| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2 - Fehlermeldung erscheint ständig und kann nicht behoben werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.03.2013, 14:46
| #1 |
 |  TR/ATRAPS.Gen2 - Fehlermeldung erscheint ständig und kann nicht behoben werden Hallo zusammen, leider erscheint seit gestern minütlich bei meinem Virenscanner Avira die Fehlermeldung: Der Zugriff auf die Datei ´C:\$Recycle.Bin\S-1-5-18\...\80000032.@´ , die ein Virus oder unerwünschtes Programm ´TR/ATRAPS.Gen2´enthält, wurde verweigert. Diese Datei kann ich leider nicht entfernen. Ich habe bereits tdsskiller heruntergeladen, bei dem er einen threat gefunden hat. Ich nutze meinen pc auch für onlinebanking usw. Könnt Ihr mir helfen? Gruß Andrea |
|
23.03.2013, 15:25
| #2 | |
| /// TB-Ausbilder   | TR/ATRAPS.Gen2 - Fehlermeldung erscheint ständig und kann nicht behoben werden Hallo Andrea und
__________________ Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.  Hinweise zum Ablauf
Hoppla, ZeroAccess.. Zitat:
Weiter: Schritt 1 Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.
Schritt 2 Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
Schritt 3 Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ |
|
23.03.2013, 16:46
| #3 |
| | TR/ATRAPS.Gen2 - Fehlermeldung erscheint ständig und kann nicht behoben werden 14:43:47.0226 1436 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
__________________14:43:47.0304 1436 ============================================================ 14:43:47.0304 1436 Current date / time: 2013/03/23 14:43:47.0304 14:43:47.0304 1436 SystemInfo: 14:43:47.0304 1436 14:43:47.0304 1436 OS Version: 6.1.7601 ServicePack: 1.0 14:43:47.0304 1436 Product type: Workstation 14:43:47.0304 1436 ComputerName: SCHULZ-PC 14:43:47.0304 1436 UserName: SCHULZ 14:43:47.0304 1436 Windows directory: C:\Windows 14:43:47.0304 1436 System windows directory: C:\Windows 14:43:47.0304 1436 Running under WOW64 14:43:47.0304 1436 Processor architecture: Intel x64 14:43:47.0304 1436 Number of processors: 1 14:43:47.0304 1436 Page size: 0x1000 14:43:47.0304 1436 Boot type: Normal boot 14:43:47.0304 1436 ============================================================ 14:43:48.0240 1436 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:43:48.0240 1436 ============================================================ 14:43:48.0240 1436 \Device\Harddisk0\DR0: 14:43:48.0240 1436 MBR partitions: 14:43:48.0240 1436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 14:43:48.0240 1436 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800 14:43:48.0240 1436 ============================================================ 14:43:48.0271 1436 C: <-> \Device\Harddisk0\DR0\Partition2 14:43:48.0271 1436 ============================================================ 14:43:48.0271 1436 Initialize success 14:43:48.0271 1436 ============================================================ 14:43:54.0589 1172 ============================================================ 14:43:54.0589 1172 Scan started 14:43:54.0589 1172 Mode: Manual; SigCheck; TDLFS; 14:43:54.0589 1172 ============================================================ 14:43:55.0104 1172 ================ Scan system memory ======================== 14:43:55.0104 1172 System memory - ok 14:43:55.0104 1172 ================ Scan services ============================= 14:43:55.0260 1172 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 14:43:55.0354 1172 1394ohci - ok 14:43:55.0400 1172 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 14:43:55.0416 1172 ACPI - ok 14:43:55.0463 1172 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 14:43:55.0681 1172 AcpiPmi - ok 14:43:55.0806 1172 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 14:43:55.0822 1172 AdobeFlashPlayerUpdateSvc - ok 14:43:55.0884 1172 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 14:43:55.0900 1172 adp94xx - ok 14:43:55.0931 1172 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 14:43:55.0962 1172 adpahci - ok 14:43:55.0978 1172 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 14:43:55.0993 1172 adpu320 - ok 14:43:56.0024 1172 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:43:56.0149 1172 AeLookupSvc - ok 14:43:56.0212 1172 [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc C:\Windows\syswow64\drivers\Afc.sys 14:43:56.0274 1172 Afc - ok 14:43:56.0352 1172 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 14:43:56.0399 1172 AFD - ok 14:43:56.0446 1172 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 14:43:56.0461 1172 agp440 - ok 14:43:56.0508 1172 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 14:43:56.0539 1172 ALG - ok 14:43:56.0570 1172 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 14:43:56.0586 1172 aliide - ok 14:43:56.0602 1172 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 14:43:56.0617 1172 amdide - ok 14:43:56.0648 1172 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 14:43:56.0680 1172 AmdK8 - ok 14:43:56.0711 1172 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 14:43:56.0742 1172 AmdPPM - ok 14:43:56.0804 1172 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 14:43:56.0820 1172 amdsata - ok 14:43:56.0836 1172 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 14:43:56.0851 1172 amdsbs - ok 14:43:56.0882 1172 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 14:43:56.0898 1172 amdxata - ok 14:43:57.0007 1172 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 14:43:57.0023 1172 AntiVirSchedulerService - ok 14:43:57.0054 1172 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 14:43:57.0070 1172 AntiVirService - ok 14:43:57.0132 1172 [ D05B3EB1F1C8C7199D84C9D68D35FD78 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 14:43:57.0163 1172 AntiVirWebService - ok 14:43:57.0179 1172 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 14:43:57.0335 1172 AppID - ok 14:43:57.0366 1172 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 14:43:57.0413 1172 AppIDSvc - ok 14:43:57.0460 1172 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 14:43:57.0491 1172 Appinfo - ok 14:43:57.0538 1172 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 14:43:57.0584 1172 AppMgmt - ok 14:43:57.0600 1172 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 14:43:57.0616 1172 arc - ok 14:43:57.0631 1172 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 14:43:57.0647 1172 arcsas - ok 14:43:57.0678 1172 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:43:57.0740 1172 AsyncMac - ok 14:43:57.0772 1172 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 14:43:57.0787 1172 atapi - ok 14:43:57.0865 1172 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:43:57.0928 1172 AudioEndpointBuilder - ok 14:43:57.0943 1172 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 14:43:57.0974 1172 AudioSrv - ok 14:43:58.0037 1172 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 14:43:58.0052 1172 avgntflt - ok 14:43:58.0084 1172 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 14:43:58.0099 1172 avipbb - ok 14:43:58.0146 1172 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 14:43:58.0162 1172 avkmgr - ok 14:43:58.0193 1172 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 14:43:58.0255 1172 AxInstSV - ok 14:43:58.0302 1172 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 14:43:58.0349 1172 b06bdrv - ok 14:43:58.0380 1172 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 14:43:58.0427 1172 b57nd60a - ok 14:43:58.0474 1172 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 14:43:58.0505 1172 BDESVC - ok 14:43:58.0520 1172 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 14:43:58.0567 1172 Beep - ok 14:43:58.0583 1172 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 14:43:58.0614 1172 blbdrive - ok 14:43:58.0645 1172 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:43:58.0692 1172 bowser - ok 14:43:58.0708 1172 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 14:43:58.0770 1172 BrFiltLo - ok 14:43:58.0786 1172 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 14:43:58.0817 1172 BrFiltUp - ok 14:43:58.0848 1172 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 14:43:58.0879 1172 Browser - ok 14:43:58.0895 1172 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 14:43:58.0942 1172 Brserid - ok 14:43:58.0973 1172 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 14:43:58.0988 1172 BrSerWdm - ok 14:43:59.0004 1172 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 14:43:59.0035 1172 BrUsbMdm - ok 14:43:59.0051 1172 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 14:43:59.0082 1172 BrUsbSer - ok 14:43:59.0098 1172 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 14:43:59.0129 1172 BTHMODEM - ok 14:43:59.0160 1172 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 14:43:59.0207 1172 bthserv - ok 14:43:59.0238 1172 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:43:59.0285 1172 cdfs - ok 14:43:59.0332 1172 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 14:43:59.0378 1172 cdrom - ok 14:43:59.0425 1172 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 14:43:59.0456 1172 CertPropSvc - ok 14:43:59.0488 1172 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 14:43:59.0519 1172 circlass - ok 14:43:59.0550 1172 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 14:43:59.0581 1172 CLFS - ok 14:43:59.0628 1172 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:43:59.0644 1172 clr_optimization_v2.0.50727_32 - ok 14:43:59.0690 1172 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:43:59.0706 1172 clr_optimization_v2.0.50727_64 - ok 14:43:59.0924 1172 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:43:59.0940 1172 clr_optimization_v4.0.30319_32 - ok 14:43:59.0971 1172 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:43:59.0987 1172 clr_optimization_v4.0.30319_64 - ok 14:44:00.0018 1172 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 14:44:00.0034 1172 CmBatt - ok 14:44:00.0065 1172 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:44:00.0080 1172 cmdide - ok 14:44:00.0158 1172 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 14:44:00.0205 1172 CNG - ok 14:44:00.0236 1172 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 14:44:00.0236 1172 Compbatt - ok 14:44:00.0283 1172 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 14:44:00.0330 1172 CompositeBus - ok 14:44:00.0346 1172 COMSysApp - ok 14:44:00.0361 1172 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 14:44:00.0502 1172 crcdisk - ok 14:44:00.0548 1172 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:44:00.0595 1172 CryptSvc - ok 14:44:00.0626 1172 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 14:44:00.0704 1172 CSC - ok 14:44:00.0736 1172 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 14:44:00.0782 1172 CscService - ok 14:44:00.0829 1172 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 14:44:00.0892 1172 DcomLaunch - ok 14:44:00.0938 1172 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 14:44:01.0001 1172 defragsvc - ok 14:44:01.0063 1172 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:44:01.0110 1172 DfsC - ok 14:44:01.0157 1172 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 14:44:01.0204 1172 Dhcp - ok 14:44:01.0235 1172 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 14:44:01.0360 1172 discache - ok 14:44:01.0438 1172 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 14:44:01.0453 1172 Disk - ok 14:44:01.0484 1172 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:44:01.0531 1172 Dnscache - ok 14:44:01.0562 1172 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 14:44:01.0609 1172 dot3svc - ok 14:44:01.0640 1172 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 14:44:01.0703 1172 DPS - ok 14:44:01.0734 1172 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:44:01.0765 1172 drmkaud - ok 14:44:01.0812 1172 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:44:01.0859 1172 DXGKrnl - ok 14:44:01.0890 1172 [ 416A2007878ED1D6FC5DDDB9E1F6DB3E ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys 14:44:01.0937 1172 e1express - ok 14:44:01.0968 1172 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 14:44:02.0030 1172 EapHost - ok 14:44:02.0124 1172 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 14:44:02.0233 1172 ebdrv - ok 14:44:02.0280 1172 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 14:44:02.0358 1172 EFS - ok 14:44:02.0420 1172 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 14:44:02.0498 1172 ehRecvr - ok 14:44:02.0530 1172 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 14:44:02.0561 1172 ehSched - ok 14:44:02.0608 1172 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 14:44:02.0639 1172 elxstor - ok 14:44:02.0654 1172 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 14:44:02.0686 1172 ErrDev - ok 14:44:02.0732 1172 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 14:44:02.0779 1172 EventSystem - ok 14:44:02.0810 1172 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 14:44:02.0857 1172 exfat - ok 14:44:02.0873 1172 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:44:02.0935 1172 fastfat - ok 14:44:02.0998 1172 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 14:44:03.0091 1172 Fax - ok 14:44:03.0107 1172 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 14:44:03.0154 1172 fdc - ok 14:44:03.0200 1172 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 14:44:03.0247 1172 fdPHost - ok 14:44:03.0263 1172 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 14:44:03.0310 1172 FDResPub - ok 14:44:03.0356 1172 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:44:03.0372 1172 FileInfo - ok 14:44:03.0388 1172 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:44:03.0450 1172 Filetrace - ok 14:44:03.0481 1172 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 14:44:03.0497 1172 flpydisk - ok 14:44:03.0528 1172 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:44:03.0559 1172 FltMgr - ok 14:44:03.0606 1172 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 14:44:03.0684 1172 FontCache - ok 14:44:03.0715 1172 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 14:44:03.0731 1172 FsDepends - ok 14:44:03.0762 1172 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:44:03.0762 1172 Fs_Rec - ok 14:44:03.0809 1172 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 14:44:03.0824 1172 fvevol - ok 14:44:03.0840 1172 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 14:44:03.0856 1172 gagp30kx - ok 14:44:03.0918 1172 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 14:44:04.0027 1172 gpsvc - ok 14:44:04.0105 1172 [ B9893A68032A6D9ADDB5B98287C630F7 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys 14:44:04.0105 1172 grmnusb - ok 14:44:04.0121 1172 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 14:44:04.0246 1172 hcw85cir - ok 14:44:04.0308 1172 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:44:04.0339 1172 HdAudAddService - ok 14:44:04.0480 1172 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 14:44:04.0604 1172 HDAudBus - ok 14:44:04.0636 1172 [ 3CE9668E4AD154424B39EFAC30C49DEB ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 14:44:04.0651 1172 HECIx64 - ok 14:44:04.0682 1172 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 14:44:04.0714 1172 HidBatt - ok 14:44:04.0729 1172 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 14:44:04.0760 1172 HidBth - ok 14:44:04.0776 1172 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 14:44:04.0823 1172 HidIr - ok 14:44:04.0838 1172 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 14:44:04.0901 1172 hidserv - ok 14:44:04.0948 1172 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 14:44:04.0979 1172 HidUsb - ok 14:44:04.0994 1172 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 14:44:05.0072 1172 hkmsvc - ok 14:44:05.0104 1172 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 14:44:05.0150 1172 HomeGroupListener - ok 14:44:05.0182 1172 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 14:44:05.0213 1172 HomeGroupProvider - ok 14:44:05.0228 1172 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 14:44:05.0244 1172 HpSAMD - ok 14:44:05.0291 1172 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:44:05.0353 1172 HTTP - ok 14:44:05.0369 1172 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 14:44:05.0384 1172 hwpolicy - ok 14:44:05.0416 1172 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 14:44:05.0431 1172 i8042prt - ok 14:44:05.0478 1172 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 14:44:05.0509 1172 iaStorV - ok 14:44:05.0665 1172 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 14:44:05.0681 1172 IDriverT ( UnsignedFile.Multi.Generic ) - warning 14:44:05.0681 1172 IDriverT - detected UnsignedFile.Multi.Generic (1) 14:44:06.0055 1172 [ 24CC43ECDEEFD4C19FBBEE4951B647F1 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 14:44:06.0227 1172 igfx - ok 14:44:06.0258 1172 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 14:44:06.0274 1172 iirsp - ok 14:44:06.0320 1172 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 14:44:06.0383 1172 IKEEXT - ok 14:44:06.0430 1172 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 14:44:06.0430 1172 intelide - ok 14:44:06.0461 1172 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 14:44:06.0476 1172 intelppm - ok 14:44:06.0523 1172 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:44:06.0570 1172 IPBusEnum - ok 14:44:06.0601 1172 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:44:06.0648 1172 IpFilterDriver - ok 14:44:06.0679 1172 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 14:44:06.0710 1172 IPMIDRV - ok 14:44:06.0757 1172 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 14:44:06.0804 1172 IPNAT - ok 14:44:06.0820 1172 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:44:06.0898 1172 IRENUM - ok 14:44:06.0913 1172 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:44:06.0929 1172 isapnp - ok 14:44:06.0960 1172 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 14:44:06.0991 1172 iScsiPrt - ok 14:44:07.0022 1172 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 14:44:07.0022 1172 kbdclass - ok 14:44:07.0069 1172 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 14:44:07.0100 1172 kbdhid - ok 14:44:07.0132 1172 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 14:44:07.0147 1172 KeyIso - ok 14:44:07.0178 1172 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:44:07.0194 1172 KSecDD - ok 14:44:07.0225 1172 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 14:44:07.0241 1172 KSecPkg - ok 14:44:07.0272 1172 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 14:44:07.0319 1172 ksthunk - ok 14:44:07.0366 1172 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 14:44:07.0412 1172 KtmRm - ok 14:44:07.0444 1172 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 14:44:07.0506 1172 LanmanServer - ok 14:44:07.0537 1172 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:44:07.0584 1172 LanmanWorkstation - ok 14:44:07.0615 1172 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:44:07.0662 1172 lltdio - ok 14:44:07.0724 1172 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:44:07.0771 1172 lltdsvc - ok 14:44:07.0787 1172 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:44:07.0834 1172 lmhosts - ok 14:44:07.0880 1172 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 14:44:07.0896 1172 LSI_FC - ok 14:44:07.0912 1172 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 14:44:07.0927 1172 LSI_SAS - ok 14:44:07.0958 1172 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 14:44:07.0974 1172 LSI_SAS2 - ok 14:44:07.0990 1172 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 14:44:08.0005 1172 LSI_SCSI - ok 14:44:08.0021 1172 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 14:44:08.0083 1172 luafv - ok 14:44:08.0114 1172 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 14:44:08.0146 1172 Mcx2Svc - ok 14:44:08.0161 1172 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 14:44:08.0177 1172 megasas - ok 14:44:08.0208 1172 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 14:44:08.0224 1172 MegaSR - ok 14:44:08.0255 1172 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 14:44:08.0317 1172 MMCSS - ok 14:44:08.0333 1172 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 14:44:08.0380 1172 Modem - ok 14:44:08.0426 1172 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:44:08.0442 1172 monitor - ok 14:44:08.0473 1172 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 14:44:08.0473 1172 mouclass - ok 14:44:08.0504 1172 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:44:08.0520 1172 mouhid - ok 14:44:08.0551 1172 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 14:44:08.0567 1172 mountmgr - ok 14:44:08.0629 1172 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 14:44:08.0645 1172 MozillaMaintenance - ok 14:44:08.0676 1172 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 14:44:08.0692 1172 mpio - ok 14:44:08.0707 1172 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:44:08.0754 1172 mpsdrv - ok 14:44:08.0785 1172 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:44:08.0816 1172 MRxDAV - ok 14:44:08.0848 1172 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:44:08.0910 1172 mrxsmb - ok 14:44:08.0941 1172 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:44:08.0972 1172 mrxsmb10 - ok 14:44:08.0988 1172 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:44:09.0004 1172 mrxsmb20 - ok 14:44:09.0019 1172 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 14:44:09.0035 1172 msahci - ok 14:44:09.0066 1172 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:44:09.0082 1172 msdsm - ok 14:44:09.0113 1172 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 14:44:09.0128 1172 MSDTC - ok 14:44:09.0160 1172 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:44:09.0206 1172 Msfs - ok 14:44:09.0238 1172 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 14:44:09.0284 1172 mshidkmdf - ok 14:44:09.0316 1172 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:44:09.0331 1172 msisadrv - ok 14:44:09.0362 1172 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:44:09.0409 1172 MSiSCSI - ok 14:44:09.0425 1172 msiserver - ok 14:44:09.0456 1172 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:44:09.0518 1172 MSKSSRV - ok 14:44:09.0534 1172 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:44:09.0581 1172 MSPCLOCK - ok 14:44:09.0596 1172 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:44:09.0643 1172 MSPQM - ok 14:44:09.0690 1172 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:44:09.0706 1172 MsRPC - ok 14:44:09.0752 1172 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 14:44:09.0768 1172 mssmbios - ok 14:44:09.0768 1172 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:44:09.0815 1172 MSTEE - ok 14:44:09.0846 1172 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 14:44:09.0862 1172 MTConfig - ok 14:44:09.0877 1172 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 14:44:09.0893 1172 Mup - ok 14:44:09.0924 1172 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 14:44:09.0986 1172 napagent - ok 14:44:10.0033 1172 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:44:10.0064 1172 NativeWifiP - ok 14:44:10.0127 1172 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:44:10.0174 1172 NDIS - ok 14:44:10.0205 1172 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 14:44:10.0236 1172 NdisCap - ok 14:44:10.0267 1172 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:44:10.0330 1172 NdisTapi - ok 14:44:10.0361 1172 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:44:10.0423 1172 Ndisuio - ok 14:44:10.0454 1172 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:44:10.0501 1172 NdisWan - ok 14:44:10.0532 1172 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:44:10.0595 1172 NDProxy - ok 14:44:10.0626 1172 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:44:10.0673 1172 NetBIOS - ok 14:44:10.0720 1172 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 14:44:10.0766 1172 NetBT - ok 14:44:10.0782 1172 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 14:44:10.0813 1172 Netlogon - ok 14:44:10.0844 1172 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 14:44:10.0954 1172 Netman - ok 14:44:11.0016 1172 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 14:44:11.0110 1172 netprofm - ok 14:44:11.0125 1172 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 14:44:11.0141 1172 nfrd960 - ok 14:44:11.0172 1172 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 14:44:11.0219 1172 NlaSvc - ok 14:44:11.0297 1172 [ 6EF0506CE1F553E9BD085645933C8686 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe 14:44:11.0312 1172 NMIndexingService - ok 14:44:11.0328 1172 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:44:11.0375 1172 Npfs - ok 14:44:11.0406 1172 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 14:44:11.0453 1172 nsi - ok 14:44:11.0468 1172 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:44:11.0515 1172 nsiproxy - ok 14:44:11.0593 1172 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:44:11.0656 1172 Ntfs - ok 14:44:11.0671 1172 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 14:44:11.0718 1172 Null - ok 14:44:11.0765 1172 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:44:11.0780 1172 nvraid - ok 14:44:11.0796 1172 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:44:11.0812 1172 nvstor - ok 14:44:11.0858 1172 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:44:11.0874 1172 nv_agp - ok 14:44:11.0905 1172 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 14:44:11.0936 1172 ohci1394 - ok 14:44:11.0983 1172 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 14:44:12.0030 1172 p2pimsvc - ok 14:44:12.0061 1172 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 14:44:12.0092 1172 p2psvc - ok 14:44:12.0139 1172 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 14:44:12.0155 1172 Parport - ok 14:44:12.0186 1172 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:44:12.0202 1172 partmgr - ok 14:44:12.0217 1172 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 14:44:12.0248 1172 PcaSvc - ok 14:44:12.0280 1172 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 14:44:12.0295 1172 pci - ok 14:44:12.0326 1172 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 14:44:12.0342 1172 pciide - ok 14:44:12.0358 1172 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 14:44:12.0373 1172 pcmcia - ok 14:44:12.0404 1172 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 14:44:12.0420 1172 pcw - ok 14:44:12.0451 1172 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:44:12.0545 1172 PEAUTH - ok 14:44:12.0592 1172 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 14:44:12.0670 1172 PeerDistSvc - ok 14:44:12.0732 1172 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 14:44:12.0763 1172 PerfHost - ok 14:44:12.0826 1172 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 14:44:12.0919 1172 pla - ok 14:44:12.0966 1172 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:44:12.0997 1172 PlugPlay - ok 14:44:13.0028 1172 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 14:44:13.0060 1172 PNRPAutoReg - ok 14:44:13.0091 1172 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 14:44:13.0122 1172 PNRPsvc - ok 14:44:13.0153 1172 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:44:13.0216 1172 PolicyAgent - ok 14:44:13.0262 1172 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 14:44:13.0309 1172 Power - ok 14:44:13.0325 1172 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:44:13.0387 1172 PptpMiniport - ok 14:44:13.0403 1172 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 14:44:13.0434 1172 Processor - ok 14:44:13.0465 1172 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 14:44:13.0528 1172 ProfSvc - ok 14:44:13.0543 1172 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 14:44:13.0574 1172 ProtectedStorage - ok 14:44:13.0637 1172 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 14:44:13.0668 1172 Psched - ok 14:44:13.0730 1172 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 14:44:13.0793 1172 ql2300 - ok 14:44:13.0840 1172 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 14:44:13.0855 1172 ql40xx - ok 14:44:13.0886 1172 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 14:44:13.0918 1172 QWAVE - ok 14:44:13.0949 1172 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:44:13.0980 1172 QWAVEdrv - ok 14:44:14.0011 1172 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:44:14.0074 1172 RasAcd - ok 14:44:14.0105 1172 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 14:44:14.0152 1172 RasAgileVpn - ok 14:44:14.0183 1172 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 14:44:14.0230 1172 RasAuto - ok 14:44:14.0276 1172 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:44:14.0339 1172 Rasl2tp - ok 14:44:14.0370 1172 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 14:44:14.0417 1172 RasMan - ok 14:44:14.0464 1172 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:44:14.0510 1172 RasPppoe - ok 14:44:14.0542 1172 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:44:14.0588 1172 RasSstp - ok 14:44:14.0620 1172 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:44:14.0698 1172 rdbss - ok 14:44:14.0713 1172 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 14:44:14.0744 1172 rdpbus - ok 14:44:14.0760 1172 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:44:14.0807 1172 RDPCDD - ok 14:44:14.0854 1172 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 14:44:14.0885 1172 RDPDR - ok 14:44:14.0916 1172 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:44:14.0963 1172 RDPENCDD - ok 14:44:14.0978 1172 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 14:44:15.0025 1172 RDPREFMP - ok 14:44:15.0088 1172 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 14:44:15.0103 1172 RdpVideoMiniport - ok 14:44:15.0134 1172 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:44:15.0166 1172 RDPWD - ok 14:44:15.0212 1172 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 14:44:15.0228 1172 rdyboost - ok 14:44:15.0275 1172 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 14:44:15.0337 1172 RemoteAccess - ok 14:44:15.0368 1172 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:44:15.0415 1172 RemoteRegistry - ok 14:44:15.0431 1172 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 14:44:15.0509 1172 RpcEptMapper - ok 14:44:15.0540 1172 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 14:44:15.0556 1172 RpcLocator - ok 14:44:15.0587 1172 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 14:44:15.0634 1172 RpcSs - ok 14:44:15.0665 1172 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:44:15.0712 1172 rspndr - ok 14:44:15.0743 1172 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 14:44:15.0774 1172 s3cap - ok 14:44:15.0790 1172 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 14:44:15.0805 1172 SamSs - ok 14:44:15.0899 1172 [ F444EBA4C58AD1D6D1DA9850C2B5D829 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys 14:44:15.0930 1172 SbieDrv - ok 14:44:15.0961 1172 [ 9E92ABAE6F6A63C4307FE7CC4AC95831 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe 14:44:15.0977 1172 SbieSvc - ok 14:44:16.0008 1172 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:44:16.0024 1172 sbp2port - ok 14:44:16.0055 1172 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:44:16.0117 1172 SCardSvr - ok 14:44:16.0148 1172 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 14:44:16.0180 1172 scfilter - ok 14:44:16.0242 1172 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 14:44:16.0320 1172 Schedule - ok 14:44:16.0367 1172 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 14:44:16.0414 1172 SCPolicySvc - ok 14:44:16.0445 1172 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:44:16.0460 1172 SDRSVC - ok 14:44:16.0507 1172 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:44:16.0554 1172 secdrv - ok 14:44:16.0585 1172 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 14:44:16.0632 1172 seclogon - ok 14:44:16.0679 1172 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 14:44:16.0726 1172 SENS - ok 14:44:16.0741 1172 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 14:44:16.0788 1172 SensrSvc - ok 14:44:16.0804 1172 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 14:44:16.0819 1172 Serenum - ok 14:44:16.0850 1172 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 14:44:16.0866 1172 Serial - ok 14:44:16.0913 1172 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 14:44:16.0944 1172 sermouse - ok 14:44:16.0991 1172 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 14:44:17.0038 1172 SessionEnv - ok 14:44:17.0053 1172 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:44:17.0100 1172 sffdisk - ok 14:44:17.0116 1172 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:44:17.0147 1172 sffp_mmc - ok 14:44:17.0147 1172 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:44:17.0178 1172 sffp_sd - ok 14:44:17.0209 1172 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 14:44:17.0240 1172 sfloppy - ok 14:44:17.0287 1172 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:44:17.0350 1172 ShellHWDetection - ok 14:44:17.0365 1172 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 14:44:17.0381 1172 SiSRaid2 - ok 14:44:17.0396 1172 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 14:44:17.0412 1172 SiSRaid4 - ok 14:44:17.0443 1172 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:44:17.0490 1172 Smb - ok 14:44:17.0537 1172 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:44:17.0568 1172 SNMPTRAP - ok 14:44:17.0584 1172 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 14:44:17.0599 1172 spldr - ok 14:44:17.0630 1172 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 14:44:17.0755 1172 Spooler - ok 14:44:17.0989 1172 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 14:44:18.0145 1172 sppsvc - ok 14:44:18.0192 1172 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 14:44:18.0239 1172 sppuinotify - ok 14:44:18.0270 1172 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 14:44:18.0317 1172 srv - ok 14:44:18.0332 1172 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:44:18.0364 1172 srv2 - ok 14:44:18.0395 1172 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:44:18.0442 1172 srvnet - ok 14:44:18.0520 1172 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:44:18.0566 1172 SSDPSRV - ok 14:44:18.0629 1172 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys 14:44:18.0629 1172 SSPORT - ok 14:44:18.0660 1172 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:44:18.0691 1172 SstpSvc - ok 14:44:18.0722 1172 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 14:44:18.0738 1172 stexstor - ok 14:44:18.0785 1172 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 14:44:18.0847 1172 stisvc - ok 14:44:18.0878 1172 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 14:44:18.0894 1172 storflt - ok 14:44:18.0925 1172 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 14:44:18.0941 1172 storvsc - ok 14:44:18.0972 1172 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 14:44:18.0972 1172 swenum - ok 14:44:19.0019 1172 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 14:44:19.0081 1172 swprv - ok 14:44:19.0128 1172 Synth3dVsc - ok 14:44:19.0190 1172 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 14:44:19.0268 1172 SysMain - ok 14:44:19.0300 1172 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 14:44:19.0331 1172 TabletInputService - ok 14:44:19.0362 1172 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 14:44:19.0424 1172 TapiSrv - ok 14:44:19.0456 1172 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 14:44:19.0518 1172 TBS - ok 14:44:19.0596 1172 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:44:19.0658 1172 Tcpip - ok 14:44:19.0721 1172 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 14:44:19.0752 1172 TCPIP6 - ok 14:44:19.0783 1172 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:44:19.0814 1172 tcpipreg - ok 14:44:19.0846 1172 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:44:19.0892 1172 TDPIPE - ok 14:44:19.0924 1172 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:44:19.0939 1172 TDTCP - ok 14:44:19.0970 1172 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:44:20.0033 1172 tdx - ok 14:44:20.0080 1172 [ 213723E1A736910C644B457DE6D095E2 ] TeamViewer5 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe 14:44:20.0095 1172 TeamViewer5 - ok 14:44:20.0111 1172 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 14:44:20.0126 1172 TermDD - ok 14:44:20.0158 1172 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 14:44:20.0220 1172 TermService - ok 14:44:20.0282 1172 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 14:44:20.0314 1172 Themes - ok 14:44:20.0329 1172 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 14:44:20.0376 1172 THREADORDER - ok 14:44:20.0407 1172 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys 14:44:20.0438 1172 TPM - ok 14:44:20.0470 1172 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 14:44:20.0516 1172 TrkWks - ok 14:44:20.0579 1172 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:44:20.0641 1172 TrustedInstaller - ok 14:44:20.0688 1172 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:44:20.0719 1172 tssecsrv - ok 14:44:20.0766 1172 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 14:44:20.0797 1172 TsUsbFlt - ok 14:44:20.0813 1172 tsusbhub - ok 14:44:20.0844 1172 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:44:20.0906 1172 tunnel - ok 14:44:20.0938 1172 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 14:44:20.0953 1172 uagp35 - ok 14:44:21.0000 1172 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:44:21.0047 1172 udfs - ok 14:44:21.0094 1172 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:44:21.0125 1172 UI0Detect - ok 14:44:21.0218 1172 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:44:21.0234 1172 uliagpkx - ok 14:44:21.0374 1172 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 14:44:21.0437 1172 umbus - ok 14:44:21.0468 1172 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 14:44:21.0499 1172 UmPass - ok 14:44:21.0530 1172 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 14:44:21.0562 1172 UmRdpService - ok 14:44:21.0608 1172 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 14:44:21.0655 1172 upnphost - ok 14:44:21.0671 1172 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:44:21.0702 1172 usbccgp - ok 14:44:21.0749 1172 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 14:44:21.0764 1172 usbcir - ok 14:44:21.0811 1172 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 14:44:21.0827 1172 usbehci - ok 14:44:21.0858 1172 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:44:21.0889 1172 usbhub - ok 14:44:21.0920 1172 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 14:44:21.0936 1172 usbohci - ok 14:44:21.0967 1172 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 14:44:22.0014 1172 usbprint - ok 14:44:22.0030 1172 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 14:44:22.0045 1172 usbscan - ok 14:44:22.0076 1172 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:44:22.0108 1172 USBSTOR - ok 14:44:22.0154 1172 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 14:44:22.0186 1172 usbuhci - ok 14:44:22.0217 1172 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 14:44:22.0279 1172 UxSms - ok 14:44:22.0295 1172 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 14:44:22.0310 1172 VaultSvc - ok 14:44:22.0342 1172 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 14:44:22.0357 1172 vdrvroot - ok 14:44:22.0388 1172 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 14:44:22.0466 1172 vds - ok 14:44:22.0498 1172 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:44:22.0513 1172 vga - ok 14:44:22.0529 1172 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 14:44:22.0591 1172 VgaSave - ok 14:44:22.0607 1172 VGPU - ok 14:44:22.0638 1172 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 14:44:22.0654 1172 vhdmp - ok 14:44:22.0685 1172 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 14:44:22.0700 1172 viaide - ok 14:44:22.0747 1172 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 14:44:22.0763 1172 vmbus - ok 14:44:22.0778 1172 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 14:44:22.0794 1172 VMBusHID - ok 14:44:22.0825 1172 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:44:22.0841 1172 volmgr - ok 14:44:22.0872 1172 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:44:22.0903 1172 volmgrx - ok 14:44:22.0934 1172 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:44:22.0950 1172 volsnap - ok 14:44:22.0981 1172 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 14:44:22.0997 1172 vsmraid - ok 14:44:23.0059 1172 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 14:44:23.0153 1172 VSS - ok 14:44:23.0184 1172 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 14:44:23.0215 1172 vwifibus - ok 14:44:23.0246 1172 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 14:44:23.0309 1172 W32Time - ok 14:44:23.0340 1172 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 14:44:23.0356 1172 WacomPen - ok 14:44:23.0402 1172 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 14:44:23.0449 1172 WANARP - ok 14:44:23.0465 1172 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:44:23.0512 1172 Wanarpv6 - ok 14:44:23.0558 1172 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 14:44:23.0621 1172 wbengine - ok 14:44:23.0652 1172 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 14:44:23.0683 1172 WbioSrvc - ok 14:44:23.0730 1172 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 14:44:23.0746 1172 wcncsvc - ok 14:44:23.0777 1172 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 14:44:23.0808 1172 WcsPlugInService - ok 14:44:23.0839 1172 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 14:44:23.0839 1172 Wd - ok 14:44:23.0886 1172 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:44:23.0933 1172 Wdf01000 - ok 14:44:23.0964 1172 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 14:44:24.0042 1172 WdiServiceHost - ok 14:44:24.0042 1172 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 14:44:24.0073 1172 WdiSystemHost - ok 14:44:24.0104 1172 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 14:44:24.0136 1172 WebClient - ok 14:44:24.0167 1172 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 14:44:24.0229 1172 Wecsvc - ok 14:44:24.0260 1172 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:44:24.0292 1172 wercplsupport - ok 14:44:24.0338 1172 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 14:44:24.0385 1172 WerSvc - ok 14:44:24.0432 1172 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 14:44:24.0479 1172 WfpLwf - ok 14:44:24.0494 1172 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 14:44:24.0510 1172 WIMMount - ok 14:44:24.0526 1172 WinHttpAutoProxySvc - ok 14:44:24.0572 1172 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:44:24.0650 1172 Winmgmt - ok 14:44:24.0713 1172 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 14:44:24.0806 1172 WinRM - ok 14:44:24.0869 1172 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 14:44:24.0900 1172 WinUsb - ok 14:44:24.0947 1172 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 14:44:25.0009 1172 Wlansvc - ok 14:44:25.0118 1172 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:44:25.0212 1172 wlidsvc - ok 14:44:25.0228 1172 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 14:44:25.0259 1172 WmiAcpi - ok 14:44:25.0290 1172 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:44:25.0321 1172 wmiApSrv - ok 14:44:25.0352 1172 WMPNetworkSvc - ok 14:44:25.0399 1172 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:44:25.0415 1172 WPCSvc - ok 14:44:25.0446 1172 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:44:25.0477 1172 WPDBusEnum - ok 14:44:25.0508 1172 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:44:25.0555 1172 ws2ifsl - ok 14:44:25.0555 1172 WSearch - ok 14:44:25.0586 1172 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 14:44:25.0618 1172 WudfPf - ok 14:44:25.0664 1172 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:44:25.0680 1172 WUDFRd - ok 14:44:25.0711 1172 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:44:25.0742 1172 wudfsvc - ok 14:44:25.0774 1172 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 14:44:25.0820 1172 WwanSvc - ok 14:44:25.0836 1172 ================ Scan global =============================== 14:44:25.0867 1172 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 14:44:25.0914 1172 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 14:44:25.0930 1172 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 14:44:25.0961 1172 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 14:44:25.0992 1172 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 14:44:26.0008 1172 [Global] - ok 14:44:26.0008 1172 ================ Scan MBR ================================== 14:44:26.0023 1172 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 14:44:26.0678 1172 \Device\Harddisk0\DR0 - ok 14:44:26.0678 1172 ================ Scan VBR ================================== 14:44:26.0678 1172 [ 10761BCFA0D6335CA27C476BB3F98CD5 ] \Device\Harddisk0\DR0\Partition1 14:44:26.0678 1172 \Device\Harddisk0\DR0\Partition1 - ok 14:44:26.0725 1172 [ 0C75D0BB5583E52890DE26EF723CF3BD ] \Device\Harddisk0\DR0\Partition2 14:44:26.0725 1172 \Device\Harddisk0\DR0\Partition2 - ok 14:44:26.0741 1172 ============================================================ 14:44:26.0741 1172 Scan finished 14:44:26.0741 1172 ============================================================ 14:44:26.0756 2732 Detected object count: 1 14:44:26.0756 2732 Actual detected object count: 1 14:44:34.0002 2732 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 14:44:34.0002 2732 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:44:44.0142 2532 Deinitialize success |
|
23.03.2013, 16:51
| #4 |
| /// TB-Ausbilder | TR/ATRAPS.Gen2 - Fehlermeldung erscheint ständig und kann nicht behoben werden Hallo, dieser "Fund" von TDSSKiller ist keine Malware. Arbeite bitte die angegebenen Schritte ab und poste dann die Logs, sobald alle Scans durch sind.
__________________ cheers, Leo |
|
23.03.2013, 17:40
| #5 |
| | TR/ATRAPS.Gen2 - Fehlermeldung erscheint ständig und kann nicht behoben werden GMER Logfile: Code:
ATTFilter GMER 2.1.19155 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-03-23 17:30:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 WDC_WD2500AAJS-07VWA0 rev.12.01B02 232,89GB
Running: bc707v3z.exe; Driver: C:\Users\SCHULZ\AppData\Local\Temp\pwdiqpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\svchost.exe[5072] C:\Windows\syswow64\user32.dll!GetCursorPos 0000000077061218 5 bytes JMP 000000010025000a
.text C:\Windows\SysWOW64\svchost.exe[5072] C:\Windows\syswow64\user32.dll!DialogBoxIndirectParamAorW 000000007707ce54 5 bytes JMP 000000010026000a
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [636:3344] 000007fef94f2154
Thread C:\Windows\system32\svchost.exe [720:2264] 000007fef94f2154
Thread C:\Windows\System32\svchost.exe [848:2568] 000007fef5ff20c0
Thread C:\Windows\System32\svchost.exe [848:2588] 000007fef5ff26a8
Thread C:\Windows\System32\svchost.exe [848:16028] 000007fef5ff29dc
Thread C:\Windows\System32\svchost.exe [848:16116] 000007fef5ff29dc
Thread C:\Windows\system32\svchost.exe [896:1228] 000007fefa731a50
Thread C:\Windows\system32\svchost.exe [896:1820] 000003334567154c
Thread C:\Windows\system32\svchost.exe [896:1804] 0000000001251808
Thread C:\Windows\system32\svchost.exe [896:1824] 00000000012647f0
Thread C:\Windows\system32\svchost.exe [896:1944] 0000000001264310
Thread C:\Windows\system32\svchost.exe [896:1928] 0000000001268a70
Thread C:\Windows\system32\svchost.exe [896:2032] 00000000012641b0
Thread C:\Windows\system32\svchost.exe [896:2936] 000007fef50e506c
Thread C:\Windows\system32\svchost.exe [896:2940] 000007fefafb1c20
Thread C:\Windows\system32\svchost.exe [896:2260] 000007fefafb1c20
Thread C:\Windows\system32\svchost.exe [896:1976] 000007fef7d74164
Thread C:\Windows\system32\svchost.exe [896:17256] 000007fef71e1ab0
Thread C:\Windows\system32\svchost.exe [1060:1092] 000007fefab4341c
Thread C:\Windows\system32\svchost.exe [1060:1108] 000007fefab43a2c
Thread C:\Windows\system32\svchost.exe [1060:1112] 000007fefab43768
Thread C:\Windows\system32\svchost.exe [1060:1116] 000007fefab45c20
Thread C:\Windows\system32\svchost.exe [1060:1840] 000007fef8c5bd88
Thread C:\Windows\system32\svchost.exe [1060:556] 000007fef60c5170
Thread C:\Windows\system32\svchost.exe [1060:2892] 000007fef8b05124
Thread C:\Windows\system32\svchost.exe [1060:16316] 000007fefab43900
Thread C:\Windows\System32\spoolsv.exe [1260:2008] 000007fef48c10c8
Thread C:\Windows\System32\spoolsv.exe [1260:1156] 000007fef4756144
Thread C:\Windows\System32\spoolsv.exe [1260:1784] 000007fef4705fd0
Thread C:\Windows\System32\spoolsv.exe [1260:1080] 000007fef46f3438
Thread C:\Windows\System32\spoolsv.exe [1260:620] 000007fef47063ec
Thread C:\Windows\System32\spoolsv.exe [1260:2808] 000007fef5015e5c
Thread C:\Windows\System32\spoolsv.exe [1260:1632] 000007fef4c15074
Thread C:\Windows\system32\taskhost.exe [1312:1372] 000007fefa362740
Thread C:\Windows\system32\taskhost.exe [1312:1480] 000007fefa141010
Thread C:\Windows\system32\taskhost.exe [1312:1488] 000007fef9cb1f38
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2572:2504] 000007fefb4c2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2572:2000] 000007fef2d9d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2572:2612] 000007fef8b05124
Thread C:\Windows\SysWOW64\svchost.exe [5072:5108] 00000000746482d0
Thread C:\Windows\SysWOW64\svchost.exe [5072:5116] 0000000074647cd0
Thread C:\Windows\SysWOW64\svchost.exe [5072:4120] 0000000074647c90
Thread C:\Windows\SysWOW64\svchost.exe [5072:4400] 0000000074647b10
---- Processes - GMER 2.1 ----
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [452] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2011-07-02 08:34:58) 000007fefcdc0000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1420] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2011-07-02 08:34:58) 000007fefcdc0000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1032] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2011-07-02 08:34:58) 000007fefcdc0000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPService.exe [2840] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2011-07-02 08:34:32) 00000000748c0000
---- EOF - GMER 2.1 ----
|
|
23.03.2013, 17:47
| #6 |
| /// TB-Ausbilder | TR/ATRAPS.Gen2 - Fehlermeldung erscheint ständig und kann nicht behoben werden Fehlen nur noch die Logs von OTL
__________________ --> TR/ATRAPS.Gen2 - Fehlermeldung erscheint ständig und kann nicht behoben werden Geändert von aharonov (23.03.2013 um 18:13 Uhr) |
|
23.03.2013, 18:00
| #7 |
| | TR/ATRAPS.Gen2 - Fehlermeldung erscheint ständig und kann nicht behoben werden OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.03.2013 17:42:52 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SCHULZ\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 981,30 Mb Total Physical Memory | 95,01 Mb Available Physical Memory | 9,68% Memory free 1,96 Gb Paging File | 0,83 Gb Available in Paging File | 42,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,79 Gb Total Space | 99,75 Gb Free Space | 42,85% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: SCHULZ-PC | User Name: SCHULZ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.23 17:41:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SCHULZ\Downloads\OTL.exe PRC - [2013.03.15 11:37:48 | 001,103,768 | ---- | M] (Spotify Ltd) -- C:\Users\SCHULZ\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013.03.10 23:39:50 | 000,297,336 | ---- | M] (Abine Inc.) -- C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPService.exe PRC - [2013.03.10 23:38:48 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2013.02.25 10:38:09 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.25 10:37:42 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.02.25 10:37:37 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.25 10:37:36 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.08 15:11:02 | 001,185,872 | ---- | M] (CallingID Ltd.) -- C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLight.exe PRC - [2010.07.28 16:38:22 | 000,140,624 | ---- | M] (AOL LLC.) -- c:\program files (x86)\winamp toolbar\WinampTbServer.exe PRC - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010.02.18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2008.05.27 18:35:30 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe PRC - [2007.08.03 12:51:18 | 001,422,632 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007.08.03 12:51:06 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe ========== Modules (No Company Name) ========== MOD - [2013.03.10 23:39:50 | 000,597,880 | ---- | M] () -- C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPContentFilter.dll MOD - [2013.03.10 23:39:50 | 000,227,192 | ---- | M] () -- C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPButton.dll MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2008.05.27 18:30:44 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO -viewer-\RawPictureLib.pcp MOD - [2007.03.13 11:28:36 | 000,823,296 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nero\Lib\log4cxx.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.03.14 12:23:24 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.09 22:57:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.25 10:38:09 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.25 10:37:42 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.02.25 10:37:37 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.08.25 21:28:16 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.25 10:38:26 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.25 10:38:25 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.25 10:38:25 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.18 10:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2009.09.23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.07.11 04:15:22 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT) DRV:64bit: - [2009.06.10 21:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.05.11 19:01:10 | 000,070,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV - [2012.08.25 21:28:14 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-187958593-3504502267-863823881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-187958593-3504502267-863823881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-187958593-3504502267-863823881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-187958593-3504502267-863823881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKU\S-1-5-21-187958593-3504502267-863823881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-187958593-3504502267-863823881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 6E 8A F8 CA B0 CB 01 [binary data] IE - HKU\S-1-5-21-187958593-3504502267-863823881-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-187958593-3504502267-863823881-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-187958593-3504502267-863823881-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-187958593-3504502267-863823881-1000\..\SearchScopes\{828FBB06-A0A3-492F-B42B-96E7857168B8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=0f56fcbb-058e-43a2-a5cf-e0d476a4828b&apn_sauid=06E8E2F1-5F42-488D-8C3D-C5F0522ECB0F IE - HKU\S-1-5-21-187958593-3504502267-863823881-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50ffwinamp&s_qt=sb&tb_uuid=20121116164110353&tb_oid=10-01-2011&tb_mrud=16-11-2012&query=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 22:57:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.09 22:57:40 | 000,000,000 | ---D | M] [2011.01.07 21:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SCHULZ\AppData\Roaming\mozilla\Extensions [2013.03.21 16:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SCHULZ\AppData\Roaming\mozilla\Firefox\Profiles\h90bnc07.default\extensions [2013.01.15 10:24:52 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\SCHULZ\AppData\Roaming\mozilla\Firefox\Profiles\h90bnc07.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013.02.24 11:09:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\SCHULZ\AppData\Roaming\mozilla\Firefox\Profiles\h90bnc07.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.07.19 10:18:05 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\SCHULZ\AppData\Roaming\mozilla\Firefox\Profiles\h90bnc07.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2013.03.20 19:29:13 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\SCHULZ\AppData\Roaming\mozilla\Firefox\Profiles\h90bnc07.default\extensions\toolbar@ask.com [2013.03.21 16:51:21 | 000,549,639 | ---- | M] () (No name found) -- C:\Users\SCHULZ\AppData\Roaming\mozilla\firefox\profiles\h90bnc07.default\extensions\toolbar@web.de.xpi [2012.12.14 22:38:58 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\SCHULZ\AppData\Roaming\mozilla\firefox\profiles\h90bnc07.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.03.21 16:51:23 | 000,001,050 | ---- | M] () -- C:\Users\SCHULZ\AppData\Roaming\mozilla\firefox\profiles\h90bnc07.default\searchplugins\11-suche.xml [2013.02.08 15:08:06 | 000,002,333 | ---- | M] () -- C:\Users\SCHULZ\AppData\Roaming\mozilla\firefox\profiles\h90bnc07.default\searchplugins\askcom.xml [2013.03.21 16:51:23 | 000,002,418 | ---- | M] () -- C:\Users\SCHULZ\AppData\Roaming\mozilla\firefox\profiles\h90bnc07.default\searchplugins\englische-ergebnisse.xml [2013.03.21 16:51:22 | 000,010,701 | ---- | M] () -- C:\Users\SCHULZ\AppData\Roaming\mozilla\firefox\profiles\h90bnc07.default\searchplugins\gmx-suche.xml [2013.03.21 16:51:23 | 000,002,432 | ---- | M] () -- C:\Users\SCHULZ\AppData\Roaming\mozilla\firefox\profiles\h90bnc07.default\searchplugins\lastminute.xml [2013.03.21 16:51:22 | 000,005,682 | ---- | M] () -- C:\Users\SCHULZ\AppData\Roaming\mozilla\firefox\profiles\h90bnc07.default\searchplugins\webde-suche.xml [2013.03.09 22:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.09 22:57:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.12.06 23:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.01.03 17:02:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.03 17:02:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.03 17:02:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.03 17:02:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.03 17:02:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.03 17:02:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: Google O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\S-1-5-21-187958593-3504502267-863823881-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-187958593-3504502267-863823881-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-187958593-3504502267-863823881-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-187958593-3504502267-863823881-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKU\S-1-5-21-187958593-3504502267-863823881-1000..\Run: [Spotify Web Helper] C:\Users\SCHULZ\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-187958593-3504502267-863823881-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\SCHULZ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\SCHULZ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.206 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{992D6657-7FF8-482E-A24E-AEC452801E1A}: DhcpNameServer = 80.69.100.206 192.168.0.1 O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{81952a6a-8f69-11e1-b91f-001999377c9b}\Shell - "" = AutoRun O33 - MountPoints2\{81952a6a-8f69-11e1-b91f-001999377c9b}\Shell\AutoRun\command - "" = E:\DPFMate.exe O33 - MountPoints2\{81952a6c-8f69-11e1-b91f-001999377c9b}\Shell - "" = AutoRun O33 - MountPoints2\{81952a6c-8f69-11e1-b91f-001999377c9b}\Shell\AutoRun\command - "" = E:\DPFMate.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.20 19:28:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.03.14 11:02:52 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.14 11:02:45 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.14 11:02:44 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.14 11:02:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.14 11:02:42 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.14 11:02:42 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.14 11:02:42 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.09 22:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.07 10:01:06 | 000,000,000 | ---D | C] -- C:\Users\SCHULZ\restore [2013.03.07 09:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp [2013.03.07 09:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\hps [2013.02.28 03:03:11 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.28 03:03:10 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.28 03:03:10 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.28 03:03:10 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.28 03:02:56 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.28 03:02:56 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.28 03:02:42 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 03:02:42 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 03:02:42 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 03:02:42 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 03:02:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 03:02:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 03:02:42 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 03:02:42 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 03:02:41 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.28 03:02:41 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.28 03:02:40 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.28 03:02:40 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.28 03:02:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 03:02:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 03:02:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 03:02:39 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.28 03:02:39 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 03:02:39 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 03:02:39 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 03:02:39 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 03:02:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 03:02:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 03:02:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 03:02:38 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.28 03:02:38 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.28 03:02:38 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.28 03:02:38 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.28 03:02:38 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.28 03:02:37 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.28 03:02:37 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.28 03:02:37 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.28 03:02:36 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.28 03:02:36 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.28 03:02:36 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.28 03:02:35 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.25 11:56:11 | 000,000,000 | ---D | C] -- C:\Users\SCHULZ\AppData\Local\DoNotTrackPlus [2013.02.25 11:56:01 | 000,000,000 | ---D | C] -- C:\Users\SCHULZ\AppData\Local\AskToolbar [2013.02.25 10:54:24 | 000,000,000 | ---D | C] -- C:\Users\SCHULZ\AppData\Roaming\Avira [2013.02.25 10:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.25 10:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2013.02.25 10:47:44 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.25 10:47:44 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.25 10:47:44 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.25 10:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.02.25 10:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.02.24 22:30:29 | 000,000,000 | ---D | C] -- C:\Users\SCHULZ\AppData\Local\{74CCAF74-8F5D-426C-A983-CCF52B5A981A} ========== Files - Modified Within 30 Days ========== [2013.03.23 17:42:20 | 000,019,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.23 17:42:20 | 000,019,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.23 17:34:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.23 17:34:18 | 771,723,264 | -HS- | M] () -- C:\hiberfil.sys [2013.03.23 17:31:31 | 000,001,125 | ---- | M] () -- C:\Users\SCHULZ\Desktop\Gmer.text - Verknüpfung.lnk [2013.03.23 17:23:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.23 16:45:13 | 000,000,000 | ---- | M] () -- C:\Users\SCHULZ\defogger_reenable [2013.03.16 16:38:21 | 000,616,498 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.16 16:38:21 | 000,580,736 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.16 16:38:21 | 000,122,242 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.16 16:38:21 | 000,098,632 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.14 12:23:24 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.14 12:23:24 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.07 06:58:33 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.28 14:57:18 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.28 14:57:09 | 000,735,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.28 14:57:09 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.28 14:57:07 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.28 14:37:20 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.28 14:37:08 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.28 14:37:03 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.25 10:48:49 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.25 10:38:26 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.25 10:38:25 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.25 10:38:25 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2013.03.23 17:31:31 | 000,001,125 | ---- | C] () -- C:\Users\SCHULZ\Desktop\Gmer.text - Verknüpfung.lnk [2013.03.23 16:45:13 | 000,000,000 | ---- | C] () -- C:\Users\SCHULZ\defogger_reenable [2013.02.25 10:48:49 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.07.13 14:50:32 | 000,001,459 | ---- | C] () -- C:\Users\SCHULZ\AppData\Local\recently-used.xbel [2011.06.14 14:03:00 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.04.28 09:08:40 | 000,000,202 | ---- | C] () -- C:\Windows\PhEdit.INI [2011.04.28 08:24:38 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011.04.28 08:24:38 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011.04.28 08:24:38 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011.04.28 08:24:38 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011.04.28 08:24:38 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011.04.28 08:24:38 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011.04.28 08:24:38 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011.04.28 08:24:38 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011.04.28 08:24:38 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011.04.28 08:24:38 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011.04.28 08:24:38 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011.04.28 08:24:38 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011.04.28 08:24:38 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011.04.28 08:24:38 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011.04.28 08:24:38 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011.04.28 08:24:38 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011.04.28 08:24:38 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011.04.28 08:24:38 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011.04.28 08:24:38 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2010.12.22 21:13:49 | 000,007,605 | ---- | C] () -- C:\Users\SCHULZ\AppData\Local\Resmon.ResmonCfg [2010.12.22 16:24:34 | 059,398,824 | ---- | C] () -- C:\Users\SCHULZ\avira_antivir_personal_de609.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [2013.03.23 17:34:31 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini [2013.03.23 17:34:31 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\$Recycle.Bin\S-1-5-18\$89d1fa7b4a0614b82e0fe5b05504a13b\n -- File not found "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
23.03.2013, 18:07
| #8 | |
| /// TB-Ausbilder | TR/ATRAPS.Gen2 - Fehlermeldung erscheint ständig und kann nicht behoben werden Hallo Andrea, dann so weiter: Schritt 1 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 2 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
23.03.2013, 18:11
| #9 |
| | TR/ATRAPS.Gen2 - Fehlermeldung erscheint ständig und kann nicht behoben werden Was bedeutet ZA im LSP? |
|
23.03.2013, 18:14
| #10 |
| /// TB-Ausbilder | TR/ATRAPS.Gen2 - Fehlermeldung erscheint ständig und kann nicht behoben werden Es ist die Infektion zu sehen, welche du dir eingefangen hast (ZeroAccess-Rootkit). Mach einfach mit obigen Schritten weiter, danach schauen wir, ob es entfernt werden konnte.
__________________ cheers, Leo |
|
23.03.2013, 18:19
| #11 |
| | TR/ATRAPS.Gen2 - Fehlermeldung erscheint ständig und kann nicht behoben werden AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 23/03/2013 um 18:15:04 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : SCHULZ - SCHULZ-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\SCHULZ\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\SCHULZ\AppData\Roaming\Mozilla\Firefox\Profiles\h90bnc07.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\SCHULZ\AppData\Roaming\Mozilla\Firefox\Profiles\h90bnc07.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\Program Files (x86)\Winamp Toolbar
Ordner Gelöscht : C:\ProgramData\Winamp Toolbar
Ordner Gelöscht : C:\Users\SCHULZ\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\SCHULZ\AppData\Local\Winamp Toolbar
Ordner Gelöscht : C:\Users\SCHULZ\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\SCHULZ\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\SCHULZ\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\SCHULZ\AppData\Roaming\Mozilla\Firefox\Profiles\h90bnc07.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
Ordner Gelöscht : C:\Users\SCHULZ\AppData\Roaming\Mozilla\Firefox\Profiles\h90bnc07.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Users\SCHULZ\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Winamp Toolbar
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://toolbar.aol.com/browserpages/newtab-winamp-ie-en-us.html --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\SCHULZ\AppData\Roaming\Mozilla\Firefox\Profiles\h90bnc07.default\prefs.js
Gelöscht : user_pref("aol_toolbar.surf.date", "3");
Gelöscht : user_pref("aol_toolbar.surf.lastDate", "16");
Gelöscht : user_pref("aol_toolbar.surf.lastMonth", "10");
Gelöscht : user_pref("aol_toolbar.surf.lastYear", "2012");
Gelöscht : user_pref("aol_toolbar.surf.month", "3");
Gelöscht : user_pref("aol_toolbar.surf.prevMonth", "0");
Gelöscht : user_pref("aol_toolbar.surf.total", "3");
Gelöscht : user_pref("aol_toolbar.surf.week", "3");
Gelöscht : user_pref("aol_toolbar.surf.year", "3");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.winamp.com/search/search?query={searchTerms}&i[...]
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://slirsredirect.search.aol.com/redirecto[...]
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\SCHULZ\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [15482 octets] - [23/03/2013 18:15:04]
########## EOF - C:\AdwCleaner[S1].txt - [15543 octets] ##########
|
|
23.03.2013, 18:44
| #12 |
| /// TB-Ausbilder | TR/ATRAPS.Gen2 - Fehlermeldung erscheint ständig und kann nicht behoben werden Ok, noch Combofix und OTL. (Poste bitte jeweils alle Logs auf ein Mal, sonst bekomm ich keine Benachrichtigung mehr, wenn sie einzeln postest.)
__________________ cheers, Leo |
|
23.03.2013, 18:47
| #13 |
| | TR/ATRAPS.Gen2 - Fehlermeldung erscheint ständig und kann nicht behoben werden Combofix Logfile: Code:
ATTFilter ComboFix 13-03-21.02 - SCHULZ 23.03.2013 18:27:02.1.1 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.981.204 [GMT 1:00]
ausgeführt von:: c:\users\SCHULZ\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\SCHULZ\avira_antivir_personal_de609.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-23 bis 2013-03-23 ))))))))))))))))))))))))))))))
.
.
2013-03-22 12:12 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C149D8C0-012C-4983-B294-DB19832F12DD}\mpengine.dll
2013-03-14 10:03 . 2013-02-28 13:57 9061376 ----a-w- c:\windows\system32\mshtml.dll
2013-03-07 09:01 . 2013-03-07 09:01 -------- d-----w- c:\users\SCHULZ\restore
2013-03-07 08:58 . 2013-03-07 09:50 -------- d-----w- c:\programdata\tmp
2013-03-07 08:58 . 2013-03-07 09:51 -------- d-----w- c:\programdata\hps
2013-02-28 02:03 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-02-28 02:03 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-02-28 02:03 . 2013-01-13 19:24 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-02-28 02:03 . 2013-01-04 06:11 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-02-25 10:56 . 2013-03-23 13:06 -------- d-----w- c:\users\SCHULZ\AppData\Local\DoNotTrackPlus
2013-02-25 09:54 . 2013-02-25 09:54 -------- d-----w- c:\users\SCHULZ\AppData\Roaming\Avira
2013-02-25 09:47 . 2013-02-25 09:38 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-02-25 09:47 . 2013-02-25 09:38 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-02-25 09:47 . 2013-02-25 09:38 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-02-25 09:47 . 2013-02-25 09:48 -------- d-----w- c:\programdata\Avira
2013-02-25 09:47 . 2013-02-25 09:47 -------- d-----w- c:\program files (x86)\Avira
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 22:30 . 2010-12-22 15:35 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-14 11:23 . 2012-07-19 16:33 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-14 11:23 . 2012-07-19 16:33 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-12 05:45 . 2013-03-14 10:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 10:02 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 10:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 10:02 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 10:02 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 10:02 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28 . 2010-12-22 15:28 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-13 17:33 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 17:33 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 17:33 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 17:30 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 17:30 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 17:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 17:31 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 17:30 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 17:30 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 17:30 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 17:30 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 17:30 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 17:30 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-08-25 765200]
"Spotify Web Helper"="c:\users\SCHULZ\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-03-15 1103768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-25 385248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO -viewer-.lnk - c:\program files (x86)\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2011-4-28 40960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-02-25 27800]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-25 86752]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-02-25 565472]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-07-11 11576]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2007-05-11 70424]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 11:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Free YouTube to MP3 Converter - c:\users\SCHULZ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 80.69.100.206 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\SCHULZ\AppData\Roaming\Mozilla\Firefox\Profiles\h90bnc07.default\
FF - prefs.js: browser.startup.homepage - Google
FF - ExtSQL: 2013-02-25 10:48; toolbar@ask.com; c:\users\SCHULZ\AppData\Roaming\Mozilla\Firefox\Profiles\h90bnc07.default\extensions\toolbar@ask.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-23 18:42:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-03-23 17:42
.
Vor Suchlauf: 9 Verzeichnis(se), 106.923.642.880 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 106.663.976.960 Bytes frei
.
- - End Of File - - A74BB9E2FF2550C987B4F3F48DC4C2BA
OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.03.2013 18:51:39 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SCHULZ\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 981,30 Mb Total Physical Memory | 183,30 Mb Available Physical Memory | 18,68% Memory free 1,96 Gb Paging File | 0,89 Gb Available in Paging File | 45,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,79 Gb Total Space | 99,42 Gb Free Space | 42,71% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: SCHULZ-PC | User Name: SCHULZ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.23 17:41:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SCHULZ\Downloads\OTL.exe PRC - [2013.03.15 11:37:48 | 001,103,768 | ---- | M] (Spotify Ltd) -- C:\Users\SCHULZ\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013.02.25 10:38:09 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.25 10:37:42 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.02.25 10:37:37 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.25 10:37:36 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2007.08.03 12:51:18 | 001,422,632 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007.08.03 12:51:06 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe ========== Modules (No Company Name) ========== MOD - [2007.03.13 11:28:36 | 000,823,296 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nero\Lib\log4cxx.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.03.14 12:23:24 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.09 22:57:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.25 10:38:09 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.25 10:37:42 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.02.25 10:37:37 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.08.25 21:28:16 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.25 10:38:26 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.25 10:38:25 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.25 10:38:25 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.18 10:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2009.09.23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.07.11 04:15:22 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT) DRV:64bit: - [2009.06.10 21:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.05.11 19:01:10 | 000,070,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV - [2012.08.25 21:28:14 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-187958593-3504502267-863823881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-187958593-3504502267-863823881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-187958593-3504502267-863823881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 6E 8A F8 CA B0 CB 01 [binary data] IE - HKU\S-1-5-21-187958593-3504502267-863823881-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-187958593-3504502267-863823881-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-187958593-3504502267-863823881-1000\..\SearchScopes\{828FBB06-A0A3-492F-B42B-96E7857168B8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=0f56fcbb-058e-43a2-a5cf-e0d476a4828b&apn_sauid=06E8E2F1-5F42-488D-8C3D-C5F0522ECB0F IE - HKU\S-1-5-21-187958593-3504502267-863823881-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 22:57:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.09 22:57:40 | 000,000,000 | ---D | M] [2011.01.07 21:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SCHULZ\AppData\Roaming\mozilla\Extensions [2013.03.23 18:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SCHULZ\AppData\Roaming\mozilla\Firefox\Profiles\h90bnc07.default\extensions [2013.01.15 10:24:52 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\SCHULZ\AppData\Roaming\mozilla\Firefox\Profiles\h90bnc07.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013.02.24 11:09:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\SCHULZ\AppData\Roaming\mozilla\Firefox\Profiles\h90bnc07.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.03.21 16:51:21 | 000,549,639 | ---- | M] () (No name found) -- C:\Users\SCHULZ\AppData\Roaming\mozilla\firefox\profiles\h90bnc07.default\extensions\toolbar@web.de.xpi [2012.12.14 22:38:58 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\SCHULZ\AppData\Roaming\mozilla\firefox\profiles\h90bnc07.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.03.21 16:51:23 | 000,002,418 | ---- | M] () -- C:\Users\SCHULZ\AppData\Roaming\mozilla\firefox\profiles\h90bnc07.default\searchplugins\englische-ergebnisse.xml [2013.03.21 16:51:22 | 000,010,701 | ---- | M] () -- C:\Users\SCHULZ\AppData\Roaming\mozilla\firefox\profiles\h90bnc07.default\searchplugins\gmx-suche.xml [2013.03.21 16:51:23 | 000,002,432 | ---- | M] () -- C:\Users\SCHULZ\AppData\Roaming\mozilla\firefox\profiles\h90bnc07.default\searchplugins\lastminute.xml [2013.03.21 16:51:22 | 000,005,682 | ---- | M] () -- C:\Users\SCHULZ\AppData\Roaming\mozilla\firefox\profiles\h90bnc07.default\searchplugins\webde-suche.xml [2013.03.09 22:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.09 22:57:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.12.06 23:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.01.03 17:02:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.03 17:02:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.03 17:02:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.03 17:02:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.03 17:02:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.03 17:02:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: Google O1 HOSTS File: ([2013.03.23 18:35:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-21-187958593-3504502267-863823881-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-187958593-3504502267-863823881-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKU\S-1-5-21-187958593-3504502267-863823881-1000..\Run: [Spotify Web Helper] C:\Users\SCHULZ\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-187958593-3504502267-863823881-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-187958593-3504502267-863823881-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-187958593-3504502267-863823881-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\SCHULZ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\SCHULZ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.206 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{992D6657-7FF8-482E-A24E-AEC452801E1A}: DhcpNameServer = 80.69.100.206 192.168.0.1 O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.23 18:42:43 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.23 18:35:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.03.23 18:22:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.23 18:22:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.23 18:22:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.23 18:21:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.23 18:20:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.20 19:28:50 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.03.09 22:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.07 10:01:06 | 000,000,000 | ---D | C] -- C:\Users\SCHULZ\restore [2013.03.07 09:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp [2013.03.07 09:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\hps [2013.02.25 11:56:11 | 000,000,000 | ---D | C] -- C:\Users\SCHULZ\AppData\Local\DoNotTrackPlus [2013.02.25 10:54:24 | 000,000,000 | ---D | C] -- C:\Users\SCHULZ\AppData\Roaming\Avira [2013.02.25 10:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.25 10:47:44 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.25 10:47:44 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.25 10:47:44 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.25 10:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.02.25 10:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.02.24 22:30:29 | 000,000,000 | ---D | C] -- C:\Users\SCHULZ\AppData\Local\{74CCAF74-8F5D-426C-A983-CCF52B5A981A} ========== Files - Modified Within 30 Days ========== [2013.03.23 18:49:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.23 18:49:26 | 771,723,264 | -HS- | M] () -- C:\hiberfil.sys [2013.03.23 18:48:36 | 000,019,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.23 18:48:36 | 000,019,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.23 18:35:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.23 18:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.23 17:31:31 | 000,001,125 | ---- | M] () -- C:\Users\SCHULZ\Desktop\Gmer.text - Verknüpfung.lnk [2013.03.23 16:45:13 | 000,000,000 | ---- | M] () -- C:\Users\SCHULZ\defogger_reenable [2013.03.16 16:38:21 | 000,616,498 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.16 16:38:21 | 000,580,736 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.16 16:38:21 | 000,122,242 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.16 16:38:21 | 000,098,632 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.07 06:58:33 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.25 10:48:49 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.25 10:38:26 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.25 10:38:25 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.25 10:38:25 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2013.03.23 18:22:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.23 18:22:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.23 18:22:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.23 18:22:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.23 18:22:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.23 17:31:31 | 000,001,125 | ---- | C] () -- C:\Users\SCHULZ\Desktop\Gmer.text - Verknüpfung.lnk [2013.03.23 16:45:13 | 000,000,000 | ---- | C] () -- C:\Users\SCHULZ\defogger_reenable [2013.02.25 10:48:49 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.07.13 14:50:32 | 000,001,459 | ---- | C] () -- C:\Users\SCHULZ\AppData\Local\recently-used.xbel [2011.06.14 14:03:00 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.04.28 09:08:40 | 000,000,202 | ---- | C] () -- C:\Windows\PhEdit.INI [2011.04.28 08:24:38 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011.04.28 08:24:38 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011.04.28 08:24:38 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011.04.28 08:24:38 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011.04.28 08:24:38 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011.04.28 08:24:38 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011.04.28 08:24:38 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011.04.28 08:24:38 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011.04.28 08:24:38 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011.04.28 08:24:38 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011.04.28 08:24:38 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011.04.28 08:24:38 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011.04.28 08:24:38 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011.04.28 08:24:38 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011.04.28 08:24:38 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011.04.28 08:24:38 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011.04.28 08:24:38 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011.04.28 08:24:38 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011.04.28 08:24:38 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2010.12.22 21:13:49 | 000,007,605 | ---- | C] () -- C:\Users\SCHULZ\AppData\Local\Resmon.ResmonCfg ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.06.26 18:01:54 | 000,000,000 | ---D | M] -- C:\Users\SCHULZ\AppData\Roaming\DVDVideoSoft [2011.08.29 08:09:28 | 000,000,000 | ---D | M] -- C:\Users\SCHULZ\AppData\Roaming\elsterformular [2013.02.01 10:07:01 | 000,000,000 | ---D | M] -- C:\Users\SCHULZ\AppData\Roaming\Garmin [2012.09.27 10:21:53 | 000,000,000 | ---D | M] -- C:\Users\SCHULZ\AppData\Roaming\Kazaa Lite [2010.12.28 22:16:06 | 000,000,000 | ---D | M] -- C:\Users\SCHULZ\AppData\Roaming\OpenOffice.org [2011.04.28 08:41:00 | 000,000,000 | ---D | M] -- C:\Users\SCHULZ\AppData\Roaming\Panasonic [2013.03.22 22:07:52 | 000,000,000 | ---D | M] -- C:\Users\SCHULZ\AppData\Roaming\Spotify [2010.12.22 23:05:00 | 000,000,000 | ---D | M] -- C:\Users\SCHULZ\AppData\Roaming\TeamViewer [2012.06.26 18:03:10 | 000,000,000 | ---D | M] -- C:\Users\SCHULZ\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Sorry, hab es erst jetzt gelesen mit dem posten :-( Die Fehlermeldung erscheint nun nicht mehr. Bedeutet das, dass der Trojaner weg ist? LG Andrea |
|
23.03.2013, 19:09
| #14 |
| /// TB-Ausbilder | TR/ATRAPS.Gen2 - Fehlermeldung erscheint ständig und kann nicht behoben werden Gut, dann noch eine Kontrolle mit MBAR. Schritt 1 Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinen Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers. Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
23.03.2013, 19:16
| #15 |
| | TR/ATRAPS.Gen2 - Fehlermeldung erscheint ständig und kann nicht behoben werden Sorry, hab es erst jetzt gelesen mit dem posten :-( Die Fehlermeldung erscheint nun nicht mehr. Bedeutet das, dass der Trojaner weg ist? LG Andrea Ich kann die Installation nicht ausführen da mir die Datei QtGui4.dll auf dem Computer fehlt Problem gelöst. Ich musste den Ordner extrahieren. Bin leider kein PC Fachmann :-) Vielen Dank für Deine Hilfe Leo!!! Ich werde Euch weiter empfehlen ;-) |
|
| Themen zu TR/ATRAPS.Gen2 - Fehlermeldung erscheint ständig und kann nicht behoben werden |
| $recycle.bin, avira, bereits, datei, ebanking, entferne, erschein, erscheint, fehlermeldung, gefunde, gestern, hallo zusammen, nutze, onlinebanking, programm, recycle.bin, scan, scanner, threat, tr/atraps.gen, unerwünschtes, unerwünschtes programm, virenscan, virenscanner, virus, zugriff, zusammen |
Linear-Darstellung
