68e9 (not active ControlSet)
---- EOF - GMER 2.0 ----
Und hier die von Mbar. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.15.09
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
horst :: HORST-PC [administrator]
16.02.2013 00:30:33
mbar-log-2013-02-16 (00-30-33).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27232
Time elapsed: 23 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
|
|
16.02.2013, 18:20
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Deutsche Bank als Startseite+ nicht funktionierendes Antivirenprogramm aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.02.2013, 19:38
| #9 |
| | Deutsche Bank als Startseite+ nicht funktionierendes Antivirenprogramm Hallo, tut mir leid, dass ich so lange für die Antwort gebraucht habe! Als Erstes ist hier die Log-Datei von aswMBR. Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-19 18:40:26
-----------------------------
18:40:26.605 OS Version: Windows 6.1.7600
18:40:26.605 Number of processors: 2 586 0x1C0A
18:40:26.613 ComputerName: HORST-PC UserName: horst
18:40:27.547 Initialize success
18:43:05.376 AVAST engine defs: 13021900
18:43:34.184 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:43:34.195 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
18:43:34.230 Disk 0 MBR read successfully
18:43:34.241 Disk 0 MBR scan
18:43:34.500 Disk 0 unknown MBR code
18:43:34.549 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048
18:43:34.636 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 41945088
18:43:34.699 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 87040 MB offset 42149888
18:43:34.749 Disk 0 Partition - 00 0F Extended LBA 130853 MB offset 220407808
18:43:34.788 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 130852 MB offset 220409856
18:43:34.897 Disk 0 scanning sectors +488394752
18:43:35.088 Disk 0 scanning C:\windows\system32\drivers
18:44:33.158 Service scanning
18:46:32.056 Modules scanning
18:46:56.206 Disk 0 trace - called modules:
18:46:56.231 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
18:46:56.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c664d0]
18:46:56.237 3 CLASSPNP.SYS[8698959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84207028]
18:46:58.633 AVAST engine scan C:\windows
18:47:12.080 AVAST engine scan C:\windows\system32
19:01:09.573 AVAST engine scan C:\windows\system32\drivers
19:02:09.164 AVAST engine scan C:\Users\horst
19:08:41.382 AVAST engine scan C:\ProgramData
19:10:18.474 Scan finished successfully
19:30:33.250 Disk 0 MBR has been saved successfully to "C:\Users\horst\Desktop\MBR.dat"
19:30:33.368 The log file has been saved successfully to "C:\Users\horst\Desktop\aswMBR.txt"
Code:
ATTFilter 18:45:17.0108 3312 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:45:19.0174 3312 ============================================================
18:45:19.0174 3312 Current date / time: 2013/02/19 18:45:19.0174
18:45:19.0174 3312 SystemInfo:
18:45:19.0174 3312
18:45:19.0175 3312 OS Version: 6.1.7600 ServicePack: 0.0
18:45:19.0175 3312 Product type: Workstation
18:45:19.0176 3312 ComputerName: HORST-PC
18:45:19.0176 3312 UserName: horst
18:45:19.0176 3312 Windows directory: C:\windows
18:45:19.0176 3312 System windows directory: C:\windows
18:45:19.0177 3312 Processor architecture: Intel x86
18:45:19.0177 3312 Number of processors: 2
18:45:19.0177 3312 Page size: 0x1000
18:45:19.0177 3312 Boot type: Normal boot
18:45:19.0177 3312 ============================================================
18:45:22.0602 3312 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:45:22.0617 3312 ============================================================
18:45:22.0617 3312 \Device\Harddisk0\DR0:
18:45:22.0619 3312 MBR partitions:
18:45:22.0619 3312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
18:45:22.0619 3312 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0xAA00000
18:45:22.0658 3312 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xD233000, BlocksNum 0xFF92000
18:45:22.0659 3312 ============================================================
18:45:22.0742 3312 C: <-> \Device\Harddisk0\DR0\Partition2
18:45:22.0905 3312 D: <-> \Device\Harddisk0\DR0\Partition3
18:45:22.0981 3312 ============================================================
18:45:22.0982 3312 Initialize success
18:45:22.0982 3312 ============================================================
18:46:57.0298 3600 ============================================================
18:46:57.0299 3600 Scan started
18:46:57.0299 3600 Mode: Manual; SigCheck; TDLFS;
18:46:57.0300 3600 ============================================================
18:46:57.0702 3600 ================ Scan system memory ========================
18:46:57.0702 3600 System memory - ok
18:46:57.0705 3600 ================ Scan services =============================
18:46:58.0305 3600 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
18:46:58.0778 3600 1394ohci - ok
18:46:58.0883 3600 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
18:46:59.0013 3600 ACPI - ok
18:46:59.0094 3600 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
18:46:59.0345 3600 AcpiPmi - ok
18:46:59.0522 3600 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:46:59.0639 3600 AdobeFlashPlayerUpdateSvc - ok
18:46:59.0744 3600 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
18:46:59.0915 3600 adp94xx - ok
18:47:00.0006 3600 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
18:47:00.0126 3600 adpahci - ok
18:47:00.0266 3600 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
18:47:00.0362 3600 adpu320 - ok
18:47:00.0434 3600 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
18:47:00.0769 3600 AeLookupSvc - ok
18:47:01.0022 3600 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\windows\system32\drivers\afd.sys
18:47:01.0585 3600 AFD - ok
18:47:01.0623 3600 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\DRIVERS\agp440.sys
18:47:01.0747 3600 agp440 - ok
18:47:01.0812 3600 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
18:47:01.0979 3600 aic78xx - ok
18:47:02.0116 3600 [ 7067AC22EB74C2E3D4C950050CBB1AC0 ] ALDITALKVerbindungsassistent_Service C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
18:47:02.0298 3600 ALDITALKVerbindungsassistent_Service - ok
18:47:02.0571 3600 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
18:47:02.0802 3600 ALG - ok
18:47:02.0841 3600 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\DRIVERS\aliide.sys
18:47:02.0956 3600 aliide - ok
18:47:02.0999 3600 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\DRIVERS\amdagp.sys
18:47:03.0117 3600 amdagp - ok
18:47:03.0152 3600 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\DRIVERS\amdide.sys
18:47:03.0245 3600 amdide - ok
18:47:03.0287 3600 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
18:47:03.0414 3600 AmdK8 - ok
18:47:03.0464 3600 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
18:47:03.0632 3600 AmdPPM - ok
18:47:03.0696 3600 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\windows\system32\DRIVERS\amdsata.sys
18:47:03.0905 3600 amdsata - ok
18:47:04.0045 3600 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
18:47:04.0170 3600 amdsbs - ok
18:47:04.0229 3600 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\windows\system32\DRIVERS\amdxata.sys
18:47:04.0323 3600 amdxata - ok
18:47:04.0754 3600 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:47:04.0884 3600 AntiVirSchedulerService - ok
18:47:05.0124 3600 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:47:05.0247 3600 AntiVirService - ok
18:47:05.0516 3600 [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:47:05.0649 3600 AntiVirWebService - ok
18:47:05.0691 3600 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\windows\system32\drivers\appid.sys
18:47:06.0000 3600 AppID - ok
18:47:06.0068 3600 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
18:47:06.0623 3600 AppIDSvc - ok
18:47:06.0683 3600 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\windows\System32\appinfo.dll
18:47:06.0856 3600 Appinfo - ok
18:47:06.0934 3600 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
18:47:07.0069 3600 arc - ok
18:47:07.0098 3600 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
18:47:07.0232 3600 arcsas - ok
18:47:07.0286 3600 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
18:47:07.0659 3600 AsyncMac - ok
18:47:07.0791 3600 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\DRIVERS\atapi.sys
18:47:07.0915 3600 atapi - ok
18:47:07.0994 3600 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
18:47:08.0360 3600 AudioEndpointBuilder - ok
18:47:08.0408 3600 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\windows\System32\Audiosrv.dll
18:47:08.0594 3600 Audiosrv - ok
18:47:08.0769 3600 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
18:47:08.0889 3600 avgntflt - ok
18:47:08.0997 3600 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
18:47:09.0124 3600 avipbb - ok
18:47:09.0197 3600 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
18:47:09.0321 3600 avkmgr - ok
18:47:09.0412 3600 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\windows\System32\AxInstSV.dll
18:47:09.0749 3600 AxInstSV - ok
18:47:09.0898 3600 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
18:47:10.0130 3600 b06bdrv - ok
18:47:10.0188 3600 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
18:47:10.0383 3600 b57nd60x - ok
18:47:10.0791 3600 [ F4D388DC3FF004AEE886762D5CEC7783 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl6.sys
18:47:11.0188 3600 BCM43XX - ok
18:47:11.0246 3600 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
18:47:11.0507 3600 BDESVC - ok
18:47:11.0573 3600 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
18:47:11.0804 3600 Beep - ok
18:47:11.0869 3600 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\windows\System32\bfe.dll
18:47:12.0173 3600 BFE - ok
18:47:12.0329 3600 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\windows\System32\qmgr.dll
18:47:12.0694 3600 BITS - ok
18:47:12.0741 3600 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
18:47:12.0912 3600 blbdrive - ok
18:47:12.0964 3600 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\windows\system32\DRIVERS\bowser.sys
18:47:13.0113 3600 bowser - ok
18:47:13.0136 3600 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
18:47:13.0369 3600 BrFiltLo - ok
18:47:13.0434 3600 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
18:47:13.0695 3600 BrFiltUp - ok
18:47:13.0764 3600 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\windows\System32\browser.dll
18:47:14.0096 3600 Browser - ok
18:47:14.0173 3600 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
18:47:14.0415 3600 Brserid - ok
18:47:14.0442 3600 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
18:47:14.0636 3600 BrSerWdm - ok
18:47:14.0667 3600 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
18:47:14.0826 3600 BrUsbMdm - ok
18:47:14.0874 3600 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
18:47:15.0092 3600 BrUsbSer - ok
18:47:15.0510 3600 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
18:47:16.0079 3600 BthEnum - ok
18:47:16.0116 3600 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
18:47:16.0461 3600 BTHMODEM - ok
18:47:16.0692 3600 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
18:47:16.0893 3600 BthPan - ok
18:47:17.0372 3600 [ 88059FF1DED4472ACD17EEBABD393069 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
18:47:17.0813 3600 BTHPORT - ok
18:47:18.0125 3600 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
18:47:18.0861 3600 bthserv - ok
18:47:19.0217 3600 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
18:47:19.0352 3600 BTHUSB - ok
18:47:19.0482 3600 [ 7061FE1715E5ADED120FE4C608609357 ] btwampfl C:\windows\system32\drivers\btwampfl.sys
18:47:19.0596 3600 btwampfl - ok
18:47:19.0786 3600 [ A95B2FB3CA7B555B5CB306153F48CED8 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
18:47:19.0918 3600 btwaudio - ok
18:47:20.0044 3600 [ 1F9CD885F1C548BE93962CCABDB632E4 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
18:47:20.0136 3600 btwavdt - ok
18:47:20.0488 3600 [ 9634E2B260AA445EF6B83731AC6EE5AC ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
18:47:20.0620 3600 btwdins - ok
18:47:20.0673 3600 [ DE53089F0678CB5F0AFEB867ACB0FB05 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
18:47:20.0797 3600 btwl2cap - ok
18:47:20.0850 3600 [ A2D6C7B7B62A6C42DCB01204A6BD6FC2 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
18:47:20.0947 3600 btwrchid - ok
18:47:21.0101 3600 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
18:47:21.0238 3600 cdfs - ok
18:47:21.0462 3600 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
18:47:21.0629 3600 cdrom - ok
18:47:21.0910 3600 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\windows\System32\certprop.dll
18:47:22.0159 3600 CertPropSvc - ok
18:47:22.0636 3600 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
18:47:22.0788 3600 circlass - ok
18:47:22.0895 3600 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
18:47:23.0003 3600 CLFS - ok
18:47:23.0271 3600 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:47:23.0384 3600 clr_optimization_v2.0.50727_32 - ok
18:47:23.0431 3600 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
18:47:23.0578 3600 CmBatt - ok
18:47:23.0601 3600 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
18:47:23.0670 3600 cmdide - ok
18:47:23.0763 3600 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\windows\system32\Drivers\cng.sys
18:47:23.0951 3600 CNG - ok
18:47:23.0997 3600 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
18:47:24.0064 3600 Compbatt - ok
18:47:24.0136 3600 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
18:47:24.0244 3600 CompositeBus - ok
18:47:24.0271 3600 COMSysApp - ok
18:47:24.0286 3600 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
18:47:24.0363 3600 crcdisk - ok
18:47:24.0420 3600 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\windows\system32\cryptsvc.dll
18:47:24.0621 3600 CryptSvc - ok
18:47:24.0703 3600 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\windows\system32\rpcss.dll
18:47:24.0860 3600 DcomLaunch - ok
18:47:24.0968 3600 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
18:47:25.0249 3600 defragsvc - ok
18:47:25.0334 3600 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\windows\system32\Drivers\dfsc.sys
18:47:25.0530 3600 DfsC - ok
18:47:25.0699 3600 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\windows\system32\dhcpcore.dll
18:47:25.0900 3600 Dhcp - ok
18:47:25.0947 3600 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
18:47:26.0077 3600 discache - ok
18:47:26.0158 3600 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
18:47:26.0233 3600 Disk - ok
18:47:26.0338 3600 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\windows\System32\dnsrslvr.dll
18:47:26.0491 3600 Dnscache - ok
18:47:26.0557 3600 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\windows\System32\dot3svc.dll
18:47:26.0772 3600 dot3svc - ok
18:47:26.0852 3600 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\windows\system32\dps.dll
18:47:26.0983 3600 DPS - ok
18:47:27.0073 3600 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
18:47:27.0258 3600 drmkaud - ok
18:47:27.0513 3600 [ C94B6C3CC628179CB9B9061C19888B99 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
18:47:27.0608 3600 DXGKrnl - ok
18:47:27.0705 3600 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
18:47:27.0928 3600 EapHost - ok
18:47:28.0208 3600 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
18:47:28.0480 3600 ebdrv - ok
18:47:28.0516 3600 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\windows\System32\lsass.exe
18:47:28.0648 3600 EFS - ok
18:47:28.0727 3600 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
18:47:28.0835 3600 elxstor - ok
18:47:28.0854 3600 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
18:47:28.0964 3600 ErrDev - ok
18:47:29.0125 3600 [ DF4F000CFC05DEC947D928A8F3ADCD7A ] ETD C:\windows\system32\DRIVERS\ETD.sys
18:47:29.0310 3600 ETD - ok
18:47:29.0372 3600 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
18:47:29.0561 3600 EventSystem - ok
18:47:29.0670 3600 [ E1556AF3FB0284C32896B9AC8494D9C2 ] ewusbnet C:\windows\system32\DRIVERS\ewusbnet.sys
18:47:29.0803 3600 ewusbnet - ok
18:47:29.0925 3600 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\windows\system32\DRIVERS\ew_hwusbdev.sys
18:47:30.0044 3600 ew_hwusbdev - ok
18:47:30.0105 3600 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
18:47:30.0322 3600 exfat - ok
18:47:30.0438 3600 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
18:47:30.0619 3600 fastfat - ok
18:47:30.0751 3600 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\windows\system32\fxssvc.exe
18:47:31.0019 3600 Fax - ok
18:47:31.0075 3600 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
18:47:31.0170 3600 fdc - ok
18:47:31.0246 3600 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
18:47:31.0420 3600 fdPHost - ok
18:47:31.0442 3600 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
18:47:31.0635 3600 FDResPub - ok
18:47:31.0658 3600 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
18:47:31.0744 3600 FileInfo - ok
18:47:31.0794 3600 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
18:47:32.0042 3600 Filetrace - ok
18:47:32.0154 3600 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
18:47:32.0302 3600 flpydisk - ok
18:47:32.0390 3600 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
18:47:32.0454 3600 FltMgr - ok
18:47:32.0725 3600 [ 151258FC2EC8C48BDF8A53350AE0A676 ] FontCache C:\windows\system32\FntCache.dll
18:47:33.0117 3600 FontCache - ok
18:47:33.0359 3600 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:47:33.0483 3600 FontCache3.0.0.0 - ok
18:47:33.0552 3600 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
18:47:33.0675 3600 FsDepends - ok
18:47:33.0901 3600 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
18:47:33.0995 3600 fssfltr - ok
18:47:34.0174 3600 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:47:34.0320 3600 fsssvc - ok
18:47:34.0374 3600 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
18:47:34.0484 3600 Fs_Rec - ok
18:47:34.0553 3600 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
18:47:34.0663 3600 fvevol - ok
18:47:34.0723 3600 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
18:47:34.0784 3600 gagp30kx - ok
18:47:34.0873 3600 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\windows\System32\gpsvc.dll
18:47:35.0063 3600 gpsvc - ok
18:47:35.0113 3600 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
18:47:35.0299 3600 hcw85cir - ok
18:47:35.0416 3600 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
18:47:35.0550 3600 HdAudAddService - ok
18:47:35.0595 3600 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
18:47:35.0711 3600 HDAudBus - ok
18:47:35.0733 3600 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
18:47:35.0807 3600 HidBatt - ok
18:47:35.0871 3600 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
18:47:35.0984 3600 HidBth - ok
18:47:36.0011 3600 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
18:47:36.0149 3600 HidIr - ok
18:47:36.0188 3600 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
18:47:36.0380 3600 hidserv - ok
18:47:36.0441 3600 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
18:47:36.0541 3600 HidUsb - ok
18:47:36.0601 3600 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\windows\system32\kmsvc.dll
18:47:36.0820 3600 hkmsvc - ok
18:47:36.0869 3600 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\windows\system32\ListSvc.dll
18:47:37.0100 3600 HomeGroupListener - ok
18:47:37.0193 3600 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\windows\system32\provsvc.dll
18:47:37.0353 3600 HomeGroupProvider - ok
18:47:37.0406 3600 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
18:47:37.0504 3600 HpSAMD - ok
18:47:37.0689 3600 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\windows\system32\drivers\HTTP.sys
18:47:37.0857 3600 HTTP - ok
18:47:37.0903 3600 [ A89423D0132C8AB69BA621B6CE191714 ] hwdatacard C:\windows\system32\DRIVERS\ewusbmdm.sys
18:47:38.0031 3600 hwdatacard - ok
18:47:38.0081 3600 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
18:47:38.0167 3600 hwpolicy - ok
18:47:38.0215 3600 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
18:47:38.0313 3600 i8042prt - ok
18:47:38.0430 3600 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
18:47:38.0527 3600 iaStor - ok
18:47:38.0598 3600 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\windows\system32\DRIVERS\iaStorV.sys
18:47:38.0689 3600 iaStorV - ok
18:47:38.0802 3600 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:47:39.0046 3600 idsvc - ok
18:47:40.0366 3600 [ 99469637D568076EA5664DAA8463C2E3 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
18:47:40.0804 3600 igfx - ok
18:47:41.0011 3600 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
18:47:41.0559 3600 iirsp - ok
18:47:42.0722 3600 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\windows\System32\ikeext.dll
18:47:43.0086 3600 IKEEXT - ok
18:47:44.0020 3600 [ F4427E5DF32CDE359B2E2E5512D18001 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
18:47:44.0444 3600 IntcAzAudAddService - ok
18:47:44.0487 3600 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\DRIVERS\intelide.sys
18:47:44.0572 3600 intelide - ok
18:47:44.0652 3600 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
18:47:44.0881 3600 intelppm - ok
18:47:44.0928 3600 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
18:47:45.0210 3600 IPBusEnum - ok
18:47:45.0256 3600 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
18:47:45.0488 3600 IpFilterDriver - ok
18:47:45.0764 3600 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
18:47:45.0977 3600 iphlpsvc - ok
18:47:46.0024 3600 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
18:47:46.0158 3600 IPMIDRV - ok
18:47:46.0215 3600 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
18:47:46.0376 3600 IPNAT - ok
18:47:46.0971 3600 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
18:47:47.0620 3600 IRENUM - ok
18:47:47.0668 3600 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
18:47:47.0821 3600 isapnp - ok
18:47:47.0905 3600 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
18:47:48.0014 3600 iScsiPrt - ok
18:47:48.0119 3600 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
18:47:48.0232 3600 kbdclass - ok
18:47:48.0351 3600 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
18:47:48.0535 3600 kbdhid - ok
18:47:48.0574 3600 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\windows\system32\lsass.exe
18:47:48.0667 3600 KeyIso - ok
18:47:48.0717 3600 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
18:47:48.0781 3600 KSecDD - ok
18:47:48.0871 3600 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
18:47:49.0002 3600 KSecPkg - ok
18:47:49.0075 3600 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
18:47:49.0347 3600 KtmRm - ok
18:47:49.0560 3600 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\windows\system32\srvsvc.dll
18:47:49.0888 3600 LanmanServer - ok
18:47:49.0961 3600 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\windows\System32\wkssvc.dll
18:47:50.0242 3600 LanmanWorkstation - ok
18:47:50.0356 3600 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
18:47:50.0556 3600 lltdio - ok
18:47:50.0606 3600 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
18:47:50.0829 3600 lltdsvc - ok
18:47:50.0856 3600 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
18:47:51.0049 3600 lmhosts - ok
18:47:51.0111 3600 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
18:47:51.0218 3600 LSI_FC - ok
18:47:51.0270 3600 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
18:47:51.0413 3600 LSI_SAS - ok
18:47:51.0472 3600 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
18:47:51.0569 3600 LSI_SAS2 - ok
18:47:51.0669 3600 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
18:47:51.0751 3600 LSI_SCSI - ok
18:47:51.0788 3600 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
18:47:52.0021 3600 luafv - ok
18:47:52.0110 3600 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
18:47:52.0181 3600 MBAMProtector - ok
18:47:52.0541 3600 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:47:52.0633 3600 MBAMScheduler - ok
18:47:52.0711 3600 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:47:52.0900 3600 MBAMService - ok
18:47:53.0114 3600 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
18:47:53.0214 3600 megasas - ok
18:47:53.0454 3600 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
18:47:53.0611 3600 MegaSR - ok
18:47:53.0756 3600 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
18:47:54.0710 3600 MMCSS - ok
18:47:54.0731 3600 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
18:47:54.0865 3600 Modem - ok
18:47:54.0930 3600 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
18:47:55.0081 3600 monitor - ok
18:47:55.0138 3600 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
18:47:55.0237 3600 mouclass - ok
18:47:55.0309 3600 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
18:47:55.0410 3600 mouhid - ok
18:47:55.0517 3600 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
18:47:55.0653 3600 mountmgr - ok
18:47:55.0819 3600 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:47:56.0100 3600 MozillaMaintenance - ok
18:47:56.0154 3600 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\windows\system32\DRIVERS\mpio.sys
18:47:56.0246 3600 mpio - ok
18:47:56.0329 3600 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
18:47:56.0629 3600 mpsdrv - ok
18:47:56.0826 3600 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\windows\system32\mpssvc.dll
18:47:57.0152 3600 MpsSvc - ok
18:47:57.0199 3600 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
18:47:57.0314 3600 MRxDAV - ok
18:47:57.0419 3600 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
18:47:57.0537 3600 mrxsmb - ok
18:47:57.0671 3600 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
18:47:57.0830 3600 mrxsmb10 - ok
18:47:57.0864 3600 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
18:47:58.0254 3600 mrxsmb20 - ok
18:47:58.0357 3600 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\windows\system32\DRIVERS\msahci.sys
18:47:58.0480 3600 msahci - ok
18:47:58.0526 3600 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
18:47:58.0606 3600 msdsm - ok
18:47:58.0663 3600 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
18:47:59.0021 3600 MSDTC - ok
18:47:59.0126 3600 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
18:47:59.0307 3600 Msfs - ok
18:47:59.0335 3600 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
18:47:59.0488 3600 mshidkmdf - ok
18:47:59.0508 3600 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
18:47:59.0623 3600 msisadrv - ok
18:47:59.0773 3600 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
18:47:59.0981 3600 MSiSCSI - ok
18:48:00.0007 3600 msiserver - ok
18:48:00.0070 3600 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
18:48:00.0293 3600 MSKSSRV - ok
18:48:00.0374 3600 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
18:48:00.0635 3600 MSPCLOCK - ok
18:48:00.0686 3600 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
18:48:00.0870 3600 MSPQM - ok
18:48:00.0975 3600 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
18:48:01.0090 3600 MsRPC - ok
18:48:01.0173 3600 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
18:48:01.0274 3600 mssmbios - ok
18:48:01.0305 3600 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
18:48:01.0483 3600 MSTEE - ok
18:48:01.0559 3600 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
18:48:01.0702 3600 MTConfig - ok
18:48:01.0756 3600 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
18:48:01.0836 3600 Mup - ok
18:48:01.0998 3600 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\windows\system32\qagentRT.dll
18:48:02.0254 3600 napagent - ok
18:48:02.0372 3600 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
18:48:02.0520 3600 NativeWifiP - ok
18:48:02.0788 3600 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\windows\system32\drivers\ndis.sys
18:48:02.0933 3600 NDIS - ok
18:48:02.0989 3600 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
18:48:03.0156 3600 NdisCap - ok
18:48:03.0208 3600 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
18:48:03.0491 3600 NdisTapi - ok
18:48:03.0573 3600 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
18:48:03.0744 3600 Ndisuio - ok
18:48:03.0783 3600 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
18:48:03.0965 3600 NdisWan - ok
18:48:04.0058 3600 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
18:48:04.0223 3600 NDProxy - ok
18:48:04.0339 3600 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
18:48:04.0499 3600 NetBIOS - ok
18:48:04.0605 3600 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
18:48:04.0857 3600 NetBT - ok
18:48:04.0896 3600 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\windows\system32\lsass.exe
18:48:05.0020 3600 Netlogon - ok
18:48:05.0128 3600 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
18:48:05.0342 3600 Netman - ok
18:48:05.0488 3600 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
18:48:05.0675 3600 netprofm - ok
18:48:05.0733 3600 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:48:05.0936 3600 NetTcpPortSharing - ok
18:48:06.0048 3600 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
18:48:06.0144 3600 nfrd960 - ok
18:48:06.0260 3600 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\windows\System32\nlasvc.dll
18:48:06.0461 3600 NlaSvc - ok
18:48:06.0479 3600 NOBU - ok
18:48:06.0510 3600 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
18:48:06.0680 3600 Npfs - ok
18:48:06.0726 3600 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
18:48:06.0936 3600 nsi - ok
18:48:06.0976 3600 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
18:48:07.0162 3600 nsiproxy - ok
18:48:07.0370 3600 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\windows\system32\drivers\Ntfs.sys
18:48:07.0511 3600 Ntfs - ok
18:48:07.0577 3600 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
18:48:07.0761 3600 Null - ok
18:48:07.0798 3600 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\windows\system32\DRIVERS\nvraid.sys
18:48:07.0898 3600 nvraid - ok
18:48:07.0939 3600 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\windows\system32\DRIVERS\nvstor.sys
18:48:08.0051 3600 nvstor - ok
18:48:08.0098 3600 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
18:48:08.0199 3600 nv_agp - ok
18:48:08.0233 3600 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
18:48:08.0340 3600 ohci1394 - ok
18:48:08.0401 3600 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
18:48:08.0573 3600 p2pimsvc - ok
18:48:08.0692 3600 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
18:48:09.0026 3600 p2psvc - ok
18:48:09.0083 3600 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
18:48:09.0250 3600 Parport - ok
18:48:09.0330 3600 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\windows\system32\drivers\partmgr.sys
18:48:09.0433 3600 partmgr - ok
18:48:09.0482 3600 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
18:48:09.0613 3600 Parvdm - ok
18:48:09.0709 3600 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
18:48:09.0979 3600 PcaSvc - ok
18:48:10.0055 3600 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\windows\system32\DRIVERS\pci.sys
18:48:10.0153 3600 pci - ok
18:48:10.0201 3600 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\DRIVERS\pciide.sys
18:48:10.0323 3600 pciide - ok
18:48:10.0414 3600 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
18:48:10.0510 3600 pcmcia - ok
18:48:10.0550 3600 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
18:48:10.0633 3600 pcw - ok
18:48:10.0853 3600 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
18:48:11.0236 3600 PEAUTH - ok
18:48:11.0491 3600 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\windows\system32\pla.dll
18:48:11.0907 3600 pla - ok
18:48:12.0064 3600 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\windows\system32\umpnpmgr.dll
18:48:12.0399 3600 PlugPlay - ok
18:48:12.0469 3600 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
18:48:12.0658 3600 PNRPAutoReg - ok
18:48:12.0754 3600 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
18:48:12.0859 3600 PNRPsvc - ok
18:48:12.0957 3600 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
18:48:13.0248 3600 PolicyAgent - ok
18:48:13.0367 3600 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\windows\system32\umpo.dll
18:48:13.0539 3600 Power - ok
18:48:13.0663 3600 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
18:48:13.0858 3600 PptpMiniport - ok
18:48:13.0952 3600 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
18:48:14.0083 3600 Processor - ok
18:48:14.0127 3600 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\windows\system32\profsvc.dll
18:48:14.0435 3600 ProfSvc - ok
18:48:14.0474 3600 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\windows\system32\lsass.exe
18:48:14.0584 3600 ProtectedStorage - ok
18:48:14.0637 3600 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
18:48:14.0821 3600 Psched - ok
18:48:15.0049 3600 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
18:48:15.0273 3600 ql2300 - ok
18:48:15.0338 3600 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
18:48:15.0457 3600 ql40xx - ok
18:48:15.0571 3600 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
18:48:15.0794 3600 QWAVE - ok
18:48:15.0818 3600 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
18:48:15.0957 3600 QWAVEdrv - ok
18:48:16.0010 3600 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
18:48:16.0190 3600 RasAcd - ok
18:48:16.0237 3600 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
18:48:16.0432 3600 RasAgileVpn - ok
18:48:16.0603 3600 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
18:48:16.0895 3600 RasAuto - ok
18:48:16.0980 3600 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
18:48:17.0198 3600 Rasl2tp - ok
18:48:17.0400 3600 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\windows\System32\rasmans.dll
18:48:17.0690 3600 RasMan - ok
18:48:17.0747 3600 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
18:48:17.0918 3600 RasPppoe - ok
18:48:17.0942 3600 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
18:48:18.0110 3600 RasSstp - ok
18:48:18.0216 3600 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
18:48:18.0453 3600 rdbss - ok
18:48:18.0480 3600 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
18:48:18.0646 3600 rdpbus - ok
18:48:18.0777 3600 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
18:48:18.0977 3600 RDPCDD - ok
18:48:19.0102 3600 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
18:48:19.0283 3600 RDPENCDD - ok
18:48:19.0353 3600 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
18:48:19.0536 3600 RDPREFMP - ok
18:48:19.0652 3600 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
18:48:19.0842 3600 RDPWD - ok
18:48:20.0011 3600 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
18:48:20.0134 3600 rdyboost - ok
18:48:20.0232 3600 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
18:48:20.0464 3600 RemoteAccess - ok
18:48:20.0520 3600 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
18:48:20.0901 3600 RemoteRegistry - ok
18:48:21.0006 3600 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
18:48:21.0168 3600 RFCOMM - ok
18:48:21.0207 3600 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
18:48:21.0374 3600 RpcEptMapper - ok
18:48:21.0436 3600 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
18:48:21.0550 3600 RpcLocator - ok
18:48:21.0649 3600 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\windows\system32\rpcss.dll
18:48:21.0863 3600 RpcSs - ok
18:48:21.0981 3600 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
18:48:22.0179 3600 rspndr - ok
18:48:22.0314 3600 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
18:48:22.0485 3600 RTL8167 - ok
18:48:22.0557 3600 [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI C:\windows\system32\Drivers\SABI.sys
18:48:22.0833 3600 SABI - ok
18:48:22.0882 3600 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\windows\system32\lsass.exe
18:48:23.0038 3600 SamSs - ok
18:48:23.0112 3600 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
18:48:23.0185 3600 sbp2port - ok
18:48:23.0706 3600 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
18:48:24.0024 3600 SBSDWSCService - ok
18:48:24.0082 3600 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
18:48:24.0371 3600 SCardSvr - ok
18:48:24.0398 3600 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
18:48:24.0544 3600 scfilter - ok
18:48:24.0815 3600 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\windows\system32\schedsvc.dll
18:48:25.0048 3600 Schedule - ok
18:48:25.0081 3600 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\windows\System32\certprop.dll
18:48:25.0297 3600 SCPolicySvc - ok
18:48:25.0380 3600 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\windows\System32\SDRSVC.dll
18:48:25.0696 3600 SDRSVC - ok
18:48:25.0749 3600 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
18:48:25.0912 3600 secdrv - ok
18:48:25.0960 3600 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
18:48:26.0174 3600 seclogon - ok
18:48:26.0253 3600 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
18:48:26.0443 3600 SENS - ok
18:48:26.0494 3600 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
18:48:26.0633 3600 Serenum - ok
18:48:26.0720 3600 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
18:48:26.0859 3600 Serial - ok
18:48:26.0912 3600 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
18:48:27.0068 3600 sermouse - ok
18:48:27.0214 3600 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\windows\system32\sessenv.dll
18:48:27.0462 3600 SessionEnv - ok
18:48:27.0506 3600 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
18:48:27.0647 3600 sffdisk - ok
18:48:27.0711 3600 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
18:48:27.0811 3600 sffp_mmc - ok
18:48:27.0856 3600 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
18:48:28.0096 3600 sffp_sd - ok
18:48:28.0143 3600 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
18:48:28.0272 3600 sfloppy - ok
18:48:28.0423 3600 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
18:48:28.0725 3600 SharedAccess - ok
18:48:28.0846 3600 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\windows\System32\shsvcs.dll
18:48:29.0512 3600 ShellHWDetection - ok
18:48:29.0646 3600 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\DRIVERS\sisagp.sys
18:48:29.0720 3600 sisagp - ok
18:48:29.0802 3600 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
18:48:29.0886 3600 SiSRaid2 - ok
18:48:29.0932 3600 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
18:48:30.0012 3600 SiSRaid4 - ok
18:48:30.0101 3600 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
18:48:30.0291 3600 Smb - ok
18:48:30.0431 3600 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
18:48:30.0579 3600 SNMPTRAP - ok
18:48:30.0644 3600 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
18:48:30.0735 3600 spldr - ok
18:48:30.0949 3600 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\windows\System32\spoolsv.exe
18:48:31.0317 3600 Spooler - ok
18:48:31.0923 3600 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\windows\system32\sppsvc.exe
18:48:32.0218 3600 sppsvc - ok
18:48:32.0289 3600 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\windows\system32\sppuinotify.dll
18:48:32.0522 3600 sppuinotify - ok
18:48:32.0772 3600 [ 7B426B8E809EDF081D771EF429345528 ] sp_rsdrv2 C:\windows\system32\drivers\sp_rsdrv2.sys
18:48:32.0851 3600 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
18:48:32.0852 3600 sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
18:48:33.0002 3600 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\windows\system32\DRIVERS\srv.sys
18:48:33.0217 3600 srv - ok
18:48:33.0408 3600 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
18:48:33.0522 3600 srv2 - ok
18:48:33.0568 3600 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
18:48:33.0694 3600 srvnet - ok
18:48:33.0765 3600 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
18:48:33.0939 3600 SSDPSRV - ok
18:48:34.0203 3600 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\windows\system32\DRIVERS\ssmdrv.sys
18:48:34.0280 3600 ssmdrv - ok
18:48:34.0392 3600 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
18:48:34.0605 3600 SstpSvc - ok
18:48:34.0857 3600 [ 8B9C27BF08AC062471DAFDC2FD0FE0A7 ] ST2012_Svc C:\Program Files\Spyware Terminator\st_rsser.exe
18:48:34.0958 3600 ST2012_Svc - ok
18:48:35.0019 3600 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
18:48:35.0092 3600 stexstor - ok
18:48:35.0280 3600 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\windows\System32\wiaservc.dll
18:48:35.0534 3600 StiSvc - ok
18:48:35.0575 3600 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\DRIVERS\swenum.sys
18:48:35.0648 3600 swenum - ok
18:48:35.0768 3600 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
18:48:36.0112 3600 swprv - ok
18:48:36.0482 3600 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\windows\system32\sysmain.dll
18:48:36.0659 3600 SysMain - ok
18:48:36.0744 3600 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\windows\System32\TabSvc.dll
18:48:36.0891 3600 TabletInputService - ok
18:48:37.0003 3600 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\windows\System32\tapisrv.dll
18:48:37.0267 3600 TapiSrv - ok
18:48:37.0340 3600 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
18:48:37.0588 3600 TBS - ok
18:48:38.0017 3600 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\windows\system32\drivers\tcpip.sys
18:48:38.0202 3600 Tcpip - ok
18:48:38.0474 3600 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
18:48:38.0687 3600 TCPIP6 - ok
18:48:38.0796 3600 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
18:48:38.0980 3600 tcpipreg - ok
18:48:39.0114 3600 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
18:48:39.0250 3600 TDPIPE - ok
18:48:39.0347 3600 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
18:48:39.0451 3600 TDTCP - ok
18:48:39.0500 3600 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\windows\system32\DRIVERS\tdx.sys
18:48:39.0718 3600 tdx - ok
18:48:39.0805 3600 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
18:48:39.0920 3600 TermDD - ok
18:48:40.0141 3600 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\windows\System32\termsrv.dll
18:48:40.0466 3600 TermService - ok
18:48:40.0549 3600 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
18:48:40.0679 3600 Themes - ok
18:48:40.0715 3600 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
18:48:40.0881 3600 THREADORDER - ok
18:48:40.0933 3600 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
18:48:41.0104 3600 TrkWks - ok
18:48:41.0314 3600 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
18:48:41.0489 3600 TrustedInstaller - ok
18:48:41.0523 3600 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
18:48:41.0685 3600 tssecsrv - ok
18:48:41.0804 3600 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
18:48:41.0996 3600 tunnel - ok
18:48:42.0052 3600 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
18:48:42.0178 3600 uagp35 - ok
18:48:42.0287 3600 [ EB0A7BD4D471AC3CE55564A4C55B9D8E ] udfs C:\windows\system32\DRIVERS\udfs.sys
18:48:42.0521 3600 udfs - ok
18:48:42.0562 3600 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
18:48:42.0814 3600 UI0Detect - ok
18:48:42.0931 3600 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
18:48:43.0079 3600 uliagpkx - ok
18:48:43.0159 3600 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\windows\system32\DRIVERS\umbus.sys
18:48:43.0327 3600 umbus - ok
18:48:43.0382 3600 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
18:48:43.0496 3600 UmPass - ok
18:48:43.0607 3600 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
18:48:43.0843 3600 upnphost - ok
18:48:43.0928 3600 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
18:48:44.0111 3600 usbccgp - ok
18:48:44.0253 3600 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
18:48:44.0428 3600 usbcir - ok
18:48:44.0486 3600 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
18:48:44.0604 3600 usbehci - ok
18:48:44.0796 3600 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
18:48:45.0030 3600 usbhub - ok
18:48:45.0088 3600 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
18:48:45.0234 3600 usbohci - ok
18:48:45.0284 3600 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
18:48:45.0433 3600 usbprint - ok
18:48:45.0485 3600 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
18:48:45.0611 3600 USBSTOR - ok
18:48:45.0711 3600 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
18:48:45.0868 3600 usbuhci - ok
18:48:45.0950 3600 [ F642A7E4BF78CFA359CCA0A3557C28D7 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
18:48:46.0057 3600 usbvideo - ok
18:48:46.0160 3600 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
18:48:46.0323 3600 UxSms - ok
18:48:46.0354 3600 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\windows\system32\lsass.exe
18:48:46.0442 3600 VaultSvc - ok
18:48:46.0512 3600 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
18:48:46.0611 3600 vdrvroot - ok
18:48:46.0760 3600 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\windows\System32\vds.exe
18:48:47.0027 3600 vds - ok
18:48:47.0129 3600 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
18:48:47.0250 3600 vga - ok
18:48:47.0331 3600 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
18:48:47.0478 3600 VgaSave - ok
18:48:47.0504 3600 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
18:48:47.0626 3600 vhdmp - ok
18:48:47.0689 3600 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\DRIVERS\viaagp.sys
18:48:47.0791 3600 viaagp - ok
18:48:47.0868 3600 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
18:48:47.0985 3600 ViaC7 - ok
18:48:48.0061 3600 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\DRIVERS\viaide.sys
18:48:48.0155 3600 viaide - ok
18:48:48.0182 3600 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
18:48:48.0265 3600 volmgr - ok
18:48:48.0331 3600 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
18:48:48.0441 3600 volmgrx - ok
18:48:48.0545 3600 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
18:48:48.0639 3600 volsnap - ok
18:48:48.0714 3600 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
18:48:48.0831 3600 vsmraid - ok
18:48:49.0063 3600 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\windows\system32\vssvc.exe
18:48:49.0399 3600 VSS - ok
18:48:49.0457 3600 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
18:48:49.0627 3600 vwifibus - ok
18:48:49.0847 3600 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
18:48:49.0997 3600 vwififlt - ok
18:48:50.0222 3600 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
18:48:50.0473 3600 W32Time - ok
18:48:50.0523 3600 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
18:48:50.0620 3600 WacomPen - ok
18:48:50.0732 3600 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
18:48:50.0951 3600 WANARP - ok
18:48:50.0979 3600 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
18:48:51.0146 3600 Wanarpv6 - ok
18:48:51.0539 3600 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\windows\system32\wbengine.exe
18:48:51.0862 3600 wbengine - ok
18:48:52.0064 3600 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
18:48:52.0255 3600 WbioSrvc - ok
18:48:52.0359 3600 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\windows\System32\wcncsvc.dll
18:48:52.0577 3600 wcncsvc - ok
18:48:52.0640 3600 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
18:48:52.0911 3600 WcsPlugInService - ok
18:48:52.0985 3600 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
18:48:53.0058 3600 Wd - ok
18:48:53.0281 3600 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
18:48:53.0407 3600 Wdf01000 - ok
18:48:53.0545 3600 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
18:48:53.0665 3600 WdiServiceHost - ok
18:48:53.0728 3600 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
18:48:53.0818 3600 WdiSystemHost - ok
18:48:53.0914 3600 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\windows\System32\webclnt.dll
18:48:54.0114 3600 WebClient - ok
18:48:54.0239 3600 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
18:48:54.0570 3600 Wecsvc - ok
18:48:54.0636 3600 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
18:48:54.0833 3600 wercplsupport - ok
18:48:55.0048 3600 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
18:48:55.0251 3600 WerSvc - ok
18:48:55.0329 3600 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
18:48:55.0479 3600 WfpLwf - ok
18:48:55.0526 3600 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
18:48:55.0612 3600 WIMMount - ok
18:48:55.0771 3600 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:48:55.0957 3600 WinDefend - ok
18:48:56.0036 3600 WinHttpAutoProxySvc - ok
18:48:56.0346 3600 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
18:48:56.0515 3600 Winmgmt - ok
18:48:56.0587 3600 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\windows\system32\WsmSvc.dll
18:48:56.0962 3600 WinRM - ok
18:48:57.0134 3600 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
18:48:57.0274 3600 WinUsb - ok
18:48:57.0477 3600 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
18:48:57.0714 3600 Wlansvc - ok
18:48:57.0739 3600 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
18:48:57.0853 3600 WmiAcpi - ok
18:48:57.0941 3600 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
18:48:58.0102 3600 wmiApSrv - ok
18:48:58.0259 3600 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:48:58.0548 3600 WMPNetworkSvc - ok
18:48:58.0604 3600 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
18:48:58.0881 3600 WPCSvc - ok
18:48:58.0961 3600 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
18:48:59.0245 3600 WPDBusEnum - ok
18:48:59.0312 3600 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
18:48:59.0484 3600 ws2ifsl - ok
18:48:59.0545 3600 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll
18:48:59.0702 3600 wscsvc - ok
18:48:59.0712 3600 WSearch - ok
18:49:00.0285 3600 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
18:49:00.0474 3600 wuauserv - ok
18:49:00.0539 3600 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\windows\system32\drivers\WudfPf.sys
18:49:00.0761 3600 WudfPf - ok
18:49:00.0857 3600 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
18:49:01.0066 3600 WUDFRd - ok
18:49:01.0136 3600 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\windows\System32\WUDFSvc.dll
18:49:01.0382 3600 wudfsvc - ok
18:49:01.0579 3600 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
18:49:01.0802 3600 WwanSvc - ok
18:49:02.0003 3600 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\windows\system32\DRIVERS\yk62x86.sys
18:49:02.0231 3600 yukonw7 - ok
18:49:02.0385 3600 ================ Scan global ===============================
18:49:02.0648 3600 [ 9A595DF601070DA78C40481120DD2C06 ] C:\windows\system32\basesrv.dll
18:49:02.0743 3600 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\windows\system32\winsrv.dll
18:49:02.0791 3600 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\windows\system32\winsrv.dll
18:49:02.0862 3600 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
18:49:02.0968 3600 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
18:49:02.0998 3600 [Global] - ok
18:49:02.0999 3600 ================ Scan MBR ==================================
18:49:03.0029 3600 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
18:49:10.0698 3600 \Device\Harddisk0\DR0 - ok
18:49:10.0700 3600 ================ Scan VBR ==================================
18:49:10.0727 3600 [ E191F14C7BE1F526E4A67BA1D1E42632 ] \Device\Harddisk0\DR0\Partition1
18:49:10.0768 3600 \Device\Harddisk0\DR0\Partition1 - ok
18:49:10.0791 3600 [ 473EF0FCB68CF5570602911DA66025EF ] \Device\Harddisk0\DR0\Partition2
18:49:10.0803 3600 \Device\Harddisk0\DR0\Partition2 - ok
18:49:10.0846 3600 [ 6D21C2F50F2979CE42CFE3788FD368CB ] \Device\Harddisk0\DR0\Partition3
18:49:10.0914 3600 \Device\Harddisk0\DR0\Partition3 - ok
18:49:10.0915 3600 ============================================================
18:49:10.0916 3600 Scan finished
18:49:10.0916 3600 ============================================================
18:49:10.0925 3388 Detected object count: 1
18:49:10.0925 3388 Actual detected object count: 1
19:30:15.0184 3388 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
19:30:15.0207 3388 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
20.02.2013, 15:35
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Deutsche Bank als Startseite+ nicht funktionierendes Antivirenprogramm Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.03.2013, 22:54
| #11 |
| | Deutsche Bank als Startseite+ nicht funktionierendes Antivirenprogramm Hallo, vorab mag ich mich nochmals entschuldigen, dass ich so lange nicht zurück geschrieben habe! Ich habe das Programm durchlaufen lassen, hatte auch vorher "gedacht" alle Vierenprogramme geschlossen zuhaben, jedoch öffnete sich eins während des Scans ( Spyware). Ich habe es dann geschlossen und wurde darauf aufgefordert den Computer neu zu starten. Code:
ATTFilter ComboFix 13-03-03.01 - horst 03.03.2013 22:09:59.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.49.1031.18.1013.348 [GMT 1:00]
ausgeführt von:: c:\users\horst\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0tbpw.pad
c:\programdata\FullRemove.exe
c:\windows\host32.exe
c:\windows\system32\ntos.exe
c:\windows\system32\sdra64.exe
c:\windows\system32\twext.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-03 bis 2013-03-03 ))))))))))))))))))))))))))))))
.
.
2013-03-03 21:26 . 2013-03-03 21:30 -------- d-----w- c:\users\horst\AppData\Local\temp
2013-02-15 14:33 . 2013-02-15 14:33 100352 ----a-w- C:\fgloipoc.sys
2013-02-12 18:12 . 2013-02-12 18:12 -------- d-----w- c:\users\horst\AppData\Roaming\TeamViewer
2013-02-04 20:13 . 2013-02-04 20:13 -------- d-----w- c:\users\horst\AppData\Local\Programs
2013-02-04 17:59 . 2013-02-04 17:59 -------- d-----w- c:\program files\Crawler
2013-02-04 17:58 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2013-02-04 17:58 . 2013-03-03 21:30 -------- d-----w- c:\programdata\Spyware Terminator
2013-02-04 17:58 . 2013-02-04 17:58 -------- d-----w- c:\users\horst\AppData\Roaming\Spyware Terminator
2013-02-04 17:55 . 2013-02-04 18:00 -------- d-----w- c:\program files\Spyware Terminator
2013-02-03 08:10 . 2013-02-03 08:11 -------- d-----w- c:\program files\Ask.com
2013-02-03 07:55 . 2013-02-03 07:55 -------- d-----w- c:\users\horst\AppData\Roaming\Avira
2013-02-03 07:48 . 2012-11-27 09:01 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-02-03 07:48 . 2012-11-22 14:51 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-02-03 07:48 . 2012-11-22 14:50 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-02-03 07:48 . 2013-02-03 08:11 -------- d-----w- c:\programdata\Avira
2013-02-03 07:48 . 2013-02-03 07:48 -------- d-----w- c:\program files\Avira
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 16:46 . 2012-06-23 20:18 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-27 16:46 . 2012-06-23 20:18 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-14 15:49 . 2012-09-27 14:06 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-20 14:21 . 2013-02-20 14:21 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-03-25 1891720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-12-20 1574176]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2013-01-14 2777736]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-01-14 3674248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launcher.lnk - c:\program files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe [2012-11-23 510920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APLangApp]
2009-11-20 07:35 13312 ----a-w- c:\program files\AnyPC Client\APLangApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fsi]
2009-09-09 08:20 9728 ----a-w- c:\program files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-05-19 20:16 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
R2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [x]
S2 ALDITALKVerbindungsassistent_Service;ALDITALKVerbindungsassistent_Service;c:\program files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 16:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Crawler Search - tbr:iemenu
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\horst\AppData\Roaming\Mozilla\Firefox\Profiles\ik6ww1g4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://deutsche-bank.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=9bc7ef2c-6390-4566-92d5-3ab3c80b7123&apn_ptnrs=%5EAGS&apn_sauid=4A4B7705-C8AC-456E-AE9B-06825D318C74&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - ExtSQL: 2013-02-03 09:11; toolbar@ask.com; c:\users\horst\AppData\Roaming\Mozilla\Firefox\Profiles\ik6ww1g4.default\extensions\toolbar@ask.com
FF - ExtSQL: 2013-02-04 19:00; {4B3803EA-5230-4DC3-A7FC-33638F3D3542}; c:\program files\Crawler\Toolbar\firefox
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxp://deutsche-bank.de
FF - user.js: browser.startup.page - 1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-NortonOnlineBackup - c:\program files\Symantec\Norton Online Backup\NOBuClient.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1564)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files\AnyPC Client\APLanMgrC.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
c:\program files\Elantech\ETDCtrlHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-03 22:39:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-03-03 21:39
.
Vor Suchlauf: 6 Verzeichnis(se), 48.020.561.920 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 47.818.588.160 Bytes frei
.
- - End Of File - - 9945EB8A9520853F26466774D019FB75
|
|
04.03.2013, 09:10
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Deutsche Bank als Startseite+ nicht funktionierendes Antivirenprogramm JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.03.2013, 21:04
| #13 |
| | Deutsche Bank als Startseite+ nicht funktionierendes Antivirenprogramm Hallo, hier sind die Log-Dateien. Bei dem OTL Scan bekam ich nur eine Datei  Hier ist die von JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.7 (03.03.2013:1)
OS: Windows 7 Starter x86
Ran by horst on 04.03.2013 at 19:33:04,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{4b3803ea-5230-4dc3-a7fc-33638f3d3542}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3657556864-2306374585-1095554477-1000\software\microsoft\internet explorer\main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\ctoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\ctoolbar
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\menuext\crawler search
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ctbcommon.buttons
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ctbr.r404pro
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ctoolbar.tb4client
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ctoolbar.tb4script
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ctoolbar.tb4server
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\tbr
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\crawler
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{4b3803ea-5230-4dc3-a7fc-33638f3d3542}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Program Files\crawler"
~~~ FireFox
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml"
Successfully deleted: [File] C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\ik6ww1g4.default\user.js
Successfully deleted: [File] C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\ik6ww1g4.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\ik6ww1g4.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\ik6ww1g4.default\prefs.js
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.asktb.ff-original-keyword-url", "");
user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=9bc7ef2c-6390-4566-92d5-3ab3c80b7123&apn_ptnrs=%5EAGS&apn
Emptied folder: C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\ik6ww1g4.default\minidumps [123 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.03.2013 at 20:05:52,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.113 - Datei am 04/03/2013 um 20:12:22 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Starter (32 bits)
# Benutzer : horst - HORST-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\horst\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
Ordner Gelöscht : C:\Users\horst\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1DDA201E-5B42-4352-933E-21A92B297E3B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DBDB6FAA-1F5F-4A18-B60B-7A905C7FF83F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7459F1D0-9FB6-4D71-AA7B-9DECB34EB704}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CToolbar_UNINSTALL
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16450
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0 (de)
Datei : C:\Users\horst\AppData\Roaming\Mozilla\Firefox\Profiles\ik6ww1g4.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [8481 octets] - [04/03/2013 20:12:22]
########## EOF - C:\AdwCleaner[S1].txt - [8541 octets] ##########
Zuletzt die von OTL Code:
ATTFilter OTL logfile created on: 3/4/2013 8:44:19 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\horst\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013.30 Mb Total Physical Memory | 232.68 Mb Available Physical Memory | 22.96% Memory free 1.99 Gb Paging File | 0.81 Gb Available in Paging File | 40.80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 85.00 Gb Total Space | 44.63 Gb Free Space | 52.51% Space Free | Partition Type: NTFS Drive D: | 127.79 Gb Total Space | 5.82 Gb Free Space | 4.55% Space Free | Partition Type: NTFS Computer Name: HORST-PC | User Name: horst | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\horst\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Spyware Terminator\st_rsser.exe (Crawler.com) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () PRC - C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe () PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Samsung\SFB\SmartRestarter.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.) PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files\AnyPC Client\APLanMgrC.exe (DoctorSoft) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_171.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (NOBU) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe service File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (ST2012_Svc) -- C:\Program Files\Spyware Terminator\st_rsser.exe (Crawler.com) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe () SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\horst\AppData\Local\Temp\catchme.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys () DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\SearchScopes\{F29DC7DC-0E2F-4851-A203-951AB9017CB0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=9bc7ef2c-6390-4566-92d5-3ab3c80b7123&apn_sauid=4A4B7705-C8AC-456E-AE9B-06825D318C74 IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://deutsche-bank.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/20 15:21:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/20 15:21:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/21 20:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\Extensions [2013/03/04 20:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\Firefox\Profiles\ik6ww1g4.default\extensions [2013/02/14 15:01:16 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\ik6ww1g4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/02/20 15:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013/02/20 15:21:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/06/14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/09/24 21:46:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/06/14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/06/14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found. O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8887E514-3C3B-4C11-A12C-0AF78DF05D82}: DhcpNameServer = 80.69.103.78 80.69.100.102 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1C56BD0-7CFA-4BA8-8183-FA4269AF4094}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/04 19:32:56 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013/03/04 19:28:30 | 000,000,000 | ---D | C] -- C:\JRT [2013/03/04 19:27:06 | 000,547,601 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\horst\Desktop\JRT.exe [2013/03/03 22:29:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013/03/03 22:26:02 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Local\temp [2013/03/03 22:26:01 | 000,000,000 | ---D | C] -- C:\windows\temp [2013/03/03 21:55:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013/03/03 21:55:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013/03/03 21:55:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013/03/03 21:55:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/03/03 21:54:23 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013/03/03 21:52:03 | 005,036,260 | R--- | C] (Swearware) -- C:\Users\horst\Desktop\ComboFix.exe [2013/02/20 15:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/02/19 18:37:16 | 000,000,000 | ---D | C] -- C:\Users\horst\Documents\xenia [2013/02/15 20:08:31 | 000,000,000 | ---D | C] -- C:\Users\horst\Desktop\mbar-1.01.0.1020 [2013/02/15 15:33:46 | 000,100,352 | ---- | C] (GMER) -- C:\fgloipoc.sys [2013/02/12 19:12:47 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\TeamViewer [2013/02/12 19:10:32 | 003,878,360 | ---- | C] (TeamViewer) -- C:\Users\horst\Desktop\TeamViewerQS_de.exe [2013/02/12 18:59:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\horst\Desktop\OTL.exe [2013/02/10 22:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox.bak [2013/02/09 23:27:49 | 000,000,000 | ---D | C] -- C:\Users\horst\Desktop\Justified.Season 3.HDTV.XviD-ASAP [2013/02/09 23:27:34 | 000,000,000 | ---D | C] -- C:\Users\horst\Desktop\Season 2 [2013/02/04 21:13:48 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Local\Programs [2013/02/04 21:12:26 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\horst\Desktop\mbam-setup-1.70.0.1100.exe [2013/02/04 18:58:51 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Spyware Terminator [2013/02/04 18:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2013/02/04 18:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012 [2013/02/04 18:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator [2013/02/03 09:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013/02/03 08:55:39 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Avira [2013/02/03 08:49:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013/02/03 08:48:59 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013/02/03 08:48:59 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013/02/03 08:48:59 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013/02/03 08:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013/02/03 08:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Avira ========== Files - Modified Within 30 Days ========== [2013/03/04 20:46:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/03/04 20:23:57 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/04 20:23:57 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/04 20:14:31 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/03/04 20:14:21 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys [2013/03/04 20:10:36 | 000,594,019 | ---- | M] () -- C:\Users\horst\Desktop\adwcleaner.exe [2013/03/04 19:27:56 | 000,547,601 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\horst\Desktop\JRT.exe [2013/03/03 21:53:13 | 005,036,260 | R--- | M] (Swearware) -- C:\Users\horst\Desktop\ComboFix.exe [2013/02/19 19:30:33 | 000,000,512 | ---- | M] () -- C:\Users\horst\Desktop\MBR.dat [2013/02/15 15:33:46 | 000,100,352 | ---- | M] (GMER) -- C:\fgloipoc.sys [2013/02/15 15:31:24 | 013,711,621 | ---- | M] () -- C:\Users\horst\Desktop\mbar-1.01.0.1020.zip [2013/02/15 15:26:27 | 000,365,568 | ---- | M] () -- C:\Users\horst\Desktop\gmer_2.0.18454.exe [2013/02/12 19:11:21 | 003,878,360 | ---- | M] (TeamViewer) -- C:\Users\horst\Desktop\TeamViewerQS_de.exe [2013/02/12 19:00:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\horst\Desktop\OTL.exe [2013/02/04 21:13:31 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\horst\Desktop\mbam-setup-1.70.0.1100.exe [2013/02/03 09:11:32 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/02/03 08:36:50 | 105,661,272 | ---- | M] () -- C:\Users\horst\Desktop\avira_free_antivirus_2890de.exe ========== Files Created - No Company Name ========== [2013/03/04 20:10:11 | 000,594,019 | ---- | C] () -- C:\Users\horst\Desktop\adwcleaner.exe [2013/03/03 21:55:56 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013/03/03 21:55:56 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013/03/03 21:55:56 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013/03/03 21:55:56 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013/03/03 21:55:56 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013/02/19 19:30:33 | 000,000,512 | ---- | C] () -- C:\Users\horst\Desktop\MBR.dat [2013/02/15 15:29:30 | 013,711,621 | ---- | C] () -- C:\Users\horst\Desktop\mbar-1.01.0.1020.zip [2013/02/15 15:26:02 | 000,365,568 | ---- | C] () -- C:\Users\horst\Desktop\gmer_2.0.18454.exe [2013/02/04 18:58:54 | 000,032,768 | ---- | C] () -- C:\windows\System32\drivers\sp_rsdrv2.sys [2013/02/03 08:49:43 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/02/03 08:35:47 | 105,661,272 | ---- | C] () -- C:\Users\horst\Desktop\avira_free_antivirus_2890de.exe [2012/07/17 01:01:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/06/27 06:20:41 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Advanced Chemistry Development [2012/12/17 20:59:32 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\ALDITALKVerbindungsassistent [2012/11/07 19:21:19 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Kifi [2013/02/03 08:48:21 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Lore [2012/06/25 16:31:26 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\OpenOffice.org [2013/02/04 18:58:51 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Spyware Terminator [2013/02/12 19:12:47 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\TeamViewer [2013/02/03 08:57:25 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Vycugu ========== Purity Check ========== < End of report > |
|
04.03.2013, 21:17
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Deutsche Bank als Startseite+ nicht funktionierendes AntivirenprogrammFixen mit OTL
Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\SearchScopes\{F29DC7DC-0E2F-4851-A203-951AB9017CB0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=9bc7ef2c-6390-4566-92d5-3ab3c80b7123&apn_sauid=4A4B7705-C8AC-456E-AE9B-06825D318C74
[2013/02/03 08:48:21 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Lore
[2013/02/03 08:57:25 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Vycugu
[2013/02/19 19:30:33 | 000,000,512 | ---- | C] () -- C:\Users\horst\Desktop\MBR.dat
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.03.2013, 21:37
| #15 |
| | Deutsche Bank als Startseite+ nicht funktionierendes Antivirenprogramm So hier ist das Textdokument Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3657556864-2306374585-1095554477-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F29DC7DC-0E2F-4851-A203-951AB9017CB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F29DC7DC-0E2F-4851-A203-951AB9017CB0}\ not found.
C:\Users\horst\AppData\Roaming\Lore folder moved successfully.
C:\Users\horst\AppData\Roaming\Vycugu folder moved successfully.
C:\Users\horst\Desktop\MBR.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\horst\Desktop\cmd.bat deleted successfully.
C:\Users\horst\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: horst
->Temp folder emptied: 37624 bytes
->Temporary Internet Files folder emptied: 20417363 bytes
->FireFox cache emptied: 75484621 bytes
->Flash cache emptied: 711 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5284 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 92.00 mb
File move failed. C:\windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
OTL by OldTimer - Version 3.2.69.0 log created on 03042013_212712
Files\Folders moved on Reboot...
File move failed. C:\windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
| Themen zu Deutsche Bank als Startseite+ nicht funktionierendes Antivirenprogramm |
| antivierenprogramm, antivirenprogramm, avira, deutsche, einfach, erkennt, funktioniert, googel, hallo zusammen, herunter, keine updates, kleines, laden, manuel, problem, programm, seite, selbstständig, spyware, startseite, updates, version, zusammen, zusätzlich, ändern, ändert |
Textbox. 
Linear-Darstellung
