| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: InCrediBar - wie werd ich das Ding wieder los?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.08.2012, 14:49
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  InCrediBar - wie werd ich das Ding wieder los? Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.08.2012, 16:09
| #17 |
 | InCrediBar - wie werd ich das Ding wieder los? OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 14.08.2012 18:22:21 - Run 3
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,42 Mb Total Physical Memory | 664,74 Mb Available Physical Memory | 65,02% Memory free
2,40 Gb Paging File | 2,07 Gb Available in Paging File | 86,09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 50,78 Gb Total Space | 41,61 Gb Free Space | 81,94% Space Free | Partition Type: NTFS
Drive D: | 42,37 Gb Total Space | 20,88 Gb Free Space | 49,29% Space Free | Partition Type: NTFS
Drive G: | 971,70 Mb Total Space | 892,36 Mb Free Space | 91,83% Space Free | Partition Type: FAT
Computer Name: ****-**** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.08.14 14:35:48 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL(1).exe
PRC - [2012.05.13 14:03:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.13 14:03:32 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.13 14:03:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.13 14:03:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012.05.13 14:03:33 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.06.17 21:56:52 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.17 19:24:48 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.13 14:03:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.13 14:03:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.05.13 14:03:33 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.13 14:03:33 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005.09.06 15:30:22 | 000,056,648 | R--- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.08.30 22:42:36 | 001,333,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.08.18 15:35:04 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005.05.19 16:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2005.05.13 18:39:24 | 001,094,881 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.03.04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005.01.07 19:22:56 | 000,107,890 | R--- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV)
DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.10.29 18:48:10 | 003,222,784 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2004.07.13 13:00:26 | 000,067,968 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-854245398-790525478-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-854245398-790525478-725345543-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-854245398-790525478-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-854245398-790525478-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb167/?loc=IB_DS&a=6OyHqTFP4R&&i=26&search="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.10 13:35:42 | 000,000,000 | ---D | M]
[2011.10.04 22:48:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions
[2012.07.17 19:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\z8zgz8s6.default\extensions
[2012.07.09 18:41:03 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\z8zgz8s6.default\extensions\ffxtlbr@incredibar.com
[2012.07.09 18:40:50 | 000,002,203 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\z8zgz8s6.default\searchplugins\MyStart Search.xml
[2012.07.10 13:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.17 19:04:24 | 000,743,290 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\****\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Z8ZGZ8S6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.google.de/
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [TomTomHOME.exe] C:\Programme\TomTom HOME\TomTomHOME.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-790525478-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Seifenblase.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Seifenblase.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.29 18:08:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.08.14 14:35:47 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL(1).exe
[2012.07.17 19:17:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Desktop\Viruskram Incredibar
[2012.07.17 18:09:45 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.14 18:15:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.14 14:35:48 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL(1).exe
[2012.08.13 21:14:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.08.13 17:00:30 | 000,614,903 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\adwcleaner(1).exe
[2012.08.02 20:45:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.17 19:22:14 | 000,189,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.17 19:20:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.08.13 17:00:19 | 000,614,903 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\adwcleaner(1).exe
[2012.07.10 13:58:09 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2012.03.01 18:08:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.10.04 21:16:32 | 000,000,594 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Verknüpfung mit Desktop.lnk
[2011.10.04 20:10:21 | 000,020,480 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.04 19:47:36 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011.09.30 00:32:14 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.09.30 00:23:30 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.09.29 23:56:44 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011.09.29 23:56:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2011.09.29 20:32:30 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.09.29 19:31:43 | 000,104,373 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.09.29 19:31:30 | 000,001,298 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2011.09.29 18:55:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.09.29 18:54:18 | 000,189,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.09.29 18:34:21 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011.09.29 18:10:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.09.29 18:05:00 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== LOP Check ==========
[2011.09.30 00:23:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2012.06.05 13:00:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011.12.01 13:44:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2012.06.21 18:41:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2011.10.07 22:44:02 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.10.18 21:20:02 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011.09.30 00:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Canneverbe Limited
[2011.11.17 22:47:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\FreePDF
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.09.30 01:07:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Adobe
[2011.12.06 18:54:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Avira
[2011.09.30 00:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Canneverbe Limited
[2011.11.17 22:47:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\FreePDF
[2011.10.07 22:29:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Google
[2011.09.29 18:18:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Identities
[2012.06.21 18:38:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\InstallShield
[2011.09.30 00:41:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Macromedia
[2011.10.07 22:43:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes
[2012.06.05 13:27:30 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Microsoft
[2011.10.04 22:48:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla
[2011.09.30 00:26:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\vlc
[2011.10.18 20:34:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\WinRAR
< %APPDATA%\*.exe /s >
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.09.29 22:37:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011.09.29 22:37:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.09.29 22:37:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.09.29 22:37:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: USER32.DLL >
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2011.09.29 19:53:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.09.29 19:53:25 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.09.29 19:53:25 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
|
|
15.08.2012, 17:40
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | InCrediBar - wie werd ich das Ding wieder los? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb167/?loc=IB_DS&a=6OyHqTFP4R&&i=26&search="
[2012.07.09 18:41:03 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\z8zgz8s6.default\extensions\ffxtlbr@incredibar.com
[2012.07.09 18:40:50 | 000,002,203 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\z8zgz8s6.default\searchplugins\MyStart Search.xml
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-790525478-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.29 18:08:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
23.08.2012, 19:29
| #19 |
| | InCrediBar - wie werd ich das Ding wieder los?Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://mystart.incredibar.com/mb167/?loc=IB_DS&a=6OyHqTFP4R&&i=26&search=" removed from keyword.URL
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\z8zgz8s6.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\z8zgz8s6.default\extensions\ffxtlbr@incredibar.com\content\imgs folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\z8zgz8s6.default\extensions\ffxtlbr@incredibar.com\content folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\z8zgz8s6.default\extensions\ffxtlbr@incredibar.com folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\z8zgz8s6.default\searchplugins\MyStart Search.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-854245398-790525478-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\AUTOEXEC.BAT not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: *****
->Temp folder emptied: 17389 bytes
->Temporary Internet Files folder emptied: 33300 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 0,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: *****
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.57.0 log created on 08232012_202240
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
30.08.2012, 14:23
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | InCrediBar - wie werd ich das Ding wieder los? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.09.2012, 18:42
| #21 |
| | InCrediBar - wie werd ich das Ding wieder los?Code:
ATTFilter 19:27:41.0046 3916 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:27:41.0093 3916 ============================================================
19:27:41.0093 3916 Current date / time: 2012/09/05 19:27:41.0093
19:27:41.0093 3916 SystemInfo:
19:27:41.0093 3916
19:27:41.0093 3916 OS Version: 5.1.2600 ServicePack: 3.0
19:27:41.0093 3916 Product type: Workstation
19:27:41.0093 3916 ComputerName: ****-****
19:27:41.0093 3916 UserName: ****
19:27:41.0093 3916 Windows directory: C:\WINDOWS
19:27:41.0093 3916 System windows directory: C:\WINDOWS
19:27:41.0093 3916 Processor architecture: Intel x86
19:27:41.0093 3916 Number of processors: 1
19:27:41.0093 3916 Page size: 0x1000
19:27:41.0093 3916 Boot type: Normal boot
19:27:41.0093 3916 ============================================================
19:27:42.0656 3916 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:27:42.0656 3916 Drive \Device\Harddisk1\DR3 - Size: 0x3CBFFE00 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:27:42.0656 3916 ============================================================
19:27:42.0656 3916 \Device\Harddisk0\DR0:
19:27:42.0656 3916 MBR partitions:
19:27:42.0656 3916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x658FB66
19:27:42.0687 3916 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x658FBE4, BlocksNum 0x54BD39C
19:27:42.0687 3916 \Device\Harddisk1\DR3:
19:27:42.0687 3916 MBR partitions:
19:27:42.0687 3916 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1E5FC0
19:27:42.0687 3916 ============================================================
19:27:42.0734 3916 C: <-> \Device\Harddisk0\DR0\Partition1
19:27:42.0796 3916 D: <-> \Device\Harddisk0\DR0\Partition2
19:27:42.0796 3916 ============================================================
19:27:42.0796 3916 Initialize success
19:27:42.0796 3916 ============================================================
19:29:19.0296 3340 ============================================================
19:29:19.0296 3340 Scan started
19:29:19.0296 3340 Mode: Manual; SigCheck; TDLFS;
19:29:19.0296 3340 ============================================================
19:29:20.0109 3340 ================ Scan services =============================
19:29:20.0234 3340 Abiosdsk - ok
19:29:20.0250 3340 abp480n5 - ok
19:29:20.0312 3340 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:29:22.0046 3340 ACPI - ok
19:29:22.0093 3340 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:29:22.0296 3340 ACPIEC - ok
19:29:22.0390 3340 [ 5E1A953C6472E7BB644892A4D0DF5E72 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:29:22.0406 3340 AdobeFlashPlayerUpdateSvc - ok
19:29:22.0421 3340 adpu160m - ok
19:29:22.0437 3340 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:29:22.0578 3340 aec - ok
19:29:22.0625 3340 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:29:22.0687 3340 AFD - ok
19:29:22.0781 3340 [ BA1EF9282AB269A984A150D6EBCE2E4D ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
19:29:22.0921 3340 AgereSoftModem - ok
19:29:22.0921 3340 Aha154x - ok
19:29:22.0921 3340 aic78u2 - ok
19:29:22.0937 3340 aic78xx - ok
19:29:22.0968 3340 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:29:23.0171 3340 Alerter - ok
19:29:23.0203 3340 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
19:29:23.0390 3340 ALG - ok
19:29:23.0406 3340 AliIde - ok
19:29:23.0406 3340 amsint - ok
19:29:23.0546 3340 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
19:29:23.0562 3340 AntiVirSchedulerService - ok
19:29:23.0593 3340 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
19:29:23.0609 3340 AntiVirService - ok
19:29:23.0609 3340 AppMgmt - ok
19:29:23.0671 3340 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:29:23.0781 3340 Arp1394 - ok
19:29:23.0796 3340 asc - ok
19:29:23.0796 3340 asc3350p - ok
19:29:23.0812 3340 asc3550 - ok
19:29:23.0921 3340 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:29:23.0937 3340 aspnet_state - ok
19:29:23.0953 3340 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:29:24.0109 3340 AsyncMac - ok
19:29:24.0125 3340 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:29:24.0250 3340 atapi - ok
19:29:24.0265 3340 Atdisk - ok
19:29:24.0312 3340 [ 60D2D92BD2390C50BCE4106113F8B83B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:29:24.0359 3340 Ati HotKey Poller - ok
19:29:24.0453 3340 [ 1BC00580219007683339B3A78B8F2232 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:29:24.0531 3340 ati2mtag - ok
19:29:24.0546 3340 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:29:24.0671 3340 Atmarpc - ok
19:29:24.0718 3340 [ 5C0656A478A7C41545A52B4724DBE67F ] ATSWPDRV C:\WINDOWS\system32\Drivers\ATSwpDrv.sys
19:29:24.0765 3340 ATSWPDRV - ok
19:29:24.0796 3340 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:29:24.0984 3340 AudioSrv - ok
19:29:25.0031 3340 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:29:25.0203 3340 audstub - ok
19:29:25.0218 3340 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:29:25.0265 3340 avgntflt - ok
19:29:25.0312 3340 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:29:25.0328 3340 avipbb - ok
19:29:25.0359 3340 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
19:29:25.0375 3340 avkmgr - ok
19:29:25.0437 3340 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:29:25.0625 3340 Beep - ok
19:29:25.0687 3340 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
19:29:25.0968 3340 BITS - ok
19:29:26.0015 3340 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll
19:29:26.0140 3340 Browser - ok
19:29:26.0171 3340 [ 2241C5BF7BFDB8A501274F6837C6B10A ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
19:29:26.0203 3340 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
19:29:26.0203 3340 BTWUSB - detected UnsignedFile.Multi.Generic (1)
19:29:26.0234 3340 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:29:26.0375 3340 cbidf2k - ok
19:29:26.0375 3340 cd20xrnt - ok
19:29:26.0375 3340 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:29:26.0500 3340 Cdaudio - ok
19:29:26.0531 3340 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:29:26.0640 3340 Cdfs - ok
19:29:26.0671 3340 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:29:26.0796 3340 Cdrom - ok
19:29:26.0796 3340 Changer - ok
19:29:26.0828 3340 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:29:26.0953 3340 CiSvc - ok
19:29:26.0984 3340 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:29:27.0093 3340 ClipSrv - ok
19:29:27.0125 3340 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:29:27.0140 3340 clr_optimization_v4.0.30319_32 - ok
19:29:27.0156 3340 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:29:27.0265 3340 CmBatt - ok
19:29:27.0281 3340 CmdIde - ok
19:29:27.0281 3340 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:29:27.0390 3340 Compbatt - ok
19:29:27.0406 3340 COMSysApp - ok
19:29:27.0421 3340 Cpqarray - ok
19:29:27.0437 3340 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:29:27.0562 3340 CryptSvc - ok
19:29:27.0562 3340 dac2w2k - ok
19:29:27.0578 3340 dac960nt - ok
19:29:27.0640 3340 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:29:27.0750 3340 DcomLaunch - ok
19:29:27.0765 3340 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:29:27.0890 3340 Dhcp - ok
19:29:27.0890 3340 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:29:28.0000 3340 Disk - ok
19:29:28.0015 3340 dmadmin - ok
19:29:28.0062 3340 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:29:28.0250 3340 dmboot - ok
19:29:28.0250 3340 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:29:28.0390 3340 dmio - ok
19:29:28.0406 3340 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:29:28.0531 3340 dmload - ok
19:29:28.0562 3340 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:29:28.0687 3340 dmserver - ok
19:29:28.0703 3340 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:29:28.0828 3340 DMusic - ok
19:29:28.0875 3340 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:29:28.0921 3340 Dnscache - ok
19:29:28.0953 3340 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:29:29.0062 3340 Dot3svc - ok
19:29:29.0062 3340 dpti2o - ok
19:29:29.0093 3340 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:29:29.0203 3340 drmkaud - ok
19:29:29.0234 3340 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:29:29.0375 3340 EapHost - ok
19:29:29.0390 3340 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:29:29.0500 3340 ERSvc - ok
19:29:29.0531 3340 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
19:29:29.0578 3340 Eventlog - ok
19:29:29.0609 3340 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
19:29:29.0656 3340 EventSystem - ok
19:29:29.0703 3340 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:29:29.0843 3340 Fastfat - ok
19:29:29.0875 3340 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:29:29.0953 3340 FastUserSwitchingCompatibility - ok
19:29:29.0984 3340 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:29:30.0125 3340 Fdc - ok
19:29:30.0156 3340 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:29:30.0328 3340 Fips - ok
19:29:30.0343 3340 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:29:30.0515 3340 Flpydisk - ok
19:29:30.0578 3340 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:29:30.0687 3340 FltMgr - ok
19:29:30.0687 3340 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:29:30.0828 3340 Fs_Rec - ok
19:29:30.0828 3340 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:29:30.0953 3340 Ftdisk - ok
19:29:30.0984 3340 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:29:31.0093 3340 Gpc - ok
19:29:31.0140 3340 [ 2A013E7530BEAB6E569FAA83F517E836 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
19:29:31.0187 3340 HdAudAddService - ok
19:29:31.0203 3340 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:29:31.0312 3340 HDAudBus - ok
19:29:31.0406 3340 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:29:31.0515 3340 helpsvc - ok
19:29:31.0515 3340 HidServ - ok
19:29:31.0562 3340 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:29:31.0671 3340 HidUsb - ok
19:29:31.0718 3340 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:29:31.0859 3340 hkmsvc - ok
19:29:31.0859 3340 hpn - ok
19:29:31.0906 3340 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:29:31.0953 3340 HTTP - ok
19:29:31.0968 3340 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:29:32.0125 3340 HTTPFilter - ok
19:29:32.0140 3340 i2omgmt - ok
19:29:32.0156 3340 i2omp - ok
19:29:32.0171 3340 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:29:32.0312 3340 i8042prt - ok
19:29:32.0375 3340 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:29:32.0515 3340 Imapi - ok
19:29:32.0578 3340 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
19:29:32.0718 3340 ImapiService - ok
19:29:32.0734 3340 ini910u - ok
19:29:32.0953 3340 [ 98B7FAB86755A42FE8EB04538A4CD6C8 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:29:33.0187 3340 IntcAzAudAddService - ok
19:29:33.0203 3340 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:29:33.0375 3340 IntelIde - ok
19:29:33.0406 3340 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:29:33.0656 3340 intelppm - ok
19:29:33.0671 3340 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:29:33.0796 3340 Ip6Fw - ok
19:29:33.0828 3340 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:29:33.0953 3340 IpFilterDriver - ok
19:29:33.0968 3340 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:29:34.0078 3340 IpInIp - ok
19:29:34.0093 3340 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:29:34.0203 3340 IpNat - ok
19:29:34.0250 3340 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:29:34.0359 3340 IPSec - ok
19:29:34.0390 3340 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
19:29:34.0500 3340 irda - ok
19:29:34.0515 3340 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:29:34.0640 3340 IRENUM - ok
19:29:34.0687 3340 [ 2EFE1DB1EC58A26B0C14BFDA122E246F ] Irmon C:\WINDOWS\System32\irmon.dll
19:29:34.0812 3340 Irmon - ok
19:29:34.0828 3340 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:29:34.0937 3340 isapnp - ok
19:29:34.0937 3340 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:29:35.0078 3340 Kbdclass - ok
19:29:35.0109 3340 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:29:35.0218 3340 kmixer - ok
19:29:35.0265 3340 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:29:35.0359 3340 KSecDD - ok
19:29:35.0390 3340 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:29:35.0484 3340 lanmanserver - ok
19:29:35.0531 3340 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:29:35.0562 3340 lanmanworkstation - ok
19:29:35.0562 3340 lbrtfdc - ok
19:29:35.0609 3340 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:29:35.0718 3340 LmHosts - ok
19:29:35.0781 3340 [ 7A1A532F14FDE28489DC349C6E404A67 ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
19:29:35.0984 3340 LPDSVC - ok
19:29:36.0015 3340 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:29:36.0140 3340 Messenger - ok
19:29:36.0171 3340 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:29:36.0312 3340 mnmdd - ok
19:29:36.0359 3340 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:29:36.0468 3340 mnmsrvc - ok
19:29:36.0500 3340 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:29:36.0625 3340 Modem - ok
19:29:36.0656 3340 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:29:36.0765 3340 Mouclass - ok
19:29:36.0812 3340 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:29:36.0921 3340 mouhid - ok
19:29:36.0953 3340 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:29:37.0078 3340 MountMgr - ok
19:29:37.0140 3340 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
19:29:37.0156 3340 MozillaMaintenance - ok
19:29:37.0171 3340 mraid35x - ok
19:29:37.0203 3340 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:29:37.0328 3340 MRxDAV - ok
19:29:37.0390 3340 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:29:37.0437 3340 MRxSmb - ok
19:29:37.0453 3340 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:29:37.0578 3340 MSDTC - ok
19:29:37.0578 3340 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:29:37.0765 3340 Msfs - ok
19:29:37.0781 3340 MSIServer - ok
19:29:37.0796 3340 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:29:37.0937 3340 MSKSSRV - ok
19:29:37.0953 3340 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:29:38.0093 3340 MSPCLOCK - ok
19:29:38.0109 3340 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:29:38.0218 3340 MSPQM - ok
19:29:38.0265 3340 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:29:38.0359 3340 mssmbios - ok
19:29:38.0390 3340 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:29:38.0406 3340 Mup - ok
19:29:38.0468 3340 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
19:29:38.0593 3340 napagent - ok
19:29:38.0609 3340 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:29:38.0734 3340 NDIS - ok
19:29:38.0750 3340 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:29:38.0796 3340 NdisTapi - ok
19:29:38.0812 3340 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:29:38.0937 3340 Ndisuio - ok
19:29:38.0968 3340 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:29:39.0093 3340 NdisWan - ok
19:29:39.0125 3340 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:29:39.0156 3340 NDProxy - ok
19:29:39.0171 3340 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:29:39.0296 3340 NetBIOS - ok
19:29:39.0312 3340 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:29:39.0437 3340 NetBT - ok
19:29:39.0484 3340 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
19:29:39.0625 3340 NetDDE - ok
19:29:39.0640 3340 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:29:39.0750 3340 NetDDEdsdm - ok
19:29:39.0781 3340 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:29:39.0890 3340 Netlogon - ok
19:29:39.0953 3340 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
19:29:40.0078 3340 Netman - ok
19:29:40.0125 3340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:29:40.0140 3340 NetTcpPortSharing - ok
19:29:40.0156 3340 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:29:40.0281 3340 NIC1394 - ok
19:29:40.0296 3340 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
19:29:40.0312 3340 Nla - ok
19:29:40.0390 3340 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
19:29:40.0406 3340 NMSAccess - ok
19:29:40.0421 3340 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:29:40.0562 3340 Npfs - ok
19:29:40.0593 3340 [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
19:29:40.0703 3340 NSCIRDA - ok
19:29:40.0750 3340 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:29:40.0890 3340 Ntfs - ok
19:29:40.0890 3340 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:29:41.0015 3340 NtLmSsp - ok
19:29:41.0062 3340 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:29:41.0203 3340 NtmsSvc - ok
19:29:41.0234 3340 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:29:41.0359 3340 Null - ok
19:29:41.0406 3340 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:29:41.0546 3340 NwlnkFlt - ok
19:29:41.0546 3340 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:29:41.0671 3340 NwlnkFwd - ok
19:29:41.0687 3340 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:29:41.0812 3340 ohci1394 - ok
19:29:41.0859 3340 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
19:29:41.0875 3340 ose - ok
19:29:41.0890 3340 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:29:42.0015 3340 Parport - ok
19:29:42.0015 3340 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:29:42.0156 3340 PartMgr - ok
19:29:42.0203 3340 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:29:42.0328 3340 ParVdm - ok
19:29:42.0328 3340 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:29:42.0468 3340 PCI - ok
19:29:42.0484 3340 PCIDump - ok
19:29:42.0500 3340 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:29:42.0656 3340 PCIIde - ok
19:29:42.0656 3340 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:29:42.0765 3340 Pcmcia - ok
19:29:42.0781 3340 PDCOMP - ok
19:29:42.0781 3340 PDFRAME - ok
19:29:42.0796 3340 PDRELI - ok
19:29:42.0796 3340 PDRFRAME - ok
19:29:42.0812 3340 perc2 - ok
19:29:42.0812 3340 perc2hib - ok
19:29:42.0843 3340 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
19:29:42.0890 3340 PlugPlay - ok
19:29:42.0890 3340 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:29:43.0000 3340 PolicyAgent - ok
19:29:43.0015 3340 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:29:43.0125 3340 PptpMiniport - ok
19:29:43.0140 3340 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:29:43.0250 3340 ProtectedStorage - ok
19:29:43.0250 3340 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:29:43.0375 3340 PSched - ok
19:29:43.0390 3340 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:29:43.0515 3340 Ptilink - ok
19:29:43.0515 3340 ql1080 - ok
19:29:43.0531 3340 Ql10wnt - ok
19:29:43.0531 3340 ql12160 - ok
19:29:43.0546 3340 ql1240 - ok
19:29:43.0546 3340 ql1280 - ok
19:29:43.0562 3340 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:29:43.0671 3340 RasAcd - ok
19:29:43.0703 3340 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:29:43.0812 3340 RasAuto - ok
19:29:43.0859 3340 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
19:29:43.0937 3340 Rasirda - ok
19:29:43.0937 3340 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:29:44.0046 3340 Rasl2tp - ok
19:29:44.0109 3340 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:29:44.0218 3340 RasMan - ok
19:29:44.0250 3340 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:29:44.0375 3340 RasPppoe - ok
19:29:44.0375 3340 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:29:44.0500 3340 Raspti - ok
19:29:44.0515 3340 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:29:44.0625 3340 Rdbss - ok
19:29:44.0640 3340 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:29:44.0765 3340 RDPCDD - ok
19:29:44.0812 3340 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:29:44.0859 3340 RDPWD - ok
19:29:44.0890 3340 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:29:45.0015 3340 RDSessMgr - ok
19:29:45.0046 3340 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:29:45.0171 3340 redbook - ok
19:29:45.0234 3340 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:29:45.0328 3340 RemoteAccess - ok
19:29:45.0359 3340 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
19:29:45.0484 3340 RpcLocator - ok
19:29:45.0515 3340 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:29:45.0562 3340 RpcSs - ok
19:29:45.0625 3340 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:29:45.0734 3340 RSVP - ok
19:29:45.0781 3340 [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
19:29:45.0843 3340 RTL8023xp - ok
19:29:45.0859 3340 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
19:29:45.0968 3340 SamSs - ok
19:29:46.0000 3340 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:29:46.0125 3340 SCardSvr - ok
19:29:46.0187 3340 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:29:46.0312 3340 Schedule - ok
19:29:46.0328 3340 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:29:46.0437 3340 sdbus - ok
19:29:46.0484 3340 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:29:46.0593 3340 Secdrv - ok
19:29:46.0609 3340 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
19:29:46.0734 3340 seclogon - ok
19:29:46.0750 3340 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
19:29:46.0859 3340 SENS - ok
19:29:46.0906 3340 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
19:29:47.0031 3340 Serial - ok
19:29:47.0062 3340 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:29:47.0171 3340 Sfloppy - ok
19:29:47.0234 3340 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:29:47.0375 3340 SharedAccess - ok
19:29:47.0437 3340 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:29:47.0468 3340 ShellHWDetection - ok
19:29:47.0468 3340 Simbad - ok
19:29:47.0484 3340 [ 7A1A532F14FDE28489DC349C6E404A67 ] SimpTcp C:\WINDOWS\system32\tcpsvcs.exe
19:29:47.0593 3340 SimpTcp - ok
19:29:47.0625 3340 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
19:29:47.0750 3340 SONYPVU1 - ok
19:29:47.0765 3340 Sparrow - ok
19:29:47.0781 3340 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:29:47.0906 3340 splitter - ok
19:29:47.0937 3340 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:29:47.0984 3340 Spooler - ok
19:29:48.0000 3340 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:29:48.0109 3340 sr - ok
19:29:48.0156 3340 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
19:29:48.0281 3340 srservice - ok
19:29:48.0328 3340 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:29:48.0359 3340 Srv - ok
19:29:48.0375 3340 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:29:48.0484 3340 SSDPSRV - ok
19:29:48.0531 3340 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:29:48.0546 3340 ssmdrv - ok
19:29:48.0578 3340 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
19:29:48.0593 3340 StarOpen ( UnsignedFile.Multi.Generic ) - warning
19:29:48.0593 3340 StarOpen - detected UnsignedFile.Multi.Generic (1)
19:29:48.0640 3340 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:29:48.0796 3340 stisvc - ok
19:29:48.0859 3340 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:29:49.0000 3340 swenum - ok
19:29:49.0031 3340 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:29:49.0187 3340 swmidi - ok
19:29:49.0203 3340 SwPrv - ok
19:29:49.0203 3340 symc810 - ok
19:29:49.0218 3340 symc8xx - ok
19:29:49.0234 3340 sym_hi - ok
19:29:49.0234 3340 sym_u3 - ok
19:29:49.0281 3340 [ 9D7385AD343EEED23A61D4AC5AE44601 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:29:49.0343 3340 SynTP - ok
19:29:49.0375 3340 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:29:49.0546 3340 sysaudio - ok
19:29:49.0578 3340 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:29:49.0765 3340 SysmonLog - ok
19:29:49.0796 3340 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:29:50.0015 3340 TapiSrv - ok
19:29:50.0078 3340 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:29:50.0109 3340 Tcpip - ok
19:29:50.0156 3340 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:29:50.0343 3340 TDPIPE - ok
19:29:50.0375 3340 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:29:50.0562 3340 TDTCP - ok
19:29:50.0593 3340 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:29:50.0765 3340 TermDD - ok
19:29:50.0812 3340 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
19:29:51.0000 3340 TermService - ok
19:29:51.0031 3340 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:29:51.0062 3340 Themes - ok
19:29:51.0109 3340 [ 1154850749ECD019972D901EA6C6950C ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
19:29:51.0156 3340 tifm21 - ok
19:29:51.0171 3340 TosIde - ok
19:29:51.0203 3340 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:29:51.0375 3340 TrkWks - ok
19:29:51.0765 3340 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:29:52.0000 3340 Udfs - ok
19:29:52.0015 3340 ultra - ok
19:29:52.0078 3340 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:29:52.0218 3340 Update - ok
19:29:52.0265 3340 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:29:52.0390 3340 upnphost - ok
19:29:52.0406 3340 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
19:29:52.0531 3340 UPS - ok
19:29:52.0578 3340 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:29:52.0703 3340 usbccgp - ok
19:29:52.0734 3340 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:29:52.0843 3340 usbehci - ok
19:29:52.0859 3340 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:29:52.0984 3340 usbhub - ok
19:29:53.0031 3340 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:29:53.0140 3340 usbprint - ok
19:29:53.0140 3340 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:29:53.0265 3340 usbscan - ok
19:29:53.0296 3340 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:29:53.0421 3340 USBSTOR - ok
19:29:53.0437 3340 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:29:53.0562 3340 usbuhci - ok
19:29:53.0593 3340 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:29:53.0703 3340 VgaSave - ok
19:29:53.0703 3340 ViaIde - ok
19:29:53.0734 3340 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:29:53.0843 3340 VolSnap - ok
19:29:53.0875 3340 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
19:29:54.0000 3340 VSS - ok
19:29:54.0203 3340 [ C89DA341FCC883A3D79DC11727484FC2 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
19:29:54.0453 3340 w29n51 - ok
19:29:54.0484 3340 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
19:29:54.0609 3340 W32Time - ok
19:29:54.0687 3340 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:29:54.0875 3340 Wanarp - ok
19:29:54.0890 3340 WDICA - ok
19:29:54.0921 3340 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:29:55.0046 3340 wdmaud - ok
19:29:55.0078 3340 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:29:55.0218 3340 WebClient - ok
19:29:55.0312 3340 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:29:55.0437 3340 winmgmt - ok
19:29:55.0484 3340 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:29:55.0531 3340 WmdmPmSN - ok
19:29:55.0546 3340 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:29:55.0687 3340 WmiApSrv - ok
19:29:55.0781 3340 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
19:29:55.0890 3340 WMPNetworkSvc - ok
19:29:56.0000 3340 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:29:56.0078 3340 WPFFontCache_v0400 - ok
19:29:56.0125 3340 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:29:56.0296 3340 wscsvc - ok
19:29:56.0328 3340 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:29:56.0546 3340 wuauserv - ok
19:29:56.0578 3340 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:29:56.0656 3340 WudfPf - ok
19:29:56.0671 3340 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:29:56.0703 3340 WudfRd - ok
19:29:56.0734 3340 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:29:56.0781 3340 WudfSvc - ok
19:29:56.0859 3340 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:29:57.0093 3340 WZCSVC - ok
19:29:57.0125 3340 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:29:57.0250 3340 xmlprov - ok
19:29:57.0296 3340 [ 41CF36A3CC7786575247ED456918E112 ] XUIF C:\WINDOWS\system32\Drivers\x10ufx2.sys
19:29:57.0343 3340 XUIF - ok
19:29:57.0343 3340 ================ Scan global ===============================
19:29:57.0390 3340 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
19:29:57.0437 3340 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:29:57.0468 3340 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:29:57.0484 3340 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
19:29:57.0484 3340 [Global] - ok
19:29:57.0484 3340 ================ Scan MBR ==================================
19:29:57.0515 3340 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
19:29:57.0890 3340 \Device\Harddisk0\DR0 - ok
19:29:57.0890 3340 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR3
19:29:59.0875 3340 \Device\Harddisk1\DR3 - ok
19:29:59.0890 3340 ================ Scan VBR ==================================
19:29:59.0890 3340 [ 9A2366615CDB24C2DABFEA5E82B1C184 ] \Device\Harddisk0\DR0\Partition1
19:29:59.0890 3340 \Device\Harddisk0\DR0\Partition1 - ok
19:29:59.0984 3340 [ E347E12C331D267057CF28DE6A257E9F ] \Device\Harddisk0\DR0\Partition2
19:29:59.0984 3340 \Device\Harddisk0\DR0\Partition2 - ok
19:30:00.0000 3340 [ F804872828FC6370D11D9B7FD9DD945F ] \Device\Harddisk1\DR3\Partition1
19:30:00.0000 3340 \Device\Harddisk1\DR3\Partition1 - ok
19:30:00.0000 3340 ============================================================
19:30:00.0000 3340 Scan finished
19:30:00.0000 3340 ============================================================
19:30:00.0109 3332 Detected object count: 2
19:30:00.0109 3332 Actual detected object count: 2
|
|
06.09.2012, 13:04
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | InCrediBar - wie werd ich das Ding wieder los? Log ist unvollständig Da mein Screenshot veraltet war bitte wiederholen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.09.2012, 10:21
| #23 |
| | InCrediBar - wie werd ich das Ding wieder los?Code:
ATTFilter 11:09:47.0234 4072 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
11:09:47.0250 4072 ============================================================
11:09:47.0250 4072 Current date / time: 2012/09/09 11:09:47.0250
11:09:47.0265 4072 SystemInfo:
11:09:47.0265 4072
11:09:47.0265 4072 OS Version: 5.1.2600 ServicePack: 3.0
11:09:47.0265 4072 Product type: Workstation
11:09:47.0265 4072 ComputerName: ****-*****
11:09:47.0265 4072 UserName: *****
11:09:47.0265 4072 Windows directory: C:\WINDOWS
11:09:47.0265 4072 System windows directory: C:\WINDOWS
11:09:47.0265 4072 Processor architecture: Intel x86
11:09:47.0265 4072 Number of processors: 1
11:09:47.0265 4072 Page size: 0x1000
11:09:47.0265 4072 Boot type: Normal boot
11:09:47.0265 4072 ============================================================
11:09:49.0234 4072 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:09:49.0234 4072 Drive \Device\Harddisk1\DR3 - Size: 0x3CBFFE00 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:09:49.0234 4072 ============================================================
11:09:49.0234 4072 \Device\Harddisk0\DR0:
11:09:49.0234 4072 MBR partitions:
11:09:49.0234 4072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x658FB66
11:09:49.0250 4072 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x658FBE4, BlocksNum 0x54BD39C
11:09:49.0265 4072 \Device\Harddisk1\DR3:
11:09:49.0265 4072 MBR partitions:
11:09:49.0265 4072 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1E5FC0
11:09:49.0265 4072 ============================================================
11:09:49.0312 4072 C: <-> \Device\Harddisk0\DR0\Partition1
11:09:49.0359 4072 D: <-> \Device\Harddisk0\DR0\Partition2
11:09:49.0359 4072 ============================================================
11:09:49.0359 4072 Initialize success
11:09:49.0359 4072 ============================================================
11:11:11.0046 2816 ============================================================
11:11:11.0046 2816 Scan started
11:11:11.0046 2816 Mode: Manual; SigCheck; TDLFS;
11:11:11.0046 2816 ============================================================
11:11:11.0812 2816 ================ Scan system memory ========================
11:11:11.0812 2816 System memory - ok
11:11:11.0812 2816 ================ Scan services =============================
11:11:11.0953 2816 Abiosdsk - ok
11:11:11.0953 2816 abp480n5 - ok
11:11:12.0031 2816 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:11:13.0703 2816 ACPI - ok
11:11:13.0734 2816 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:11:14.0031 2816 ACPIEC - ok
11:11:14.0125 2816 [ 5E1A953C6472E7BB644892A4D0DF5E72 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:11:14.0156 2816 AdobeFlashPlayerUpdateSvc - ok
11:11:14.0156 2816 adpu160m - ok
11:11:14.0187 2816 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:11:14.0328 2816 aec - ok
11:11:14.0375 2816 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:11:14.0421 2816 AFD - ok
11:11:14.0500 2816 [ BA1EF9282AB269A984A150D6EBCE2E4D ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
11:11:14.0640 2816 AgereSoftModem - ok
11:11:14.0640 2816 Aha154x - ok
11:11:14.0656 2816 aic78u2 - ok
11:11:14.0656 2816 aic78xx - ok
11:11:14.0687 2816 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:11:14.0890 2816 Alerter - ok
11:11:14.0921 2816 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
11:11:15.0078 2816 ALG - ok
11:11:15.0093 2816 AliIde - ok
11:11:15.0109 2816 amsint - ok
11:11:15.0250 2816 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
11:11:15.0265 2816 AntiVirSchedulerService - ok
11:11:15.0312 2816 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
11:11:15.0343 2816 AntiVirService - ok
11:11:15.0343 2816 AppMgmt - ok
11:11:15.0406 2816 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:11:15.0578 2816 Arp1394 - ok
11:11:15.0578 2816 asc - ok
11:11:15.0593 2816 asc3350p - ok
11:11:15.0609 2816 asc3550 - ok
11:11:15.0734 2816 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:11:15.0796 2816 aspnet_state - ok
11:11:15.0812 2816 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:11:15.0984 2816 AsyncMac - ok
11:11:16.0015 2816 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:11:16.0125 2816 atapi - ok
11:11:16.0140 2816 Atdisk - ok
11:11:16.0187 2816 [ 60D2D92BD2390C50BCE4106113F8B83B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:11:16.0234 2816 Ati HotKey Poller - ok
11:11:16.0328 2816 [ 1BC00580219007683339B3A78B8F2232 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:11:16.0421 2816 ati2mtag - ok
11:11:16.0500 2816 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:11:16.0609 2816 Atmarpc - ok
11:11:16.0671 2816 [ 5C0656A478A7C41545A52B4724DBE67F ] ATSWPDRV C:\WINDOWS\system32\Drivers\ATSwpDrv.sys
11:11:16.0718 2816 ATSWPDRV - ok
11:11:16.0765 2816 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:11:16.0937 2816 AudioSrv - ok
11:11:16.0984 2816 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:11:17.0156 2816 audstub - ok
11:11:17.0171 2816 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:11:17.0234 2816 avgntflt - ok
11:11:17.0281 2816 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:11:17.0296 2816 avipbb - ok
11:11:17.0328 2816 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
11:11:17.0343 2816 avkmgr - ok
11:11:17.0390 2816 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:11:17.0578 2816 Beep - ok
11:11:17.0640 2816 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
11:11:17.0843 2816 BITS - ok
11:11:17.0875 2816 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll
11:11:18.0062 2816 Browser - ok
11:11:18.0093 2816 [ 2241C5BF7BFDB8A501274F6837C6B10A ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
11:11:18.0125 2816 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
11:11:18.0125 2816 BTWUSB - detected UnsignedFile.Multi.Generic (1)
11:11:18.0156 2816 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:11:18.0359 2816 cbidf2k - ok
11:11:18.0359 2816 cd20xrnt - ok
11:11:18.0390 2816 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:11:18.0562 2816 Cdaudio - ok
11:11:18.0578 2816 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:11:18.0765 2816 Cdfs - ok
11:11:18.0796 2816 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:11:18.0968 2816 Cdrom - ok
11:11:18.0984 2816 Changer - ok
11:11:19.0015 2816 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:11:19.0187 2816 CiSvc - ok
11:11:19.0218 2816 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:11:19.0390 2816 ClipSrv - ok
11:11:19.0437 2816 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:11:19.0500 2816 clr_optimization_v4.0.30319_32 - ok
11:11:19.0531 2816 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:11:19.0703 2816 CmBatt - ok
11:11:19.0718 2816 CmdIde - ok
11:11:19.0718 2816 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:11:19.0890 2816 Compbatt - ok
11:11:19.0906 2816 COMSysApp - ok
11:11:19.0921 2816 Cpqarray - ok
11:11:19.0968 2816 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:11:20.0156 2816 CryptSvc - ok
11:11:20.0156 2816 dac2w2k - ok
11:11:20.0171 2816 dac960nt - ok
11:11:20.0218 2816 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:11:20.0359 2816 DcomLaunch - ok
11:11:20.0375 2816 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:11:20.0546 2816 Dhcp - ok
11:11:20.0562 2816 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:11:20.0734 2816 Disk - ok
11:11:20.0750 2816 dmadmin - ok
11:11:20.0812 2816 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:11:20.0984 2816 dmboot - ok
11:11:21.0000 2816 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:11:21.0140 2816 dmio - ok
11:11:21.0156 2816 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:11:21.0265 2816 dmload - ok
11:11:21.0296 2816 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:11:21.0421 2816 dmserver - ok
11:11:21.0437 2816 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:11:21.0562 2816 DMusic - ok
11:11:21.0609 2816 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:11:21.0640 2816 Dnscache - ok
11:11:21.0687 2816 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:11:21.0812 2816 Dot3svc - ok
11:11:21.0812 2816 dpti2o - ok
11:11:21.0828 2816 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:11:21.0937 2816 drmkaud - ok
11:11:21.0968 2816 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:11:22.0093 2816 EapHost - ok
11:11:22.0140 2816 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:11:22.0250 2816 ERSvc - ok
11:11:22.0296 2816 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
11:11:22.0328 2816 Eventlog - ok
11:11:22.0359 2816 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
11:11:22.0406 2816 EventSystem - ok
11:11:22.0437 2816 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:11:22.0562 2816 Fastfat - ok
11:11:22.0609 2816 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:11:22.0687 2816 FastUserSwitchingCompatibility - ok
11:11:22.0718 2816 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
11:11:22.0828 2816 Fdc - ok
11:11:22.0843 2816 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:11:22.0984 2816 Fips - ok
11:11:23.0000 2816 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:11:23.0125 2816 Flpydisk - ok
11:11:23.0140 2816 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:11:23.0250 2816 FltMgr - ok
11:11:23.0281 2816 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:11:23.0406 2816 Fs_Rec - ok
11:11:23.0421 2816 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:11:23.0562 2816 Ftdisk - ok
11:11:23.0609 2816 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:11:23.0718 2816 Gpc - ok
11:11:23.0765 2816 [ 2A013E7530BEAB6E569FAA83F517E836 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
11:11:23.0812 2816 HdAudAddService - ok
11:11:23.0828 2816 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:11:23.0953 2816 HDAudBus - ok
11:11:24.0031 2816 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:11:24.0140 2816 helpsvc - ok
11:11:24.0156 2816 HidServ - ok
11:11:24.0187 2816 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:11:24.0312 2816 HidUsb - ok
11:11:24.0375 2816 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:11:24.0515 2816 hkmsvc - ok
11:11:24.0531 2816 hpn - ok
11:11:24.0593 2816 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:11:24.0656 2816 HTTP - ok
11:11:24.0671 2816 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:11:24.0828 2816 HTTPFilter - ok
11:11:24.0828 2816 i2omgmt - ok
11:11:24.0843 2816 i2omp - ok
11:11:24.0859 2816 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:11:25.0000 2816 i8042prt - ok
11:11:25.0031 2816 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:11:25.0187 2816 Imapi - ok
11:11:25.0250 2816 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
11:11:25.0406 2816 ImapiService - ok
11:11:25.0406 2816 ini910u - ok
11:11:25.0640 2816 [ 98B7FAB86755A42FE8EB04538A4CD6C8 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:11:25.0890 2816 IntcAzAudAddService - ok
11:11:25.0906 2816 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:11:26.0125 2816 IntelIde - ok
11:11:26.0171 2816 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:11:26.0281 2816 intelppm - ok
11:11:26.0296 2816 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:11:26.0421 2816 Ip6Fw - ok
11:11:26.0453 2816 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:11:26.0593 2816 IpFilterDriver - ok
11:11:26.0593 2816 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:11:26.0703 2816 IpInIp - ok
11:11:26.0718 2816 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:11:26.0828 2816 IpNat - ok
11:11:26.0859 2816 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:11:26.0968 2816 IPSec - ok
11:11:26.0984 2816 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
11:11:27.0109 2816 irda - ok
11:11:27.0125 2816 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:11:27.0250 2816 IRENUM - ok
11:11:27.0281 2816 [ 2EFE1DB1EC58A26B0C14BFDA122E246F ] Irmon C:\WINDOWS\System32\irmon.dll
11:11:27.0406 2816 Irmon - ok
11:11:27.0421 2816 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:11:27.0531 2816 isapnp - ok
11:11:27.0546 2816 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:11:27.0671 2816 Kbdclass - ok
11:11:27.0703 2816 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:11:27.0812 2816 kmixer - ok
11:11:27.0843 2816 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:11:27.0937 2816 KSecDD - ok
11:11:27.0968 2816 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:11:28.0000 2816 lanmanserver - ok
11:11:28.0062 2816 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:11:28.0093 2816 lanmanworkstation - ok
11:11:28.0093 2816 lbrtfdc - ok
11:11:28.0125 2816 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:11:28.0250 2816 LmHosts - ok
11:11:28.0296 2816 [ 7A1A532F14FDE28489DC349C6E404A67 ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
11:11:28.0421 2816 LPDSVC - ok
11:11:28.0437 2816 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:11:28.0578 2816 Messenger - ok
11:11:28.0625 2816 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:11:28.0765 2816 mnmdd - ok
11:11:28.0812 2816 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:11:28.0953 2816 mnmsrvc - ok
11:11:28.0968 2816 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:11:29.0109 2816 Modem - ok
11:11:29.0125 2816 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:11:29.0234 2816 Mouclass - ok
11:11:29.0281 2816 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:11:29.0406 2816 mouhid - ok
11:11:29.0406 2816 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:11:29.0515 2816 MountMgr - ok
11:11:29.0578 2816 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
11:11:29.0593 2816 MozillaMaintenance - ok
11:11:29.0593 2816 mraid35x - ok
11:11:29.0625 2816 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:11:29.0734 2816 MRxDAV - ok
11:11:29.0796 2816 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:11:29.0890 2816 MRxSmb - ok
11:11:29.0921 2816 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:11:30.0046 2816 MSDTC - ok
11:11:30.0062 2816 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:11:30.0203 2816 Msfs - ok
11:11:30.0203 2816 MSIServer - ok
11:11:30.0234 2816 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:11:30.0343 2816 MSKSSRV - ok
11:11:30.0343 2816 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:11:30.0484 2816 MSPCLOCK - ok
11:11:30.0515 2816 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:11:30.0609 2816 MSPQM - ok
11:11:30.0640 2816 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:11:30.0750 2816 mssmbios - ok
11:11:30.0781 2816 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:11:30.0796 2816 Mup - ok
11:11:30.0843 2816 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
11:11:30.0984 2816 napagent - ok
11:11:31.0000 2816 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:11:31.0109 2816 NDIS - ok
11:11:31.0140 2816 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:11:31.0156 2816 NdisTapi - ok
11:11:31.0171 2816 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:11:31.0296 2816 Ndisuio - ok
11:11:31.0328 2816 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:11:31.0437 2816 NdisWan - ok
11:11:31.0468 2816 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:11:31.0515 2816 NDProxy - ok
11:11:31.0515 2816 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:11:31.0640 2816 NetBIOS - ok
11:11:31.0671 2816 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:11:31.0796 2816 NetBT - ok
11:11:31.0843 2816 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
11:11:31.0984 2816 NetDDE - ok
11:11:32.0000 2816 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:11:32.0109 2816 NetDDEdsdm - ok
11:11:32.0156 2816 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:11:32.0265 2816 Netlogon - ok
11:11:32.0296 2816 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
11:11:32.0421 2816 Netman - ok
11:11:32.0484 2816 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:11:32.0515 2816 NetTcpPortSharing - ok
11:11:32.0546 2816 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:11:32.0671 2816 NIC1394 - ok
11:11:32.0703 2816 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
11:11:32.0718 2816 Nla - ok
11:11:32.0796 2816 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
11:11:32.0812 2816 NMSAccess - ok
11:11:32.0812 2816 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:11:32.0921 2816 Npfs - ok
11:11:32.0937 2816 [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
11:11:33.0062 2816 NSCIRDA - ok
11:11:33.0093 2816 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:11:33.0281 2816 Ntfs - ok
11:11:33.0296 2816 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:11:33.0421 2816 NtLmSsp - ok
11:11:33.0468 2816 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:11:33.0640 2816 NtmsSvc - ok
11:11:33.0671 2816 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:11:33.0828 2816 Null - ok
11:11:33.0859 2816 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:11:34.0031 2816 NwlnkFlt - ok
11:11:34.0046 2816 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:11:34.0187 2816 NwlnkFwd - ok
11:11:34.0203 2816 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:11:34.0312 2816 ohci1394 - ok
11:11:34.0375 2816 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
11:11:34.0390 2816 ose - ok
11:11:34.0390 2816 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:11:34.0531 2816 Parport - ok
11:11:34.0531 2816 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:11:34.0640 2816 PartMgr - ok
11:11:34.0687 2816 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:11:34.0796 2816 ParVdm - ok
11:11:34.0812 2816 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:11:34.0921 2816 PCI - ok
11:11:34.0921 2816 PCIDump - ok
11:11:34.0953 2816 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:11:35.0078 2816 PCIIde - ok
11:11:35.0093 2816 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:11:35.0203 2816 Pcmcia - ok
11:11:35.0203 2816 PDCOMP - ok
11:11:35.0203 2816 PDFRAME - ok
11:11:35.0218 2816 PDRELI - ok
11:11:35.0218 2816 PDRFRAME - ok
11:11:35.0234 2816 perc2 - ok
11:11:35.0234 2816 perc2hib - ok
11:11:35.0281 2816 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
11:11:35.0328 2816 PlugPlay - ok
11:11:35.0328 2816 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:11:35.0437 2816 PolicyAgent - ok
11:11:35.0453 2816 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:11:35.0578 2816 PptpMiniport - ok
11:11:35.0593 2816 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:11:35.0703 2816 ProtectedStorage - ok
11:11:35.0718 2816 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:11:35.0828 2816 PSched - ok
11:11:35.0843 2816 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:11:35.0968 2816 Ptilink - ok
11:11:35.0968 2816 ql1080 - ok
11:11:35.0984 2816 Ql10wnt - ok
11:11:35.0984 2816 ql12160 - ok
11:11:36.0000 2816 ql1240 - ok
11:11:36.0000 2816 ql1280 - ok
11:11:36.0015 2816 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:11:36.0140 2816 RasAcd - ok
11:11:36.0156 2816 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:11:36.0265 2816 RasAuto - ok
11:11:36.0296 2816 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:11:36.0375 2816 Rasirda - ok
11:11:36.0390 2816 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:11:36.0515 2816 Rasl2tp - ok
11:11:36.0578 2816 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:11:36.0687 2816 RasMan - ok
11:11:36.0687 2816 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:11:36.0828 2816 RasPppoe - ok
11:11:36.0828 2816 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:11:36.0953 2816 Raspti - ok
11:11:36.0968 2816 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:11:37.0078 2816 Rdbss - ok
11:11:37.0109 2816 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:11:37.0218 2816 RDPCDD - ok
11:11:37.0265 2816 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:11:37.0312 2816 RDPWD - ok
11:11:37.0343 2816 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:11:37.0484 2816 RDSessMgr - ok
11:11:37.0500 2816 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:11:37.0625 2816 redbook - ok
11:11:37.0671 2816 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:11:37.0796 2816 RemoteAccess - ok
11:11:37.0828 2816 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
11:11:37.0953 2816 RpcLocator - ok
11:11:37.0984 2816 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:11:38.0031 2816 RpcSs - ok
11:11:38.0078 2816 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:11:38.0187 2816 RSVP - ok
11:11:38.0234 2816 [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
11:11:38.0296 2816 RTL8023xp - ok
11:11:38.0343 2816 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
11:11:38.0437 2816 SamSs - ok
11:11:38.0468 2816 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:11:38.0609 2816 SCardSvr - ok
11:11:38.0671 2816 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:11:38.0796 2816 Schedule - ok
11:11:38.0812 2816 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:11:38.0968 2816 sdbus - ok
11:11:39.0015 2816 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:11:39.0140 2816 Secdrv - ok
11:11:39.0171 2816 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
11:11:39.0328 2816 seclogon - ok
11:11:39.0343 2816 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
11:11:39.0484 2816 SENS - ok
11:11:39.0546 2816 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
11:11:39.0687 2816 Serial - ok
11:11:39.0718 2816 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:11:39.0875 2816 Sfloppy - ok
11:11:39.0937 2816 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:11:40.0140 2816 SharedAccess - ok
11:11:40.0171 2816 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:11:40.0203 2816 ShellHWDetection - ok
11:11:40.0218 2816 Simbad - ok
11:11:40.0234 2816 [ 7A1A532F14FDE28489DC349C6E404A67 ] SimpTcp C:\WINDOWS\system32\tcpsvcs.exe
11:11:40.0390 2816 SimpTcp - ok
11:11:40.0421 2816 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
11:11:40.0609 2816 SONYPVU1 - ok
11:11:40.0625 2816 Sparrow - ok
11:11:40.0640 2816 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:11:40.0828 2816 splitter - ok
11:11:40.0875 2816 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:11:40.0906 2816 Spooler - ok
11:11:40.0937 2816 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:11:41.0062 2816 sr - ok
11:11:41.0109 2816 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
11:11:41.0218 2816 srservice - ok
11:11:41.0265 2816 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:11:41.0312 2816 Srv - ok
11:11:41.0343 2816 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:11:41.0453 2816 SSDPSRV - ok
11:11:41.0515 2816 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:11:41.0531 2816 ssmdrv - ok
11:11:41.0562 2816 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
11:11:41.0562 2816 StarOpen ( UnsignedFile.Multi.Generic ) - warning
11:11:41.0562 2816 StarOpen - detected UnsignedFile.Multi.Generic (1)
11:11:41.0625 2816 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:11:41.0765 2816 stisvc - ok
11:11:41.0796 2816 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:11:41.0953 2816 swenum - ok
11:11:41.0984 2816 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:11:42.0171 2816 swmidi - ok
11:11:42.0171 2816 SwPrv - ok
11:11:42.0187 2816 symc810 - ok
11:11:42.0203 2816 symc8xx - ok
11:11:42.0218 2816 sym_hi - ok
11:11:42.0218 2816 sym_u3 - ok
11:11:42.0281 2816 [ 9D7385AD343EEED23A61D4AC5AE44601 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:11:42.0328 2816 SynTP - ok
11:11:42.0359 2816 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:11:42.0531 2816 sysaudio - ok
11:11:42.0562 2816 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:11:42.0750 2816 SysmonLog - ok
11:11:42.0781 2816 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:11:42.0968 2816 TapiSrv - ok
11:11:43.0046 2816 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:11:43.0078 2816 Tcpip - ok
11:11:43.0125 2816 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:11:43.0312 2816 TDPIPE - ok
11:11:43.0343 2816 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:11:43.0531 2816 TDTCP - ok
11:11:43.0546 2816 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:11:43.0718 2816 TermDD - ok
11:11:43.0781 2816 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
11:11:43.0968 2816 TermService - ok
11:11:43.0984 2816 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
11:11:44.0015 2816 Themes - ok
11:11:44.0062 2816 [ 1154850749ECD019972D901EA6C6950C ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
11:11:44.0109 2816 tifm21 - ok
11:11:44.0125 2816 TosIde - ok
11:11:44.0156 2816 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:11:44.0328 2816 TrkWks - ok
11:11:44.0734 2816 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:11:44.0968 2816 Udfs - ok
11:11:44.0984 2816 ultra - ok
11:11:45.0062 2816 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:11:45.0187 2816 Update - ok
11:11:45.0218 2816 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:11:45.0343 2816 upnphost - ok
11:11:45.0359 2816 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
11:11:45.0500 2816 UPS - ok
11:11:45.0546 2816 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:11:45.0671 2816 usbccgp - ok
11:11:45.0687 2816 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:11:45.0781 2816 usbehci - ok
11:11:45.0796 2816 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:11:45.0921 2816 usbhub - ok
11:11:45.0953 2816 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:11:46.0062 2816 usbprint - ok
11:11:46.0062 2816 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:11:46.0187 2816 usbscan - ok
11:11:46.0234 2816 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:11:46.0343 2816 USBSTOR - ok
11:11:46.0375 2816 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:11:46.0500 2816 usbuhci - ok
11:11:46.0500 2816 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:11:46.0609 2816 VgaSave - ok
11:11:46.0609 2816 ViaIde - ok
11:11:46.0640 2816 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:11:46.0750 2816 VolSnap - ok
11:11:46.0828 2816 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
11:11:46.0968 2816 VSS - ok
11:11:47.0156 2816 [ C89DA341FCC883A3D79DC11727484FC2 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
11:11:47.0437 2816 w29n51 - ok
11:11:47.0484 2816 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
11:11:47.0718 2816 W32Time - ok
11:11:47.0781 2816 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:11:47.0890 2816 Wanarp - ok
11:11:47.0890 2816 WDICA - ok
11:11:47.0937 2816 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:11:48.0062 2816 wdmaud - ok
11:11:48.0093 2816 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:11:48.0234 2816 WebClient - ok
11:11:48.0328 2816 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:11:48.0453 2816 winmgmt - ok
11:11:48.0500 2816 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:11:48.0546 2816 WmdmPmSN - ok
11:11:48.0578 2816 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:11:48.0703 2816 WmiApSrv - ok
11:11:48.0796 2816 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
11:11:48.0906 2816 WMPNetworkSvc - ok
11:11:49.0015 2816 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:11:49.0078 2816 WPFFontCache_v0400 - ok
11:11:49.0140 2816 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:11:49.0312 2816 wscsvc - ok
11:11:49.0343 2816 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:11:49.0562 2816 wuauserv - ok
11:11:49.0593 2816 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:11:49.0656 2816 WudfPf - ok
11:11:49.0671 2816 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:11:49.0687 2816 WudfRd - ok
11:11:49.0718 2816 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:11:49.0750 2816 WudfSvc - ok
11:11:49.0828 2816 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:11:49.0953 2816 WZCSVC - ok
11:11:49.0984 2816 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:11:50.0109 2816 xmlprov - ok
11:11:50.0156 2816 [ 41CF36A3CC7786575247ED456918E112 ] XUIF C:\WINDOWS\system32\Drivers\x10ufx2.sys
11:11:50.0203 2816 XUIF - ok
11:11:50.0218 2816 ================ Scan global ===============================
11:11:50.0265 2816 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
11:11:50.0312 2816 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
11:11:50.0328 2816 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
11:11:50.0359 2816 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
11:11:50.0359 2816 [Global] - ok
11:11:50.0359 2816 ================ Scan MBR ==================================
11:11:50.0390 2816 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
11:11:50.0781 2816 \Device\Harddisk0\DR0 - ok
11:11:50.0796 2816 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR3
11:11:52.0421 2816 \Device\Harddisk1\DR3 - ok
11:11:52.0421 2816 ================ Scan VBR ==================================
11:11:52.0437 2816 [ 9A2366615CDB24C2DABFEA5E82B1C184 ] \Device\Harddisk0\DR0\Partition1
11:11:52.0437 2816 \Device\Harddisk0\DR0\Partition1 - ok
11:11:52.0453 2816 [ E347E12C331D267057CF28DE6A257E9F ] \Device\Harddisk0\DR0\Partition2
11:11:52.0453 2816 \Device\Harddisk0\DR0\Partition2 - ok
11:11:52.0468 2816 [ F804872828FC6370D11D9B7FD9DD945F ] \Device\Harddisk1\DR3\Partition1
11:11:52.0468 2816 \Device\Harddisk1\DR3\Partition1 - ok
11:11:52.0468 2816 ============================================================
11:11:52.0468 2816 Scan finished
11:11:52.0468 2816 ============================================================
11:11:52.0578 3892 Detected object count: 2
11:11:52.0578 3892 Actual detected object count: 2
11:12:13.0890 3892 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:13.0890 3892 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:12:13.0890 3892 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
11:12:13.0890 3892 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
10.09.2012, 15:46
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | InCrediBar - wie werd ich das Ding wieder los? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2012, 12:37
| #25 |
| | InCrediBar - wie werd ich das Ding wieder los? Combofix Logfile: Code:
ATTFilter ComboFix 12-09-12.02 - ***** 12.09.2012 13:15:57.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.659 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\*****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-12 bis 2012-09-12 ))))))))))))))))))))))))))))))
.
.
2012-08-23 18:13 . 2012-08-23 18:13 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 17:24 . 2012-04-29 09:41 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-17 17:24 . 2011-09-29 22:41 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2011-10-07 20:42 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 22:19 . 2012-07-10 11:35 85472 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 737369]
"AGRSMMSG"="AGRSMMSG.exe" [2005-05-11 88204]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-13 348624]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"TomTomHOME.exe"="c:\programme\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [06.12.2011 18:51 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [06.12.2011 18:51 86224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29.04.2012 11:41 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [10.07.2012 13:35 113120]
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 17:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\z8zgz8s6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyHqTFP4R&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - d4b3bdbb00000000000000150020c8f3
FF - user.js: extensions.incredibar_i.instlDay - 15530
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1418:41
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyHqTFP4R
FF - user.js: extensions.incredibar_i.upn2n - 92261726505687201
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-12 13:20
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1572)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-09-12 13:22:11
ComboFix-quarantined-files.txt 2012-09-12 11:22
.
Vor Suchlauf: 5 Verzeichnis(se), 45.379.215.360 Bytes frei
Nach Suchlauf: 6 Verzeichnis(se), 45.370.417.152 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A61953468FEA35FA7FEE77A841B54AEE
--- --- --- |
|
12.09.2012, 14:36
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | InCrediBar - wie werd ich das Ding wieder los? Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter Firefox::
FF - ProfilePath - c:\dokumente und einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\z8zgz8s6.default\
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - http://mystart.Incredibar.com/?a=6OyHqTFP4R&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - d4b3bdbb00000000000000150020c8f3
FF - user.js: extensions.incredibar_i.instlDay - 15530
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1418:41
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyHqTFP4R
FF - user.js: extensions.incredibar_i.upn2n - 92261726505687201
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.10.2012, 10:12
| #27 |
| | InCrediBar - wie werd ich das Ding wieder los? Combofix Logfile: Code:
ATTFilter ComboFix 12-10-04.02 - ***** 05.10.2012 10:50:05.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.642 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\*****\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\*****\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-05 bis 2012-10-05 ))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 15:04 . 2011-10-07 20:42 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-17 17:24 . 2012-04-29 09:41 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-17 17:24 . 2011-09-29 22:41 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-14 22:19 . 2012-07-10 11:35 85472 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 737369]
"AGRSMMSG"="AGRSMMSG.exe" [2005-05-11 88204]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-09-12 348664]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"TomTomHOME.exe"="c:\programme\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [06.12.2011 18:51 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [06.12.2011 18:51 86224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29.04.2012 11:41 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [10.07.2012 13:35 113120]
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 17:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\z8zgz8s6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-05 10:55
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1420)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(344)
c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2012-10-05 10:57:34
ComboFix-quarantined-files.txt 2012-10-05 08:57
ComboFix2.txt 2012-10-05 08:42
ComboFix3.txt 2012-09-12 11:22
.
Vor Suchlauf: 5 Verzeichnis(se), 45.152.210.944 Bytes frei
Nach Suchlauf: 6 Verzeichnis(se), 45.144.014.848 Bytes frei
.
- - End Of File - - BA6922AF91A03243060B37555621E5AE
|
|
05.10.2012, 13:48
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | InCrediBar - wie werd ich das Ding wieder los? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu InCrediBar - wie werd ich das Ding wieder los? |
| anderen, autostart, ebenfalls, erledigt, erwischt, folge, folgendes, freeware, gelöscht, gescannt, gesucht, installieren, logdatei, logdateien, netten, nichts, quarantäne, schriftarten, stelle, suche, super, system, thema, trojaner-board, version, warnungen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
