Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Deutsche Bank als Startseite+ nicht funktionierendes Antivirenprogramm (https://www.trojaner-board.de/130866-deutsche-bank-startseite-funktionierendes-antivirenprogramm.html)

SuperDau 09.02.2013 20:25
Deutsche Bank als Startseite+ nicht funktionierendes Antivirenprogramm
 
Hallo Zusammen,

ich habe ein kleines Problem mit meinem Computer. Vorab bitte ich mir zu verzeihen, dass mein Fachvokabular sowie meine Computerkenntnisse sehr begrenzt sind!
Nun zu meinem Problem und zwar ändert sich die Startseite meines Firefoxbrowsers selbstständig auf die Seite der Deutschen Bank, egal wie oft ich das manuel zu ändern versuche. Zusätzlich funktioniert mein Antivierenprogramm (Avira) auch nicht richtig. Es macht keine Updates mehr.
Ich habe versuch das Probelm zu googeln. Habe auch Lösungsvorschläge gefunden. Zum Beispiel habe ich mir Spyware Terminator 2012 und Malewarebytes Anti-Maleware runtergelasen und durchlaufen lassen. Das Spyware Programm hatte auch etwas gefunden und entfernt. Jedoch blieben die Problem bestehen.
Ebenfalls versuchte ich mir einfach eine aktuellere Version des Avira Programmes herunter zu laden, jedoch brachte dies auch das ehr wenig/nichts.

Könnte mir jemand sagen, was ich noch tuen kann?

cosinus 11.02.2013 12:31
Hallo und :hallo:

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

SuperDau 12.02.2013 19:59
Danke !

Extras.Txt
Code:
OTL Extras logfile created on: 12.02.2013 19:28:27 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\horst\Desktop
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,30 Mb Total Physical Memory | 172,86 Mb Available Physical Memory | 17,06% Memory free
1,99 Gb Paging File | 0,59 Gb Available in Paging File | 29,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 85,00 Gb Total Space | 44,66 Gb Free Space | 52,54% Space Free | Partition Type: NTFS
Drive D: | 127,79 Gb Total Space | 11,74 Gb Free Space | 9,18% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 6,85 Gb Free Space | 91,90% Space Free | Partition Type: FAT32
 
Computer Name: HORST-PC | User Name: horst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3657556864-2306374585-1095554477-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0957231D-F60D-4E7E-A75D-5A56E75742F8}" = lport=139 | protocol=6 | dir=in | app=system |
"{1573F8FE-39C2-461B-8319-43C83BB45D2D}" = rport=445 | protocol=6 | dir=out | app=system |
"{1C754694-E1C9-41CC-AE0E-64A537828D83}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36304AB2-C641-4B10-A2B5-7C1B44770123}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C641FD7-19B5-4290-A7C5-E91CE0452B17}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57C15920-5E11-4A50-9A96-4D6277A91F7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{601E9C1A-7B38-400A-90F3-B3B96F83931C}" = lport=445 | protocol=6 | dir=in | app=system |
"{604896CF-2E1C-40F8-8AAD-C15BB41D5C1A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{66E0B4E9-9E85-4149-A511-1BDBB4F3F0F2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{67EFA992-7FA2-4244-B000-A617D7227419}" = lport=138 | protocol=17 | dir=in | app=system |
"{6D944BA5-4E91-427D-8D2E-EF4D2818EFED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7CEF722B-9F7A-40CB-9AA1-C5251141F628}" = rport=139 | protocol=6 | dir=out | app=system |
"{853D0CA6-C38D-4862-AD40-37601C7BD5D2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AD339190-6A01-439D-920A-E2627F73DD06}" = rport=137 | protocol=17 | dir=out | app=system |
"{BD2D1E97-82E9-4630-8E6E-94902C045893}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D390FA54-6EED-4540-97CF-15D04DB4FDD5}" = lport=137 | protocol=17 | dir=in | app=system |
"{E328FB76-710B-458F-9573-D37816D2C681}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E490AD2C-8C0D-4BE6-9F9F-6BB5210C0B87}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EB27144A-727E-443E-8CAA-184A468A3D57}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ED4B2A71-A481-4B08-851F-C1E0C6B4282A}" = rport=138 | protocol=17 | dir=out | app=system |
"{F532DC3A-1EA2-4506-9B1A-DD7198DE6C63}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FA71B36E-2B51-4297-8667-10F56D47AC88}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10D45F0C-8D7C-4E09-BF86-519C2436E141}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{29B52817-2576-4F8D-BEEF-90076A960788}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{29DFEE21-6114-4710-88AF-5B3A137DAC69}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{4D5D957C-16DB-45E4-B9B8-1F7B6CE27904}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{77279607-8F9C-484F-8017-C5DC9182F8AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9A25BA2C-DE91-4C8B-A942-89D4A9E55989}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{A41E2F07-3FCC-473D-9DC4-CEBCEC3314D6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C27F1DE7-B788-4785-BA86-FC3D30FD1EF0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CCFF7EF1-9810-46A4-9D5D-81CCD0AD6E4A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E4241274-52E5-4BD9-AF86-7EBCDE2C3C91}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E6521CE7-1B8E-4314-B3DD-E9B32D7CAC38}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E94B521F-5D95-428E-84EC-98A8A678325F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FB2666FB-539A-4F8A-B886-291824107E2D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{749BDD29-D756-4B9B-8022-3E666A24C13F}" = Samsung Support Center
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F771F1D4-EDD4-4D68-82DC-811583C099CD}" = Easy Network Manager
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"ACDLabs in C__Program_Files_ACDFREE12_" = ACD/Labs Software in C:\Program Files\ACDFREE12\
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CToolbar_UNINSTALL" = Web Security Guard with Crawler Toolbar
"Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Security Task Manager" = Security Task Manager 1.8d
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3657556864-2306374585-1095554477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.02.2013 11:32:00 | Computer Name = horst-PC | Source = RasClient | ID = 20227
Description =
 
Error - 01.02.2013 11:32:34 | Computer Name = horst-PC | Source = RasClient | ID = 20227
Description =
 
Error - 01.02.2013 11:32:56 | Computer Name = horst-PC | Source = RasClient | ID = 20227
Description =
 
Error - 01.02.2013 19:37:24 | Computer Name = horst-PC | Source = RasClient | ID = 20227
Description =
 
Error - 01.02.2013 19:37:56 | Computer Name = horst-PC | Source = RasClient | ID = 20227
Description =
 
Error - 01.02.2013 19:38:26 | Computer Name = horst-PC | Source = RasClient | ID = 20227
Description =
 
Error - 01.02.2013 19:38:56 | Computer Name = horst-PC | Source = RasClient | ID = 20227
Description =
 
Error - 03.02.2013 03:33:11 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mpam-4698867e.exe, Version: 1.143.1436.0,
 Zeitstempel: 0x4acadacd  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00017176  ID des fehlerhaften
 Prozesses: 0x980  Startzeit der fehlerhaften Anwendung: 0x01ce01e0b5e9da66  Pfad der
 fehlerhaften Anwendung: C:\Users\horst\AppData\Local\Temp\mpam-4698867e.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: f5ed365d-6dd3-11e2-8e19-001bb1133d6f
 
Error - 03.02.2013 03:38:36 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mpam-6566731b.exe, Version: 1.143.1436.0,
 Zeitstempel: 0x4acadacd  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00017176  ID des fehlerhaften
 Prozesses: 0xd20  Startzeit der fehlerhaften Anwendung: 0x01ce01e1760a3315  Pfad der
 fehlerhaften Anwendung: C:\Users\horst\AppData\Local\Temp\mpam-6566731b.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: b794fa67-6dd4-11e2-8e19-001bb1133d6f
 
Error - 03.02.2013 03:43:55 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mpam-9ef3dca0.exe, Version: 1.143.1436.0,
 Zeitstempel: 0x4acadacd  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00017176  ID des fehlerhaften
 Prozesses: 0x1034  Startzeit der fehlerhaften Anwendung: 0x01ce01e23618da29  Pfad der
 fehlerhaften Anwendung: C:\Users\horst\AppData\Local\Temp\mpam-9ef3dca0.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 75e8e189-6dd5-11e2-8e19-001bb1133d6f
 
[ System Events ]
Error - 25.01.2013 00:59:46 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
Error - 25.01.2013 11:32:03 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 25.01.2013 22:05:38 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 26.01.2013 03:43:30 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Norton Online Backup" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%2
 
Error - 26.01.2013 03:43:33 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  cdrom
 
Error - 26.01.2013 05:52:11 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 27.01.2013 14:28:08 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Norton Online Backup" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%2
 
Error - 27.01.2013 14:28:12 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  cdrom
 
Error - 28.01.2013 15:29:02 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 29.01.2013 00:59:42 | Computer Name = horst-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
 
< End of report >

OTL.Txt
Code:
OTL logfile created on: 12.02.2013 19:28:27 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\horst\Desktop
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,30 Mb Total Physical Memory | 172,86 Mb Available Physical Memory | 17,06% Memory free
1,99 Gb Paging File | 0,59 Gb Available in Paging File | 29,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 85,00 Gb Total Space | 44,66 Gb Free Space | 52,54% Space Free | Partition Type: NTFS
Drive D: | 127,79 Gb Total Space | 11,74 Gb Free Space | 9,18% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 6,85 Gb Free Space | 91,90% Space Free | Partition Type: FAT32
 
Computer Name: HORST-PC | User Name: horst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\horst\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Spyware Terminator\st_rsser.exe (Crawler.com)
PRC - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
PRC - C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\SFB\SmartRestarter.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\AnyPC Client\APLanMgrC.exe (DoctorSoft)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (NOBU) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe service File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (ST2012_Svc) -- C:\Program Files\Spyware Terminator\st_rsser.exe (Crawler.com)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747
IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com)
IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60747
IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\SearchScopes\{F29DC7DC-0E2F-4851-A203-951AB9017CB0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=9bc7ef2c-6390-4566-92d5-3ab3c80b7123&apn_sauid=4A4B7705-C8AC-456E-AE9B-06825D318C74
IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://deutsche-bank.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=9bc7ef2c-6390-4566-92d5-3ab3c80b7123&apn_ptnrs=%5EAGS&apn_sauid=4A4B7705-C8AC-456E-AE9B-06825D318C74&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
 
FF - user.js..browser.startup.homepage: "hxxp://deutsche-bank.de"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2013.02.04 19:00:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.10 22:32:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.10 22:32:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.06.21 20:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\Extensions
[2013.02.03 09:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\Firefox\Profiles\ik6ww1g4.default\extensions
[2013.02.03 09:11:28 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\horst\AppData\Roaming\mozilla\Firefox\Profiles\ik6ww1g4.default\extensions\toolbar@ask.com
[2013.01.31 18:52:25 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\ik6ww1g4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.03 09:11:28 | 000,002,344 | ---- | M] () -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\ik6ww1g4.default\searchplugins\askcom.xml
[2013.02.10 22:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013.02.10 22:32:46 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.24 21:46:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8887E514-3C3B-4C11-A12C-0AF78DF05D82}: DhcpNameServer = 80.69.103.78 80.69.100.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1C56BD0-7CFA-4BA8-8183-FA4269AF4094}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{41d4fefa-3204-11e2-b4e7-001bb1133d6f}\Shell - "" = AutoRun
O33 - MountPoints2\{41d4fefa-3204-11e2-b4e7-001bb1133d6f}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{41d4ff18-3204-11e2-b4e7-001bb1133d6f}\Shell - "" = AutoRun
O33 - MountPoints2\{41d4ff18-3204-11e2-b4e7-001bb1133d6f}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{41d5003d-3204-11e2-b4e7-001e101f1d99}\Shell - "" = AutoRun
O33 - MountPoints2\{41d5003d-3204-11e2-b4e7-001e101f1d99}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.12 19:12:47 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\TeamViewer
[2013.02.12 19:10:32 | 003,878,360 | ---- | C] (TeamViewer) -- C:\Users\horst\Desktop\TeamViewerQS_de.exe
[2013.02.12 18:59:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\horst\Desktop\OTL.exe
[2013.02.10 22:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.02.09 23:27:49 | 000,000,000 | ---D | C] -- C:\Users\horst\Desktop\Justified.Season 3.HDTV.XviD-ASAP
[2013.02.09 23:27:34 | 000,000,000 | ---D | C] -- C:\Users\horst\Desktop\Season 2
[2013.02.04 21:13:48 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Local\Programs
[2013.02.04 21:12:26 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\horst\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.04 18:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
[2013.02.04 18:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2013.02.04 18:58:51 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Spyware Terminator
[2013.02.04 18:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2013.02.04 18:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2013.02.04 18:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2013.02.04 18:53:43 | 000,937,224 | ---- | C] (Crawler.com                                                ) -- C:\Users\horst\Desktop\SpywareTerminator30074Setup.exe
[2013.02.03 09:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.03 09:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2013.02.03 08:55:39 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Avira
[2013.02.03 08:49:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2013.02.03 08:48:59 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2013.02.03 08:48:59 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2013.02.03 08:48:59 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2013.02.03 08:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.03 08:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.01.20 09:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox.bak
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.12 19:11:21 | 003,878,360 | ---- | M] (TeamViewer) -- C:\Users\horst\Desktop\TeamViewerQS_de.exe
[2013.02.12 19:00:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\horst\Desktop\OTL.exe
[2013.02.12 18:46:04 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.02.12 17:35:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.02.09 19:47:19 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013.02.09 19:47:19 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013.02.09 19:16:53 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.09 19:16:53 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.09 19:05:16 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.04 21:14:27 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.04 21:13:31 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\horst\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.04 18:58:44 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013.02.04 18:54:21 | 000,937,224 | ---- | M] (Crawler.com                                                ) -- C:\Users\horst\Desktop\SpywareTerminator30074Setup.exe
[2013.02.03 09:11:32 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.03 08:36:50 | 105,661,272 | ---- | M] () -- C:\Users\horst\Desktop\avira_free_antivirus_2890de.exe
[2013.02.02 19:17:31 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013.02.02 19:17:31 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013.02.02 19:17:31 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013.02.02 19:17:31 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013.02.04 21:14:27 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.04 18:58:54 | 000,032,768 | ---- | C] () -- C:\windows\System32\drivers\sp_rsdrv2.sys
[2013.02.04 18:58:44 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013.02.03 08:49:43 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.03 08:35:47 | 105,661,272 | ---- | C] () -- C:\Users\horst\Desktop\avira_free_antivirus_2890de.exe
[2012.09.26 14:47:54 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.07.17 01:01:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012.06.21 19:50:33 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.06.27 06:20:41 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Advanced Chemistry Development
[2012.12.17 20:59:32 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\ALDITALKVerbindungsassistent
[2012.11.07 19:21:19 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Kifi
[2013.02.03 08:48:21 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Lore
[2012.06.25 16:31:26 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\OpenOffice.org
[2013.02.04 18:58:51 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Spyware Terminator
[2013.02.12 19:12:47 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\TeamViewer
[2013.02.03 08:57:25 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Vycugu
 
========== Purity Check ==========
 
 

< End of report >

cosinus 13.02.2013 10:50
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

SuperDau 13.02.2013 18:54
Tut mir leid, ich wusste das diese Programme auch sowas haben...
Bei Avira funktioniert das Exportieren nicht und Spyware Terminator gibt es sowas anscheinen nicht ( also ich habs nicht gefunden) :confused:

:dankeschoen:

Code:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.04.08

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
horst :: HORST-PC [Administrator]

Schutz: Aktiviert

04.02.2013 21:22:03
mbam-log-2013-02-04 (21-22-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 324606
Laufzeit: 20 Stunde(n), 2 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 14.02.2013 10:45
Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

SuperDau 16.02.2013 06:57
Hallo,
habe nun die beiden Scans durchgeführt. Mbar hatte nichts gefunden. :confused:

Hier zuerst die Log-Datei von Gmer.

Code:
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-15 16:41:12
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.PB2O 232,89GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\horst\AppData\Local\Temp\fgloipoc.sys


---- Processes - GMER 2.0 ----

Process  hidden process (*** hidden *** )                                                                4632 

---- Registry - GMER 2.0 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb1133d6f                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313ab68e9                     
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb1133d6f (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313ab68e9 (not active ControlSet) 

---- EOF - GMER 2.0 ----

Und hier die von Mbar.

Code:
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.15.09

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
horst :: HORST-PC [administrator]

16.02.2013 00:30:33
mbar-log-2013-02-16 (00-30-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27232
Time elapsed: 23 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)
Nochmals danke für deine Mühe!

cosinus 16.02.2013 18:20
aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

SuperDau 19.02.2013 19:38
Hallo,
tut mir leid, dass ich so lange für die Antwort gebraucht habe!

Als Erstes ist hier die Log-Datei von aswMBR.

Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-19 18:40:26
-----------------------------
18:40:26.605    OS Version: Windows 6.1.7600
18:40:26.605    Number of processors: 2 586 0x1C0A
18:40:26.613    ComputerName: HORST-PC  UserName: horst
18:40:27.547    Initialize success
18:43:05.376    AVAST engine defs: 13021900
18:43:34.184    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:43:34.195    Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
18:43:34.230    Disk 0 MBR read successfully
18:43:34.241    Disk 0 MBR scan
18:43:34.500    Disk 0 unknown MBR code
18:43:34.549    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        20480 MB offset 2048
18:43:34.636    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 41945088
18:43:34.699    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        87040 MB offset 42149888
18:43:34.749    Disk 0 Partition - 00    0F Extended LBA            130853 MB offset 220407808
18:43:34.788    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      130852 MB offset 220409856
18:43:34.897    Disk 0 scanning sectors +488394752
18:43:35.088    Disk 0 scanning C:\windows\system32\drivers
18:44:33.158    Service scanning
18:46:32.056    Modules scanning
18:46:56.206    Disk 0 trace - called modules:
18:46:56.231    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
18:46:56.234    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c664d0]
18:46:56.237    3 CLASSPNP.SYS[8698959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84207028]
18:46:58.633    AVAST engine scan C:\windows
18:47:12.080    AVAST engine scan C:\windows\system32
19:01:09.573    AVAST engine scan C:\windows\system32\drivers
19:02:09.164    AVAST engine scan C:\Users\horst
19:08:41.382    AVAST engine scan C:\ProgramData
19:10:18.474    Scan finished successfully
19:30:33.250    Disk 0 MBR has been saved successfully to "C:\Users\horst\Desktop\MBR.dat"
19:30:33.368    The log file has been saved successfully to "C:\Users\horst\Desktop\aswMBR.txt"
Und hier die von TDSSKIller

Code:
18:45:17.0108 3312  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:45:19.0174 3312  ============================================================
18:45:19.0174 3312  Current date / time: 2013/02/19 18:45:19.0174
18:45:19.0174 3312  SystemInfo:
18:45:19.0174 3312 
18:45:19.0175 3312  OS Version: 6.1.7600 ServicePack: 0.0
18:45:19.0175 3312  Product type: Workstation
18:45:19.0176 3312  ComputerName: HORST-PC
18:45:19.0176 3312  UserName: horst
18:45:19.0176 3312  Windows directory: C:\windows
18:45:19.0176 3312  System windows directory: C:\windows
18:45:19.0177 3312  Processor architecture: Intel x86
18:45:19.0177 3312  Number of processors: 2
18:45:19.0177 3312  Page size: 0x1000
18:45:19.0177 3312  Boot type: Normal boot
18:45:19.0177 3312  ============================================================
18:45:22.0602 3312  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:45:22.0617 3312  ============================================================
18:45:22.0617 3312  \Device\Harddisk0\DR0:
18:45:22.0619 3312  MBR partitions:
18:45:22.0619 3312  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
18:45:22.0619 3312  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0xAA00000
18:45:22.0658 3312  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xD233000, BlocksNum 0xFF92000
18:45:22.0659 3312  ============================================================
18:45:22.0742 3312  C: <-> \Device\Harddisk0\DR0\Partition2
18:45:22.0905 3312  D: <-> \Device\Harddisk0\DR0\Partition3
18:45:22.0981 3312  ============================================================
18:45:22.0982 3312  Initialize success
18:45:22.0982 3312  ============================================================
18:46:57.0298 3600  ============================================================
18:46:57.0299 3600  Scan started
18:46:57.0299 3600  Mode: Manual; SigCheck; TDLFS;
18:46:57.0300 3600  ============================================================
18:46:57.0702 3600  ================ Scan system memory ========================
18:46:57.0702 3600  System memory - ok
18:46:57.0705 3600  ================ Scan services =============================
18:46:58.0305 3600  [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci        C:\windows\system32\DRIVERS\1394ohci.sys
18:46:58.0778 3600  1394ohci - ok
18:46:58.0883 3600  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\windows\system32\DRIVERS\ACPI.sys
18:46:59.0013 3600  ACPI - ok
18:46:59.0094 3600  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi        C:\windows\system32\DRIVERS\acpipmi.sys
18:46:59.0345 3600  AcpiPmi - ok
18:46:59.0522 3600  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:46:59.0639 3600  AdobeFlashPlayerUpdateSvc - ok
18:46:59.0744 3600  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\windows\system32\DRIVERS\adp94xx.sys
18:46:59.0915 3600  adp94xx - ok
18:47:00.0006 3600  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\windows\system32\DRIVERS\adpahci.sys
18:47:00.0126 3600  adpahci - ok
18:47:00.0266 3600  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\windows\system32\DRIVERS\adpu320.sys
18:47:00.0362 3600  adpu320 - ok
18:47:00.0434 3600  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\windows\System32\aelupsvc.dll
18:47:00.0769 3600  AeLookupSvc - ok
18:47:01.0022 3600  [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD            C:\windows\system32\drivers\afd.sys
18:47:01.0585 3600  AFD - ok
18:47:01.0623 3600  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\DRIVERS\agp440.sys
18:47:01.0747 3600  agp440 - ok
18:47:01.0812 3600  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\windows\system32\DRIVERS\djsvs.sys
18:47:01.0979 3600  aic78xx - ok
18:47:02.0116 3600  [ 7067AC22EB74C2E3D4C950050CBB1AC0 ] ALDITALKVerbindungsassistent_Service C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
18:47:02.0298 3600  ALDITALKVerbindungsassistent_Service - ok
18:47:02.0571 3600  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\windows\System32\alg.exe
18:47:02.0802 3600  ALG - ok
18:47:02.0841 3600  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\DRIVERS\aliide.sys
18:47:02.0956 3600  aliide - ok
18:47:02.0999 3600  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\DRIVERS\amdagp.sys
18:47:03.0117 3600  amdagp - ok
18:47:03.0152 3600  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\DRIVERS\amdide.sys
18:47:03.0245 3600  amdide - ok
18:47:03.0287 3600  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\windows\system32\DRIVERS\amdk8.sys
18:47:03.0414 3600  AmdK8 - ok
18:47:03.0464 3600  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
18:47:03.0632 3600  AmdPPM - ok
18:47:03.0696 3600  [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata        C:\windows\system32\DRIVERS\amdsata.sys
18:47:03.0905 3600  amdsata - ok
18:47:04.0045 3600  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
18:47:04.0170 3600  amdsbs - ok
18:47:04.0229 3600  [ B81C2B5616F6420A9941EA093A92B150 ] amdxata        C:\windows\system32\DRIVERS\amdxata.sys
18:47:04.0323 3600  amdxata - ok
18:47:04.0754 3600  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:47:04.0884 3600  AntiVirSchedulerService - ok
18:47:05.0124 3600  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:47:05.0247 3600  AntiVirService - ok
18:47:05.0516 3600  [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:47:05.0649 3600  AntiVirWebService - ok
18:47:05.0691 3600  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID          C:\windows\system32\drivers\appid.sys
18:47:06.0000 3600  AppID - ok
18:47:06.0068 3600  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
18:47:06.0623 3600  AppIDSvc - ok
18:47:06.0683 3600  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo        C:\windows\System32\appinfo.dll
18:47:06.0856 3600  Appinfo - ok
18:47:06.0934 3600  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\windows\system32\DRIVERS\arc.sys
18:47:07.0069 3600  arc - ok
18:47:07.0098 3600  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
18:47:07.0232 3600  arcsas - ok
18:47:07.0286 3600  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
18:47:07.0659 3600  AsyncMac - ok
18:47:07.0791 3600  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\windows\system32\DRIVERS\atapi.sys
18:47:07.0915 3600  atapi - ok
18:47:07.0994 3600  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
18:47:08.0360 3600  AudioEndpointBuilder - ok
18:47:08.0408 3600  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\windows\System32\Audiosrv.dll
18:47:08.0594 3600  Audiosrv - ok
18:47:08.0769 3600  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
18:47:08.0889 3600  avgntflt - ok
18:47:08.0997 3600  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
18:47:09.0124 3600  avipbb - ok
18:47:09.0197 3600  [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
18:47:09.0321 3600  avkmgr - ok
18:47:09.0412 3600  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\windows\System32\AxInstSV.dll
18:47:09.0749 3600  AxInstSV - ok
18:47:09.0898 3600  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\windows\system32\DRIVERS\bxvbdx.sys
18:47:10.0130 3600  b06bdrv - ok
18:47:10.0188 3600  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
18:47:10.0383 3600  b57nd60x - ok
18:47:10.0791 3600  [ F4D388DC3FF004AEE886762D5CEC7783 ] BCM43XX        C:\windows\system32\DRIVERS\bcmwl6.sys
18:47:11.0188 3600  BCM43XX - ok
18:47:11.0246 3600  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
18:47:11.0507 3600  BDESVC - ok
18:47:11.0573 3600  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
18:47:11.0804 3600  Beep - ok
18:47:11.0869 3600  [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE            C:\windows\System32\bfe.dll
18:47:12.0173 3600  BFE - ok
18:47:12.0329 3600  [ 53F476476F55A27F580661BDE09C4EC4 ] BITS            C:\windows\System32\qmgr.dll
18:47:12.0694 3600  BITS - ok
18:47:12.0741 3600  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
18:47:12.0912 3600  blbdrive - ok
18:47:12.0964 3600  [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
18:47:13.0113 3600  bowser - ok
18:47:13.0136 3600  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
18:47:13.0369 3600  BrFiltLo - ok
18:47:13.0434 3600  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
18:47:13.0695 3600  BrFiltUp - ok
18:47:13.0764 3600  [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser        C:\windows\System32\browser.dll
18:47:14.0096 3600  Browser - ok
18:47:14.0173 3600  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\windows\System32\Drivers\Brserid.sys
18:47:14.0415 3600  Brserid - ok
18:47:14.0442 3600  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
18:47:14.0636 3600  BrSerWdm - ok
18:47:14.0667 3600  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
18:47:14.0826 3600  BrUsbMdm - ok
18:47:14.0874 3600  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
18:47:15.0092 3600  BrUsbSer - ok
18:47:15.0510 3600  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum        C:\windows\system32\drivers\BthEnum.sys
18:47:16.0079 3600  BthEnum - ok
18:47:16.0116 3600  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
18:47:16.0461 3600  BTHMODEM - ok
18:47:16.0692 3600  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
18:47:16.0893 3600  BthPan - ok
18:47:17.0372 3600  [ 88059FF1DED4472ACD17EEBABD393069 ] BTHPORT        C:\windows\System32\Drivers\BTHport.sys
18:47:17.0813 3600  BTHPORT - ok
18:47:18.0125 3600  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\windows\system32\bthserv.dll
18:47:18.0861 3600  bthserv - ok
18:47:19.0217 3600  [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
18:47:19.0352 3600  BTHUSB - ok
18:47:19.0482 3600  [ 7061FE1715E5ADED120FE4C608609357 ] btwampfl        C:\windows\system32\drivers\btwampfl.sys
18:47:19.0596 3600  btwampfl - ok
18:47:19.0786 3600  [ A95B2FB3CA7B555B5CB306153F48CED8 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
18:47:19.0918 3600  btwaudio - ok
18:47:20.0044 3600  [ 1F9CD885F1C548BE93962CCABDB632E4 ] btwavdt        C:\windows\system32\DRIVERS\btwavdt.sys
18:47:20.0136 3600  btwavdt - ok
18:47:20.0488 3600  [ 9634E2B260AA445EF6B83731AC6EE5AC ] btwdins        C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
18:47:20.0620 3600  btwdins - ok
18:47:20.0673 3600  [ DE53089F0678CB5F0AFEB867ACB0FB05 ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
18:47:20.0797 3600  btwl2cap - ok
18:47:20.0850 3600  [ A2D6C7B7B62A6C42DCB01204A6BD6FC2 ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
18:47:20.0947 3600  btwrchid - ok
18:47:21.0101 3600  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
18:47:21.0238 3600  cdfs - ok
18:47:21.0462 3600  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom          C:\windows\system32\DRIVERS\cdrom.sys
18:47:21.0629 3600  cdrom - ok
18:47:21.0910 3600  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc    C:\windows\System32\certprop.dll
18:47:22.0159 3600  CertPropSvc - ok
18:47:22.0636 3600  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
18:47:22.0788 3600  circlass - ok
18:47:22.0895 3600  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
18:47:23.0003 3600  CLFS - ok
18:47:23.0271 3600  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:47:23.0384 3600  clr_optimization_v2.0.50727_32 - ok
18:47:23.0431 3600  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
18:47:23.0578 3600  CmBatt - ok
18:47:23.0601 3600  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\DRIVERS\cmdide.sys
18:47:23.0670 3600  cmdide - ok
18:47:23.0763 3600  [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG            C:\windows\system32\Drivers\cng.sys
18:47:23.0951 3600  CNG - ok
18:47:23.0997 3600  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
18:47:24.0064 3600  Compbatt - ok
18:47:24.0136 3600  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
18:47:24.0244 3600  CompositeBus - ok
18:47:24.0271 3600  COMSysApp - ok
18:47:24.0286 3600  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\windows\system32\DRIVERS\crcdisk.sys
18:47:24.0363 3600  crcdisk - ok
18:47:24.0420 3600  [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc        C:\windows\system32\cryptsvc.dll
18:47:24.0621 3600  CryptSvc - ok
18:47:24.0703 3600  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\windows\system32\rpcss.dll
18:47:24.0860 3600  DcomLaunch - ok
18:47:24.0968 3600  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\windows\System32\defragsvc.dll
18:47:25.0249 3600  defragsvc - ok
18:47:25.0334 3600  [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
18:47:25.0530 3600  DfsC - ok
18:47:25.0699 3600  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\windows\system32\dhcpcore.dll
18:47:25.0900 3600  Dhcp - ok
18:47:25.0947 3600  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
18:47:26.0077 3600  discache - ok
18:47:26.0158 3600  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\DRIVERS\disk.sys
18:47:26.0233 3600  Disk - ok
18:47:26.0338 3600  [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache        C:\windows\System32\dnsrslvr.dll
18:47:26.0491 3600  Dnscache - ok
18:47:26.0557 3600  [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc        C:\windows\System32\dot3svc.dll
18:47:26.0772 3600  dot3svc - ok
18:47:26.0852 3600  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS            C:\windows\system32\dps.dll
18:47:26.0983 3600  DPS - ok
18:47:27.0073 3600  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\windows\system32\drivers\drmkaud.sys
18:47:27.0258 3600  drmkaud - ok
18:47:27.0513 3600  [ C94B6C3CC628179CB9B9061C19888B99 ] DXGKrnl        C:\windows\System32\drivers\dxgkrnl.sys
18:47:27.0608 3600  DXGKrnl - ok
18:47:27.0705 3600  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\windows\System32\eapsvc.dll
18:47:27.0928 3600  EapHost - ok
18:47:28.0208 3600  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\windows\system32\DRIVERS\evbdx.sys
18:47:28.0480 3600  ebdrv - ok
18:47:28.0516 3600  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS            C:\windows\System32\lsass.exe
18:47:28.0648 3600  EFS - ok
18:47:28.0727 3600  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\windows\system32\DRIVERS\elxstor.sys
18:47:28.0835 3600  elxstor - ok
18:47:28.0854 3600  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\DRIVERS\errdev.sys
18:47:28.0964 3600  ErrDev - ok
18:47:29.0125 3600  [ DF4F000CFC05DEC947D928A8F3ADCD7A ] ETD            C:\windows\system32\DRIVERS\ETD.sys
18:47:29.0310 3600  ETD - ok
18:47:29.0372 3600  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\windows\system32\es.dll
18:47:29.0561 3600  EventSystem - ok
18:47:29.0670 3600  [ E1556AF3FB0284C32896B9AC8494D9C2 ] ewusbnet        C:\windows\system32\DRIVERS\ewusbnet.sys
18:47:29.0803 3600  ewusbnet - ok
18:47:29.0925 3600  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev    C:\windows\system32\DRIVERS\ew_hwusbdev.sys
18:47:30.0044 3600  ew_hwusbdev - ok
18:47:30.0105 3600  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\windows\system32\drivers\exfat.sys
18:47:30.0322 3600  exfat - ok
18:47:30.0438 3600  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\windows\system32\drivers\fastfat.sys
18:47:30.0619 3600  fastfat - ok
18:47:30.0751 3600  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax            C:\windows\system32\fxssvc.exe
18:47:31.0019 3600  Fax - ok
18:47:31.0075 3600  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\windows\system32\DRIVERS\fdc.sys
18:47:31.0170 3600  fdc - ok
18:47:31.0246 3600  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\windows\system32\fdPHost.dll
18:47:31.0420 3600  fdPHost - ok
18:47:31.0442 3600  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
18:47:31.0635 3600  FDResPub - ok
18:47:31.0658 3600  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
18:47:31.0744 3600  FileInfo - ok
18:47:31.0794 3600  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\windows\system32\drivers\filetrace.sys
18:47:32.0042 3600  Filetrace - ok
18:47:32.0154 3600  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
18:47:32.0302 3600  flpydisk - ok
18:47:32.0390 3600  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
18:47:32.0454 3600  FltMgr - ok
18:47:32.0725 3600  [ 151258FC2EC8C48BDF8A53350AE0A676 ] FontCache      C:\windows\system32\FntCache.dll
18:47:33.0117 3600  FontCache - ok
18:47:33.0359 3600  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:47:33.0483 3600  FontCache3.0.0.0 - ok
18:47:33.0552 3600  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\windows\system32\drivers\FsDepends.sys
18:47:33.0675 3600  FsDepends - ok
18:47:33.0901 3600  [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr        C:\windows\system32\DRIVERS\fssfltr.sys
18:47:33.0995 3600  fssfltr - ok
18:47:34.0174 3600  [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:47:34.0320 3600  fsssvc - ok
18:47:34.0374 3600  [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
18:47:34.0484 3600  Fs_Rec - ok
18:47:34.0553 3600  [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
18:47:34.0663 3600  fvevol - ok
18:47:34.0723 3600  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
18:47:34.0784 3600  gagp30kx - ok
18:47:34.0873 3600  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc          C:\windows\System32\gpsvc.dll
18:47:35.0063 3600  gpsvc - ok
18:47:35.0113 3600  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
18:47:35.0299 3600  hcw85cir - ok
18:47:35.0416 3600  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
18:47:35.0550 3600  HdAudAddService - ok
18:47:35.0595 3600  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
18:47:35.0711 3600  HDAudBus - ok
18:47:35.0733 3600  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\windows\system32\DRIVERS\HidBatt.sys
18:47:35.0807 3600  HidBatt - ok
18:47:35.0871 3600  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
18:47:35.0984 3600  HidBth - ok
18:47:36.0011 3600  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\windows\system32\DRIVERS\hidir.sys
18:47:36.0149 3600  HidIr - ok
18:47:36.0188 3600  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\windows\system32\hidserv.dll
18:47:36.0380 3600  hidserv - ok
18:47:36.0441 3600  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
18:47:36.0541 3600  HidUsb - ok
18:47:36.0601 3600  [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc          C:\windows\system32\kmsvc.dll
18:47:36.0820 3600  hkmsvc - ok
18:47:36.0869 3600  [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\windows\system32\ListSvc.dll
18:47:37.0100 3600  HomeGroupListener - ok
18:47:37.0193 3600  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\windows\system32\provsvc.dll
18:47:37.0353 3600  HomeGroupProvider - ok
18:47:37.0406 3600  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\DRIVERS\HpSAMD.sys
18:47:37.0504 3600  HpSAMD - ok
18:47:37.0689 3600  [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP            C:\windows\system32\drivers\HTTP.sys
18:47:37.0857 3600  HTTP - ok
18:47:37.0903 3600  [ A89423D0132C8AB69BA621B6CE191714 ] hwdatacard      C:\windows\system32\DRIVERS\ewusbmdm.sys
18:47:38.0031 3600  hwdatacard - ok
18:47:38.0081 3600  [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
18:47:38.0167 3600  hwpolicy - ok
18:47:38.0215 3600  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
18:47:38.0313 3600  i8042prt - ok
18:47:38.0430 3600  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
18:47:38.0527 3600  iaStor - ok
18:47:38.0598 3600  [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV        C:\windows\system32\DRIVERS\iaStorV.sys
18:47:38.0689 3600  iaStorV - ok
18:47:38.0802 3600  [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc          C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:47:39.0046 3600  idsvc - ok
18:47:40.0366 3600  [ 99469637D568076EA5664DAA8463C2E3 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
18:47:40.0804 3600  igfx - ok
18:47:41.0011 3600  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\windows\system32\DRIVERS\iirsp.sys
18:47:41.0559 3600  iirsp - ok
18:47:42.0722 3600  [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT          C:\windows\System32\ikeext.dll
18:47:43.0086 3600  IKEEXT - ok
18:47:44.0020 3600  [ F4427E5DF32CDE359B2E2E5512D18001 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
18:47:44.0444 3600  IntcAzAudAddService - ok
18:47:44.0487 3600  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\DRIVERS\intelide.sys
18:47:44.0572 3600  intelide - ok
18:47:44.0652 3600  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
18:47:44.0881 3600  intelppm - ok
18:47:44.0928 3600  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\windows\system32\ipbusenum.dll
18:47:45.0210 3600  IPBusEnum - ok
18:47:45.0256 3600  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
18:47:45.0488 3600  IpFilterDriver - ok
18:47:45.0764 3600  [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
18:47:45.0977 3600  iphlpsvc - ok
18:47:46.0024 3600  [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV        C:\windows\system32\DRIVERS\IPMIDrv.sys
18:47:46.0158 3600  IPMIDRV - ok
18:47:46.0215 3600  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\windows\system32\drivers\ipnat.sys
18:47:46.0376 3600  IPNAT - ok
18:47:46.0971 3600  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
18:47:47.0620 3600  IRENUM - ok
18:47:47.0668 3600  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\DRIVERS\isapnp.sys
18:47:47.0821 3600  isapnp - ok
18:47:47.0905 3600  [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt        C:\windows\system32\DRIVERS\msiscsi.sys
18:47:48.0014 3600  iScsiPrt - ok
18:47:48.0119 3600  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
18:47:48.0232 3600  kbdclass - ok
18:47:48.0351 3600  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
18:47:48.0535 3600  kbdhid - ok
18:47:48.0574 3600  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso          C:\windows\system32\lsass.exe
18:47:48.0667 3600  KeyIso - ok
18:47:48.0717 3600  [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
18:47:48.0781 3600  KSecDD - ok
18:47:48.0871 3600  [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg        C:\windows\system32\Drivers\ksecpkg.sys
18:47:49.0002 3600  KSecPkg - ok
18:47:49.0075 3600  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\windows\system32\msdtckrm.dll
18:47:49.0347 3600  KtmRm - ok
18:47:49.0560 3600  [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer    C:\windows\system32\srvsvc.dll
18:47:49.0888 3600  LanmanServer - ok
18:47:49.0961 3600  [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\windows\System32\wkssvc.dll
18:47:50.0242 3600  LanmanWorkstation - ok
18:47:50.0356 3600  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
18:47:50.0556 3600  lltdio - ok
18:47:50.0606 3600  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\windows\System32\lltdsvc.dll
18:47:50.0829 3600  lltdsvc - ok
18:47:50.0856 3600  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\windows\System32\lmhsvc.dll
18:47:51.0049 3600  lmhosts - ok
18:47:51.0111 3600  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
18:47:51.0218 3600  LSI_FC - ok
18:47:51.0270 3600  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\windows\system32\DRIVERS\lsi_sas.sys
18:47:51.0413 3600  LSI_SAS - ok
18:47:51.0472 3600  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
18:47:51.0569 3600  LSI_SAS2 - ok
18:47:51.0669 3600  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
18:47:51.0751 3600  LSI_SCSI - ok
18:47:51.0788 3600  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\windows\system32\drivers\luafv.sys
18:47:52.0021 3600  luafv - ok
18:47:52.0110 3600  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector  C:\windows\system32\drivers\mbam.sys
18:47:52.0181 3600  MBAMProtector - ok
18:47:52.0541 3600  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler  C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:47:52.0633 3600  MBAMScheduler - ok
18:47:52.0711 3600  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:47:52.0900 3600  MBAMService - ok
18:47:53.0114 3600  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\windows\system32\DRIVERS\megasas.sys
18:47:53.0214 3600  megasas - ok
18:47:53.0454 3600  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
18:47:53.0611 3600  MegaSR - ok
18:47:53.0756 3600  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\windows\system32\mmcss.dll
18:47:54.0710 3600  MMCSS - ok
18:47:54.0731 3600  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\windows\system32\drivers\modem.sys
18:47:54.0865 3600  Modem - ok
18:47:54.0930 3600  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\windows\system32\DRIVERS\monitor.sys
18:47:55.0081 3600  monitor - ok
18:47:55.0138 3600  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
18:47:55.0237 3600  mouclass - ok
18:47:55.0309 3600  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
18:47:55.0410 3600  mouhid - ok
18:47:55.0517 3600  [ 921C18727C5920D6C0300736646931C2 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
18:47:55.0653 3600  mountmgr - ok
18:47:55.0819 3600  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:47:56.0100 3600  MozillaMaintenance - ok
18:47:56.0154 3600  [ 2AF5997438C55FB79D33D015C30E1974 ] mpio            C:\windows\system32\DRIVERS\mpio.sys
18:47:56.0246 3600  mpio - ok
18:47:56.0329 3600  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
18:47:56.0629 3600  mpsdrv - ok
18:47:56.0826 3600  [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc          C:\windows\system32\mpssvc.dll
18:47:57.0152 3600  MpsSvc - ok
18:47:57.0199 3600  [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
18:47:57.0314 3600  MRxDAV - ok
18:47:57.0419 3600  [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
18:47:57.0537 3600  mrxsmb - ok
18:47:57.0671 3600  [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
18:47:57.0830 3600  mrxsmb10 - ok
18:47:57.0864 3600  [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
18:47:58.0254 3600  mrxsmb20 - ok
18:47:58.0357 3600  [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci          C:\windows\system32\DRIVERS\msahci.sys
18:47:58.0480 3600  msahci - ok
18:47:58.0526 3600  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm          C:\windows\system32\DRIVERS\msdsm.sys
18:47:58.0606 3600  msdsm - ok
18:47:58.0663 3600  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\windows\System32\msdtc.exe
18:47:59.0021 3600  MSDTC - ok
18:47:59.0126 3600  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
18:47:59.0307 3600  Msfs - ok
18:47:59.0335 3600  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\windows\System32\drivers\mshidkmdf.sys
18:47:59.0488 3600  mshidkmdf - ok
18:47:59.0508 3600  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\DRIVERS\msisadrv.sys
18:47:59.0623 3600  msisadrv - ok
18:47:59.0773 3600  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\windows\system32\iscsiexe.dll
18:47:59.0981 3600  MSiSCSI - ok
18:48:00.0007 3600  msiserver - ok
18:48:00.0070 3600  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\windows\system32\drivers\MSKSSRV.sys
18:48:00.0293 3600  MSKSSRV - ok
18:48:00.0374 3600  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
18:48:00.0635 3600  MSPCLOCK - ok
18:48:00.0686 3600  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\windows\system32\drivers\MSPQM.sys
18:48:00.0870 3600  MSPQM - ok
18:48:00.0975 3600  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\windows\system32\drivers\MsRPC.sys
18:48:01.0090 3600  MsRPC - ok
18:48:01.0173 3600  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
18:48:01.0274 3600  mssmbios - ok
18:48:01.0305 3600  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\windows\system32\drivers\MSTEE.sys
18:48:01.0483 3600  MSTEE - ok
18:48:01.0559 3600  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
18:48:01.0702 3600  MTConfig - ok
18:48:01.0756 3600  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\windows\system32\Drivers\mup.sys
18:48:01.0836 3600  Mup - ok
18:48:01.0998 3600  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent        C:\windows\system32\qagentRT.dll
18:48:02.0254 3600  napagent - ok
18:48:02.0372 3600  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\windows\system32\DRIVERS\nwifi.sys
18:48:02.0520 3600  NativeWifiP - ok
18:48:02.0788 3600  [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS            C:\windows\system32\drivers\ndis.sys
18:48:02.0933 3600  NDIS - ok
18:48:02.0989 3600  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\windows\system32\DRIVERS\ndiscap.sys
18:48:03.0156 3600  NdisCap - ok
18:48:03.0208 3600  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
18:48:03.0491 3600  NdisTapi - ok
18:48:03.0573 3600  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio        C:\windows\system32\DRIVERS\ndisuio.sys
18:48:03.0744 3600  Ndisuio - ok
18:48:03.0783 3600  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan        C:\windows\system32\DRIVERS\ndiswan.sys
18:48:03.0965 3600  NdisWan - ok
18:48:04.0058 3600  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy        C:\windows\system32\drivers\NDProxy.sys
18:48:04.0223 3600  NDProxy - ok
18:48:04.0339 3600  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\windows\system32\DRIVERS\netbios.sys
18:48:04.0499 3600  NetBIOS - ok
18:48:04.0605 3600  [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT          C:\windows\system32\DRIVERS\netbt.sys
18:48:04.0857 3600  NetBT - ok
18:48:04.0896 3600  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon        C:\windows\system32\lsass.exe
18:48:05.0020 3600  Netlogon - ok
18:48:05.0128 3600  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
18:48:05.0342 3600  Netman - ok
18:48:05.0488 3600  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
18:48:05.0675 3600  netprofm - ok
18:48:05.0733 3600  [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:48:05.0936 3600  NetTcpPortSharing - ok
18:48:06.0048 3600  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\windows\system32\DRIVERS\nfrd960.sys
18:48:06.0144 3600  nfrd960 - ok
18:48:06.0260 3600  [ 2226496E34BD40734946A054B1CD657F ] NlaSvc          C:\windows\System32\nlasvc.dll
18:48:06.0461 3600  NlaSvc - ok
18:48:06.0479 3600  NOBU - ok
18:48:06.0510 3600  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
18:48:06.0680 3600  Npfs - ok
18:48:06.0726 3600  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\windows\system32\nsisvc.dll
18:48:06.0936 3600  nsi - ok
18:48:06.0976 3600  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
18:48:07.0162 3600  nsiproxy - ok
18:48:07.0370 3600  [ 3795DCD21F740EE799FB7223234215AF ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
18:48:07.0511 3600  Ntfs - ok
18:48:07.0577 3600  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
18:48:07.0761 3600  Null - ok
18:48:07.0798 3600  [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid          C:\windows\system32\DRIVERS\nvraid.sys
18:48:07.0898 3600  nvraid - ok
18:48:07.0939 3600  [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor          C:\windows\system32\DRIVERS\nvstor.sys
18:48:08.0051 3600  nvstor - ok
18:48:08.0098 3600  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\DRIVERS\nv_agp.sys
18:48:08.0199 3600  nv_agp - ok
18:48:08.0233 3600  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\DRIVERS\ohci1394.sys
18:48:08.0340 3600  ohci1394 - ok
18:48:08.0401 3600  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
18:48:08.0573 3600  p2pimsvc - ok
18:48:08.0692 3600  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
18:48:09.0026 3600  p2psvc - ok
18:48:09.0083 3600  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\windows\system32\DRIVERS\parport.sys
18:48:09.0250 3600  Parport - ok
18:48:09.0330 3600  [ 66D3415C159741ADE7038A277EFFF99F ] partmgr        C:\windows\system32\drivers\partmgr.sys
18:48:09.0433 3600  partmgr - ok
18:48:09.0482 3600  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
18:48:09.0613 3600  Parvdm - ok
18:48:09.0709 3600  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
18:48:09.0979 3600  PcaSvc - ok
18:48:10.0055 3600  [ C858CB77C577780ECC456A892E7E7D0F ] pci            C:\windows\system32\DRIVERS\pci.sys
18:48:10.0153 3600  pci - ok
18:48:10.0201 3600  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\DRIVERS\pciide.sys
18:48:10.0323 3600  pciide - ok
18:48:10.0414 3600  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
18:48:10.0510 3600  pcmcia - ok
18:48:10.0550 3600  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\windows\system32\drivers\pcw.sys
18:48:10.0633 3600  pcw - ok
18:48:10.0853 3600  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
18:48:11.0236 3600  PEAUTH - ok
18:48:11.0491 3600  [ 9C1BFF7910C89A1D12E57343475840CB ] pla            C:\windows\system32\pla.dll
18:48:11.0907 3600  pla - ok
18:48:12.0064 3600  [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
18:48:12.0399 3600  PlugPlay - ok
18:48:12.0469 3600  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\windows\system32\pnrpauto.dll
18:48:12.0658 3600  PNRPAutoReg - ok
18:48:12.0754 3600  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\windows\system32\pnrpsvc.dll
18:48:12.0859 3600  PNRPsvc - ok
18:48:12.0957 3600  [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent    C:\windows\System32\ipsecsvc.dll
18:48:13.0248 3600  PolicyAgent - ok
18:48:13.0367 3600  [ DBFF83F709A91049621C1D35DD45C92C ] Power          C:\windows\system32\umpo.dll
18:48:13.0539 3600  Power - ok
18:48:13.0663 3600  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
18:48:13.0858 3600  PptpMiniport - ok
18:48:13.0952 3600  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\windows\system32\DRIVERS\processr.sys
18:48:14.0083 3600  Processor - ok
18:48:14.0127 3600  [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc        C:\windows\system32\profsvc.dll
18:48:14.0435 3600  ProfSvc - ok
18:48:14.0474 3600  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\windows\system32\lsass.exe
18:48:14.0584 3600  ProtectedStorage - ok
18:48:14.0637 3600  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
18:48:14.0821 3600  Psched - ok
18:48:15.0049 3600  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
18:48:15.0273 3600  ql2300 - ok
18:48:15.0338 3600  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
18:48:15.0457 3600  ql40xx - ok
18:48:15.0571 3600  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\windows\system32\qwave.dll
18:48:15.0794 3600  QWAVE - ok
18:48:15.0818 3600  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
18:48:15.0957 3600  QWAVEdrv - ok
18:48:16.0010 3600  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
18:48:16.0190 3600  RasAcd - ok
18:48:16.0237 3600  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\windows\system32\DRIVERS\AgileVpn.sys
18:48:16.0432 3600  RasAgileVpn - ok
18:48:16.0603 3600  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\windows\System32\rasauto.dll
18:48:16.0895 3600  RasAuto - ok
18:48:16.0980 3600  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\windows\system32\DRIVERS\rasl2tp.sys
18:48:17.0198 3600  Rasl2tp - ok
18:48:17.0400 3600  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan          C:\windows\System32\rasmans.dll
18:48:17.0690 3600  RasMan - ok
18:48:17.0747 3600  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
18:48:17.0918 3600  RasPppoe - ok
18:48:17.0942 3600  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\windows\system32\DRIVERS\rassstp.sys
18:48:18.0110 3600  RasSstp - ok
18:48:18.0216 3600  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss          C:\windows\system32\DRIVERS\rdbss.sys
18:48:18.0453 3600  rdbss - ok
18:48:18.0480 3600  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
18:48:18.0646 3600  rdpbus - ok
18:48:18.0777 3600  [ 1E016846895B15A99F9A176A05029075 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
18:48:18.0977 3600  RDPCDD - ok
18:48:19.0102 3600  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
18:48:19.0283 3600  RDPENCDD - ok
18:48:19.0353 3600  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
18:48:19.0536 3600  RDPREFMP - ok
18:48:19.0652 3600  [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD          C:\windows\system32\drivers\RDPWD.sys
18:48:19.0842 3600  RDPWD - ok
18:48:20.0011 3600  [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
18:48:20.0134 3600  rdyboost - ok
18:48:20.0232 3600  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
18:48:20.0464 3600  RemoteAccess - ok
18:48:20.0520 3600  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
18:48:20.0901 3600  RemoteRegistry - ok
18:48:21.0006 3600  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
18:48:21.0168 3600  RFCOMM - ok
18:48:21.0207 3600  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
18:48:21.0374 3600  RpcEptMapper - ok
18:48:21.0436 3600  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
18:48:21.0550 3600  RpcLocator - ok
18:48:21.0649 3600  [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs          C:\windows\system32\rpcss.dll
18:48:21.0863 3600  RpcSs - ok
18:48:21.0981 3600  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
18:48:22.0179 3600  rspndr - ok
18:48:22.0314 3600  [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167        C:\windows\system32\DRIVERS\Rt86win7.sys
18:48:22.0485 3600  RTL8167 - ok
18:48:22.0557 3600  [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI            C:\windows\system32\Drivers\SABI.sys
18:48:22.0833 3600  SABI - ok
18:48:22.0882 3600  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs          C:\windows\system32\lsass.exe
18:48:23.0038 3600  SamSs - ok
18:48:23.0112 3600  [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port        C:\windows\system32\DRIVERS\sbp2port.sys
18:48:23.0185 3600  sbp2port - ok
18:48:23.0706 3600  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
18:48:24.0024 3600  SBSDWSCService - ok
18:48:24.0082 3600  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
18:48:24.0371 3600  SCardSvr - ok
18:48:24.0398 3600  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
18:48:24.0544 3600  scfilter - ok
18:48:24.0815 3600  [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule        C:\windows\system32\schedsvc.dll
18:48:25.0048 3600  Schedule - ok
18:48:25.0081 3600  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc    C:\windows\System32\certprop.dll
18:48:25.0297 3600  SCPolicySvc - ok
18:48:25.0380 3600  [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC          C:\windows\System32\SDRSVC.dll
18:48:25.0696 3600  SDRSVC - ok
18:48:25.0749 3600  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
18:48:25.0912 3600  secdrv - ok
18:48:25.0960 3600  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
18:48:26.0174 3600  seclogon - ok
18:48:26.0253 3600  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\System32\sens.dll
18:48:26.0443 3600  SENS - ok
18:48:26.0494 3600  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\windows\system32\DRIVERS\serenum.sys
18:48:26.0633 3600  Serenum - ok
18:48:26.0720 3600  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
18:48:26.0859 3600  Serial - ok
18:48:26.0912 3600  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
18:48:27.0068 3600  sermouse - ok
18:48:27.0214 3600  [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv      C:\windows\system32\sessenv.dll
18:48:27.0462 3600  SessionEnv - ok
18:48:27.0506 3600  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\windows\system32\DRIVERS\sffdisk.sys
18:48:27.0647 3600  sffdisk - ok
18:48:27.0711 3600  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\DRIVERS\sffp_mmc.sys
18:48:27.0811 3600  sffp_mmc - ok
18:48:27.0856 3600  [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd        C:\windows\system32\DRIVERS\sffp_sd.sys
18:48:28.0096 3600  sffp_sd - ok
18:48:28.0143 3600  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\windows\system32\DRIVERS\sfloppy.sys
18:48:28.0272 3600  sfloppy - ok
18:48:28.0423 3600  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
18:48:28.0725 3600  SharedAccess - ok
18:48:28.0846 3600  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\windows\System32\shsvcs.dll
18:48:29.0512 3600  ShellHWDetection - ok
18:48:29.0646 3600  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\DRIVERS\sisagp.sys
18:48:29.0720 3600  sisagp - ok
18:48:29.0802 3600  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
18:48:29.0886 3600  SiSRaid2 - ok
18:48:29.0932 3600  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
18:48:30.0012 3600  SiSRaid4 - ok
18:48:30.0101 3600  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\windows\system32\DRIVERS\smb.sys
18:48:30.0291 3600  Smb - ok
18:48:30.0431 3600  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
18:48:30.0579 3600  SNMPTRAP - ok
18:48:30.0644 3600  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\windows\system32\drivers\spldr.sys
18:48:30.0735 3600  spldr - ok
18:48:30.0949 3600  [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler        C:\windows\System32\spoolsv.exe
18:48:31.0317 3600  Spooler - ok
18:48:31.0923 3600  [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc          C:\windows\system32\sppsvc.exe
18:48:32.0218 3600  sppsvc - ok
18:48:32.0289 3600  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify    C:\windows\system32\sppuinotify.dll
18:48:32.0522 3600  sppuinotify - ok
18:48:32.0772 3600  [ 7B426B8E809EDF081D771EF429345528 ] sp_rsdrv2      C:\windows\system32\drivers\sp_rsdrv2.sys
18:48:32.0851 3600  sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
18:48:32.0852 3600  sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
18:48:33.0002 3600  [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv            C:\windows\system32\DRIVERS\srv.sys
18:48:33.0217 3600  srv - ok
18:48:33.0408 3600  [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
18:48:33.0522 3600  srv2 - ok
18:48:33.0568 3600  [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
18:48:33.0694 3600  srvnet - ok
18:48:33.0765 3600  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\windows\System32\ssdpsrv.dll
18:48:33.0939 3600  SSDPSRV - ok
18:48:34.0203 3600  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\windows\system32\DRIVERS\ssmdrv.sys
18:48:34.0280 3600  ssmdrv - ok
18:48:34.0392 3600  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\windows\system32\sstpsvc.dll
18:48:34.0605 3600  SstpSvc - ok
18:48:34.0857 3600  [ 8B9C27BF08AC062471DAFDC2FD0FE0A7 ] ST2012_Svc      C:\Program Files\Spyware Terminator\st_rsser.exe
18:48:34.0958 3600  ST2012_Svc - ok
18:48:35.0019 3600  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
18:48:35.0092 3600  stexstor - ok
18:48:35.0280 3600  [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc          C:\windows\System32\wiaservc.dll
18:48:35.0534 3600  StiSvc - ok
18:48:35.0575 3600  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
18:48:35.0648 3600  swenum - ok
18:48:35.0768 3600  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\windows\System32\swprv.dll
18:48:36.0112 3600  swprv - ok
18:48:36.0482 3600  [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain        C:\windows\system32\sysmain.dll
18:48:36.0659 3600  SysMain - ok
18:48:36.0744 3600  [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\windows\System32\TabSvc.dll
18:48:36.0891 3600  TabletInputService - ok
18:48:37.0003 3600  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv        C:\windows\System32\tapisrv.dll
18:48:37.0267 3600  TapiSrv - ok
18:48:37.0340 3600  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\windows\System32\tbssvc.dll
18:48:37.0588 3600  TBS - ok
18:48:38.0017 3600  [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip          C:\windows\system32\drivers\tcpip.sys
18:48:38.0202 3600  Tcpip - ok
18:48:38.0474 3600  [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
18:48:38.0687 3600  TCPIP6 - ok
18:48:38.0796 3600  [ E64444523ADD154F86567C469BC0B17F ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
18:48:38.0980 3600  tcpipreg - ok
18:48:39.0114 3600  [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
18:48:39.0250 3600  TDPIPE - ok
18:48:39.0347 3600  [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP          C:\windows\system32\drivers\tdtcp.sys
18:48:39.0451 3600  TDTCP - ok
18:48:39.0500 3600  [ CB39E896A2A83702D1737BFD402B3542 ] tdx            C:\windows\system32\DRIVERS\tdx.sys
18:48:39.0718 3600  tdx - ok
18:48:39.0805 3600  [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
18:48:39.0920 3600  TermDD - ok
18:48:40.0141 3600  [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService    C:\windows\System32\termsrv.dll
18:48:40.0466 3600  TermService - ok
18:48:40.0549 3600  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
18:48:40.0679 3600  Themes - ok
18:48:40.0715 3600  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\windows\system32\mmcss.dll
18:48:40.0881 3600  THREADORDER - ok
18:48:40.0933 3600  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
18:48:41.0104 3600  TrkWks - ok
18:48:41.0314 3600  [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
18:48:41.0489 3600  TrustedInstaller - ok
18:48:41.0523 3600  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
18:48:41.0685 3600  tssecsrv - ok
18:48:41.0804 3600  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
18:48:41.0996 3600  tunnel - ok
18:48:42.0052 3600  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
18:48:42.0178 3600  uagp35 - ok
18:48:42.0287 3600  [ EB0A7BD4D471AC3CE55564A4C55B9D8E ] udfs            C:\windows\system32\DRIVERS\udfs.sys
18:48:42.0521 3600  udfs - ok
18:48:42.0562 3600  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\windows\system32\UI0Detect.exe
18:48:42.0814 3600  UI0Detect - ok
18:48:42.0931 3600  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\DRIVERS\uliagpkx.sys
18:48:43.0079 3600  uliagpkx - ok
18:48:43.0159 3600  [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus          C:\windows\system32\DRIVERS\umbus.sys
18:48:43.0327 3600  umbus - ok
18:48:43.0382 3600  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
18:48:43.0496 3600  UmPass - ok
18:48:43.0607 3600  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
18:48:43.0843 3600  upnphost - ok
18:48:43.0928 3600  [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp        C:\windows\system32\DRIVERS\usbccgp.sys
18:48:44.0111 3600  usbccgp - ok
18:48:44.0253 3600  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\DRIVERS\usbcir.sys
18:48:44.0428 3600  usbcir - ok
18:48:44.0486 3600  [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci        C:\windows\system32\DRIVERS\usbehci.sys
18:48:44.0604 3600  usbehci - ok
18:48:44.0796 3600  [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
18:48:45.0030 3600  usbhub - ok
18:48:45.0088 3600  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci        C:\windows\system32\DRIVERS\usbohci.sys
18:48:45.0234 3600  usbohci - ok
18:48:45.0284 3600  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
18:48:45.0433 3600  usbprint - ok
18:48:45.0485 3600  [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR        C:\windows\system32\DRIVERS\USBSTOR.SYS
18:48:45.0611 3600  USBSTOR - ok
18:48:45.0711 3600  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci        C:\windows\system32\DRIVERS\usbuhci.sys
18:48:45.0868 3600  usbuhci - ok
18:48:45.0950 3600  [ F642A7E4BF78CFA359CCA0A3557C28D7 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
18:48:46.0057 3600  usbvideo - ok
18:48:46.0160 3600  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\windows\System32\uxsms.dll
18:48:46.0323 3600  UxSms - ok
18:48:46.0354 3600  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc        C:\windows\system32\lsass.exe
18:48:46.0442 3600  VaultSvc - ok
18:48:46.0512 3600  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\DRIVERS\vdrvroot.sys
18:48:46.0611 3600  vdrvroot - ok
18:48:46.0760 3600  [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds            C:\windows\System32\vds.exe
18:48:47.0027 3600  vds - ok
18:48:47.0129 3600  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\windows\system32\DRIVERS\vgapnp.sys
18:48:47.0250 3600  vga - ok
18:48:47.0331 3600  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\windows\System32\drivers\vga.sys
18:48:47.0478 3600  VgaSave - ok
18:48:47.0504 3600  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp          C:\windows\system32\DRIVERS\vhdmp.sys
18:48:47.0626 3600  vhdmp - ok
18:48:47.0689 3600  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\DRIVERS\viaagp.sys
18:48:47.0791 3600  viaagp - ok
18:48:47.0868 3600  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\windows\system32\DRIVERS\viac7.sys
18:48:47.0985 3600  ViaC7 - ok
18:48:48.0061 3600  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\DRIVERS\viaide.sys
18:48:48.0155 3600  viaide - ok
18:48:48.0182 3600  [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr          C:\windows\system32\DRIVERS\volmgr.sys
18:48:48.0265 3600  volmgr - ok
18:48:48.0331 3600  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\windows\system32\drivers\volmgrx.sys
18:48:48.0441 3600  volmgrx - ok
18:48:48.0545 3600  [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap        C:\windows\system32\DRIVERS\volsnap.sys
18:48:48.0639 3600  volsnap - ok
18:48:48.0714 3600  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\windows\system32\DRIVERS\vsmraid.sys
18:48:48.0831 3600  vsmraid - ok
18:48:49.0063 3600  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS            C:\windows\system32\vssvc.exe
18:48:49.0399 3600  VSS - ok
18:48:49.0457 3600  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
18:48:49.0627 3600  vwifibus - ok
18:48:49.0847 3600  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
18:48:49.0997 3600  vwififlt - ok
18:48:50.0222 3600  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\windows\system32\w32time.dll
18:48:50.0473 3600  W32Time - ok
18:48:50.0523 3600  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
18:48:50.0620 3600  WacomPen - ok
18:48:50.0732 3600  [ 692A712062146E96D28BA0B7D75DE31B ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
18:48:50.0951 3600  WANARP - ok
18:48:50.0979 3600  [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
18:48:51.0146 3600  Wanarpv6 - ok
18:48:51.0539 3600  [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine        C:\windows\system32\wbengine.exe
18:48:51.0862 3600  wbengine - ok
18:48:52.0064 3600  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
18:48:52.0255 3600  WbioSrvc - ok
18:48:52.0359 3600  [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc        C:\windows\System32\wcncsvc.dll
18:48:52.0577 3600  wcncsvc - ok
18:48:52.0640 3600  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
18:48:52.0911 3600  WcsPlugInService - ok
18:48:52.0985 3600  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\DRIVERS\wd.sys
18:48:53.0058 3600  Wd - ok
18:48:53.0281 3600  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
18:48:53.0407 3600  Wdf01000 - ok
18:48:53.0545 3600  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
18:48:53.0665 3600  WdiServiceHost - ok
18:48:53.0728 3600  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\windows\system32\wdi.dll
18:48:53.0818 3600  WdiSystemHost - ok
18:48:53.0914 3600  [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient      C:\windows\System32\webclnt.dll
18:48:54.0114 3600  WebClient - ok
18:48:54.0239 3600  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
18:48:54.0570 3600  Wecsvc - ok
18:48:54.0636 3600  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\windows\System32\wercplsupport.dll
18:48:54.0833 3600  wercplsupport - ok
18:48:55.0048 3600  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
18:48:55.0251 3600  WerSvc - ok
18:48:55.0329 3600  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
18:48:55.0479 3600  WfpLwf - ok
18:48:55.0526 3600  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
18:48:55.0612 3600  WIMMount - ok
18:48:55.0771 3600  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
18:48:55.0957 3600  WinDefend - ok
18:48:56.0036 3600  WinHttpAutoProxySvc - ok
18:48:56.0346 3600  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\windows\system32\wbem\WMIsvc.dll
18:48:56.0515 3600  Winmgmt - ok
18:48:56.0587 3600  [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM          C:\windows\system32\WsmSvc.dll
18:48:56.0962 3600  WinRM - ok
18:48:57.0134 3600  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
18:48:57.0274 3600  WinUsb - ok
18:48:57.0477 3600  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\windows\System32\wlansvc.dll
18:48:57.0714 3600  Wlansvc - ok
18:48:57.0739 3600  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\windows\system32\DRIVERS\wmiacpi.sys
18:48:57.0853 3600  WmiAcpi - ok
18:48:57.0941 3600  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
18:48:58.0102 3600  wmiApSrv - ok
18:48:58.0259 3600  [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
18:48:58.0548 3600  WMPNetworkSvc - ok
18:48:58.0604 3600  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
18:48:58.0881 3600  WPCSvc - ok
18:48:58.0961 3600  [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
18:48:59.0245 3600  WPDBusEnum - ok
18:48:59.0312 3600  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\windows\system32\drivers\ws2ifsl.sys
18:48:59.0484 3600  ws2ifsl - ok
18:48:59.0545 3600  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\System32\wscsvc.dll
18:48:59.0702 3600  wscsvc - ok
18:48:59.0712 3600  WSearch - ok
18:49:00.0285 3600  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
18:49:00.0474 3600  wuauserv - ok
18:49:00.0539 3600  [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
18:49:00.0761 3600  WudfPf - ok
18:49:00.0857 3600  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
18:49:01.0066 3600  WUDFRd - ok
18:49:01.0136 3600  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc        C:\windows\System32\WUDFSvc.dll
18:49:01.0382 3600  wudfsvc - ok
18:49:01.0579 3600  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\windows\System32\wwansvc.dll
18:49:01.0802 3600  WwanSvc - ok
18:49:02.0003 3600  [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7        C:\windows\system32\DRIVERS\yk62x86.sys
18:49:02.0231 3600  yukonw7 - ok
18:49:02.0385 3600  ================ Scan global ===============================
18:49:02.0648 3600  [ 9A595DF601070DA78C40481120DD2C06 ] C:\windows\system32\basesrv.dll
18:49:02.0743 3600  [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\windows\system32\winsrv.dll
18:49:02.0791 3600  [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\windows\system32\winsrv.dll
18:49:02.0862 3600  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
18:49:02.0968 3600  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
18:49:02.0998 3600  [Global] - ok
18:49:02.0999 3600  ================ Scan MBR ==================================
18:49:03.0029 3600  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
18:49:10.0698 3600  \Device\Harddisk0\DR0 - ok
18:49:10.0700 3600  ================ Scan VBR ==================================
18:49:10.0727 3600  [ E191F14C7BE1F526E4A67BA1D1E42632 ] \Device\Harddisk0\DR0\Partition1
18:49:10.0768 3600  \Device\Harddisk0\DR0\Partition1 - ok
18:49:10.0791 3600  [ 473EF0FCB68CF5570602911DA66025EF ] \Device\Harddisk0\DR0\Partition2
18:49:10.0803 3600  \Device\Harddisk0\DR0\Partition2 - ok
18:49:10.0846 3600  [ 6D21C2F50F2979CE42CFE3788FD368CB ] \Device\Harddisk0\DR0\Partition3
18:49:10.0914 3600  \Device\Harddisk0\DR0\Partition3 - ok
18:49:10.0915 3600  ============================================================
18:49:10.0916 3600  Scan finished
18:49:10.0916 3600  ============================================================
18:49:10.0925 3388  Detected object count: 1
18:49:10.0925 3388  Actual detected object count: 1
19:30:15.0184 3388  sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
19:30:15.0207 3388  sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
So und nochmals vielen Dank!

cosinus 20.02.2013 15:35
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

SuperDau 03.03.2013 22:54
Hallo,
vorab mag ich mich nochmals entschuldigen, dass ich so lange nicht zurück geschrieben habe!
Ich habe das Programm durchlaufen lassen, hatte auch vorher "gedacht" alle Vierenprogramme geschlossen zuhaben, jedoch öffnete sich eins während des Scans ( Spyware). Ich habe es dann geschlossen und wurde darauf aufgefordert den Computer neu zu starten.

Code:
ComboFix 13-03-03.01 - horst 03.03.2013  22:09:59.1.2 - x86
Microsoft Windows 7 Starter  6.1.7600.0.1252.49.1031.18.1013.348 [GMT 1:00]
ausgeführt von:: c:\users\horst\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0tbpw.pad
c:\programdata\FullRemove.exe
c:\windows\host32.exe
c:\windows\system32\ntos.exe
c:\windows\system32\sdra64.exe
c:\windows\system32\twext.exe
D:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-02-03 bis 2013-03-03  ))))))))))))))))))))))))))))))
.
.
2013-03-03 21:26 . 2013-03-03 21:30        --------        d-----w-        c:\users\horst\AppData\Local\temp
2013-02-15 14:33 . 2013-02-15 14:33        100352        ----a-w-        C:\fgloipoc.sys
2013-02-12 18:12 . 2013-02-12 18:12        --------        d-----w-        c:\users\horst\AppData\Roaming\TeamViewer
2013-02-04 20:13 . 2013-02-04 20:13        --------        d-----w-        c:\users\horst\AppData\Local\Programs
2013-02-04 17:59 . 2013-02-04 17:59        --------        d-----w-        c:\program files\Crawler
2013-02-04 17:58 . 2011-06-21 10:24        32768        ----a-w-        c:\windows\system32\drivers\sp_rsdrv2.sys
2013-02-04 17:58 . 2013-03-03 21:30        --------        d-----w-        c:\programdata\Spyware Terminator
2013-02-04 17:58 . 2013-02-04 17:58        --------        d-----w-        c:\users\horst\AppData\Roaming\Spyware Terminator
2013-02-04 17:55 . 2013-02-04 18:00        --------        d-----w-        c:\program files\Spyware Terminator
2013-02-03 08:10 . 2013-02-03 08:11        --------        d-----w-        c:\program files\Ask.com
2013-02-03 07:55 . 2013-02-03 07:55        --------        d-----w-        c:\users\horst\AppData\Roaming\Avira
2013-02-03 07:48 . 2012-11-27 09:01        83944        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-02-03 07:48 . 2012-11-22 14:51        36552        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-02-03 07:48 . 2012-11-22 14:50        134336        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-02-03 07:48 . 2013-02-03 08:11        --------        d-----w-        c:\programdata\Avira
2013-02-03 07:48 . 2013-02-03 07:48        --------        d-----w-        c:\program files\Avira
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 16:46 . 2012-06-23 20:18        71024        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-27 16:46 . 2012-06-23 20:18        691568        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-12-14 15:49 . 2012-09-27 14:06        21104        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-02-20 14:21 . 2013-02-20 14:21        263064        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-03-25 1891720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-12-20 1574176]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2013-01-14 2777736]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-01-14 3674248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launcher.lnk - c:\program files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe [2012-11-23 510920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10        35696        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APLangApp]
2009-11-20 07:35        13312        ----a-w-        c:\program files\AnyPC Client\APLangApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fsi]
2009-09-09 08:20        9728        ----a-w-        c:\program files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-05-19 20:16        222504        ------w-        c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
R2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [x]
S2 ALDITALKVerbindungsassistent_Service;ALDITALKVerbindungsassistent_Service;c:\program files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 16:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Crawler Search - tbr:iemenu
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\horst\AppData\Roaming\Mozilla\Firefox\Profiles\ik6ww1g4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://deutsche-bank.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=9bc7ef2c-6390-4566-92d5-3ab3c80b7123&apn_ptnrs=%5EAGS&apn_sauid=4A4B7705-C8AC-456E-AE9B-06825D318C74&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - ExtSQL: 2013-02-03 09:11; toolbar@ask.com; c:\users\horst\AppData\Roaming\Mozilla\Firefox\Profiles\ik6ww1g4.default\extensions\toolbar@ask.com
FF - ExtSQL: 2013-02-04 19:00; {4B3803EA-5230-4DC3-A7FC-33638F3D3542}; c:\program files\Crawler\Toolbar\firefox
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxp://deutsche-bank.de
FF - user.js: browser.startup.page - 1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-NortonOnlineBackup - c:\program files\Symantec\Norton Online Backup\NOBuClient.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1564)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files\AnyPC Client\APLanMgrC.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
c:\program files\Elantech\ETDCtrlHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-03  22:39:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-03-03 21:39
.
Vor Suchlauf: 6 Verzeichnis(se), 48.020.561.920 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 47.818.588.160 Bytes frei
.
- - End Of File - - 9945EB8A9520853F26466774D019FB75

cosinus 04.03.2013 09:10
JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

SuperDau 04.03.2013 21:04
Hallo,

hier sind die Log-Dateien. Bei dem OTL Scan bekam ich nur eine Datei :dummguck:

Hier ist die von JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.7 (03.03.2013:1)
OS: Windows 7 Starter x86
Ran by horst on 04.03.2013 at 19:33:04,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{4b3803ea-5230-4dc3-a7fc-33638f3d3542}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3657556864-2306374585-1095554477-1000\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\ctoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\ctoolbar
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\menuext\crawler search
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ctbcommon.buttons
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ctbr.r404pro
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ctoolbar.tb4client
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ctoolbar.tb4script
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ctoolbar.tb4server
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\tbr
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\crawler
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{4b3803ea-5230-4dc3-a7fc-33638f3d3542}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Program Files\crawler"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml"
Successfully deleted: [File] C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\ik6ww1g4.default\user.js
Successfully deleted: [File] C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\ik6ww1g4.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\ik6ww1g4.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\ik6ww1g4.default\prefs.js

user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.asktb.ff-original-keyword-url", "");
user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=9bc7ef2c-6390-4566-92d5-3ab3c80b7123&apn_ptnrs=%5EAGS&apn
Emptied folder: C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\ik6ww1g4.default\minidumps [123 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.03.2013 at 20:05:52,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Und hier die von Adw Cleaner

Code:
# AdwCleaner v2.113 - Datei am 04/03/2013 um 20:12:22 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Starter  (32 bits)
# Benutzer : horst - HORST-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\horst\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
Ordner Gelöscht : C:\Users\horst\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1DDA201E-5B42-4352-933E-21A92B297E3B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DBDB6FAA-1F5F-4A18-B60B-7A905C7FF83F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7459F1D0-9FB6-4D71-AA7B-9DECB34EB704}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CToolbar_UNINSTALL
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16450

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\horst\AppData\Roaming\Mozilla\Firefox\Profiles\ik6ww1g4.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [8481 octets] - [04/03/2013 20:12:22]

########## EOF - C:\AdwCleaner[S1].txt - [8541 octets] ##########

Zuletzt die von OTL

Code:
OTL logfile created on: 3/4/2013 8:44:19 PM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\horst\Desktop
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013.30 Mb Total Physical Memory | 232.68 Mb Available Physical Memory | 22.96% Memory free
1.99 Gb Paging File | 0.81 Gb Available in Paging File | 40.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 85.00 Gb Total Space | 44.63 Gb Free Space | 52.51% Space Free | Partition Type: NTFS
Drive D: | 127.79 Gb Total Space | 5.82 Gb Free Space | 4.55% Space Free | Partition Type: NTFS
 
Computer Name: HORST-PC | User Name: horst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\horst\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spyware Terminator\st_rsser.exe (Crawler.com)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
PRC - C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\SFB\SmartRestarter.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\AnyPC Client\APLanMgrC.exe (DoctorSoft)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (NOBU) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe service File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ST2012_Svc) -- C:\Program Files\Spyware Terminator\st_rsser.exe (Crawler.com)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\horst\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\SearchScopes\{F29DC7DC-0E2F-4851-A203-951AB9017CB0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=9bc7ef2c-6390-4566-92d5-3ab3c80b7123&apn_sauid=4A4B7705-C8AC-456E-AE9B-06825D318C74
IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://deutsche-bank.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/20 15:21:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/20 15:21:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/06/21 20:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\Extensions
[2013/03/04 20:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\Firefox\Profiles\ik6ww1g4.default\extensions
[2013/02/14 15:01:16 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\ik6ww1g4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/20 15:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013/02/20 15:21:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/24 21:46:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8887E514-3C3B-4C11-A12C-0AF78DF05D82}: DhcpNameServer = 80.69.103.78 80.69.100.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1C56BD0-7CFA-4BA8-8183-FA4269AF4094}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/04 19:32:56 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/03/04 19:28:30 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/04 19:27:06 | 000,547,601 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\horst\Desktop\JRT.exe
[2013/03/03 22:29:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/03/03 22:26:02 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Local\temp
[2013/03/03 22:26:01 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/03/03 21:55:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/03/03 21:55:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/03/03 21:55:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/03/03 21:55:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/03 21:54:23 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/03/03 21:52:03 | 005,036,260 | R--- | C] (Swearware) -- C:\Users\horst\Desktop\ComboFix.exe
[2013/02/20 15:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/19 18:37:16 | 000,000,000 | ---D | C] -- C:\Users\horst\Documents\xenia
[2013/02/15 20:08:31 | 000,000,000 | ---D | C] -- C:\Users\horst\Desktop\mbar-1.01.0.1020
[2013/02/15 15:33:46 | 000,100,352 | ---- | C] (GMER) -- C:\fgloipoc.sys
[2013/02/12 19:12:47 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\TeamViewer
[2013/02/12 19:10:32 | 003,878,360 | ---- | C] (TeamViewer) -- C:\Users\horst\Desktop\TeamViewerQS_de.exe
[2013/02/12 18:59:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\horst\Desktop\OTL.exe
[2013/02/10 22:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox.bak
[2013/02/09 23:27:49 | 000,000,000 | ---D | C] -- C:\Users\horst\Desktop\Justified.Season 3.HDTV.XviD-ASAP
[2013/02/09 23:27:34 | 000,000,000 | ---D | C] -- C:\Users\horst\Desktop\Season 2
[2013/02/04 21:13:48 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Local\Programs
[2013/02/04 21:12:26 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\horst\Desktop\mbam-setup-1.70.0.1100.exe
[2013/02/04 18:58:51 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Spyware Terminator
[2013/02/04 18:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2013/02/04 18:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2013/02/04 18:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2013/02/03 09:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/02/03 08:55:39 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Avira
[2013/02/03 08:49:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2013/02/03 08:48:59 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2013/02/03 08:48:59 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2013/02/03 08:48:59 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2013/02/03 08:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/02/03 08:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/04 20:46:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/04 20:23:57 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/04 20:23:57 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/04 20:14:31 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/03/04 20:14:21 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/04 20:10:36 | 000,594,019 | ---- | M] () -- C:\Users\horst\Desktop\adwcleaner.exe
[2013/03/04 19:27:56 | 000,547,601 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\horst\Desktop\JRT.exe
[2013/03/03 21:53:13 | 005,036,260 | R--- | M] (Swearware) -- C:\Users\horst\Desktop\ComboFix.exe
[2013/02/19 19:30:33 | 000,000,512 | ---- | M] () -- C:\Users\horst\Desktop\MBR.dat
[2013/02/15 15:33:46 | 000,100,352 | ---- | M] (GMER) -- C:\fgloipoc.sys
[2013/02/15 15:31:24 | 013,711,621 | ---- | M] () -- C:\Users\horst\Desktop\mbar-1.01.0.1020.zip
[2013/02/15 15:26:27 | 000,365,568 | ---- | M] () -- C:\Users\horst\Desktop\gmer_2.0.18454.exe
[2013/02/12 19:11:21 | 003,878,360 | ---- | M] (TeamViewer) -- C:\Users\horst\Desktop\TeamViewerQS_de.exe
[2013/02/12 19:00:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\horst\Desktop\OTL.exe
[2013/02/04 21:13:31 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\horst\Desktop\mbam-setup-1.70.0.1100.exe
[2013/02/03 09:11:32 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/02/03 08:36:50 | 105,661,272 | ---- | M] () -- C:\Users\horst\Desktop\avira_free_antivirus_2890de.exe
 
========== Files Created - No Company Name ==========
 
[2013/03/04 20:10:11 | 000,594,019 | ---- | C] () -- C:\Users\horst\Desktop\adwcleaner.exe
[2013/03/03 21:55:56 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/03/03 21:55:56 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/03/03 21:55:56 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/03/03 21:55:56 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/03/03 21:55:56 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/02/19 19:30:33 | 000,000,512 | ---- | C] () -- C:\Users\horst\Desktop\MBR.dat
[2013/02/15 15:29:30 | 013,711,621 | ---- | C] () -- C:\Users\horst\Desktop\mbar-1.01.0.1020.zip
[2013/02/15 15:26:02 | 000,365,568 | ---- | C] () -- C:\Users\horst\Desktop\gmer_2.0.18454.exe
[2013/02/04 18:58:54 | 000,032,768 | ---- | C] () -- C:\windows\System32\drivers\sp_rsdrv2.sys
[2013/02/03 08:49:43 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/02/03 08:35:47 | 105,661,272 | ---- | C] () -- C:\Users\horst\Desktop\avira_free_antivirus_2890de.exe
[2012/07/17 01:01:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/06/27 06:20:41 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Advanced Chemistry Development
[2012/12/17 20:59:32 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\ALDITALKVerbindungsassistent
[2012/11/07 19:21:19 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Kifi
[2013/02/03 08:48:21 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Lore
[2012/06/25 16:31:26 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\OpenOffice.org
[2013/02/04 18:58:51 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Spyware Terminator
[2013/02/12 19:12:47 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\TeamViewer
[2013/02/03 08:57:25 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Vycugu
 
========== Purity Check ==========
 
 

< End of report >
:dankeschoen:

cosinus 04.03.2013 21:17

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
IE - HKU\S-1-5-21-3657556864-2306374585-1095554477-1000\..\SearchScopes\{F29DC7DC-0E2F-4851-A203-951AB9017CB0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=9bc7ef2c-6390-4566-92d5-3ab3c80b7123&apn_sauid=4A4B7705-C8AC-456E-AE9B-06825D318C74
[2013/02/03 08:48:21 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Lore
[2013/02/03 08:57:25 | 000,000,000 | ---D | M] -- C:\Users\horst\AppData\Roaming\Vycugu
[2013/02/19 19:30:33 | 000,000,512 | ---- | C] () -- C:\Users\horst\Desktop\MBR.dat
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

SuperDau 04.03.2013 21:37
So hier ist das Textdokument :)

Code:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3657556864-2306374585-1095554477-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F29DC7DC-0E2F-4851-A203-951AB9017CB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F29DC7DC-0E2F-4851-A203-951AB9017CB0}\ not found.
C:\Users\horst\AppData\Roaming\Lore folder moved successfully.
C:\Users\horst\AppData\Roaming\Vycugu folder moved successfully.
C:\Users\horst\Desktop\MBR.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\horst\Desktop\cmd.bat deleted successfully.
C:\Users\horst\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: horst
->Temp folder emptied: 37624 bytes
->Temporary Internet Files folder emptied: 20417363 bytes
->FireFox cache emptied: 75484621 bytes
->Flash cache emptied: 711 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5284 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 92.00 mb
 
File move failed. C:\windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 03042013_212712

Files\Folders moved on Reboot...
File move failed. C:\windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:11 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19