Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BundesTrojaner? PC startet nicht mehr im abgesicherten Modus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.06.2012, 05:12   #31
bobbele89
 
BundesTrojaner?  PC startet nicht mehr im abgesicherten Modus - Standard

BundesTrojaner? PC startet nicht mehr im abgesicherten Modus



Guten Morgen,

log von TDSSKiller:
Code:
ATTFilter
06:06:57.0437 0120	TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
06:06:59.0437 0120	============================================================
06:06:59.0437 0120	Current date / time: 2012/06/19 06:06:59.0437
06:06:59.0437 0120	SystemInfo:
06:06:59.0437 0120	
06:06:59.0437 0120	OS Version: 5.1.2600 ServicePack: 3.0
06:06:59.0437 0120	Product type: Workstation
06:06:59.0437 0120	ComputerName: WINXP
06:06:59.0437 0120	UserName: Maja
06:06:59.0437 0120	Windows directory: C:\WINDOWS
06:06:59.0437 0120	System windows directory: C:\WINDOWS
06:06:59.0437 0120	Processor architecture: Intel x86
06:06:59.0437 0120	Number of processors: 1
06:06:59.0437 0120	Page size: 0x1000
06:06:59.0437 0120	Boot type: Normal boot
06:06:59.0437 0120	============================================================
06:07:03.0093 0120	Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:07:03.0093 0120	============================================================
06:07:03.0093 0120	\Device\Harddisk0\DR0:
06:07:03.0093 0120	MBR partitions:
06:07:03.0093 0120	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
06:07:03.0093 0120	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A962F0, BlocksNum 0x5A781D1
06:07:03.0093 0120	============================================================
06:07:03.0109 0120	C: <-> \Device\Harddisk0\DR0\Partition0
06:07:03.0156 0120	E: <-> \Device\Harddisk0\DR0\Partition1
06:07:03.0187 0120	============================================================
06:07:03.0187 0120	Initialize success
06:07:03.0187 0120	============================================================
06:08:23.0437 1648	============================================================
06:08:23.0437 1648	Scan started
06:08:23.0437 1648	Mode: Manual; SigCheck; TDLFS; 
06:08:23.0437 1648	============================================================
06:08:23.0953 1648	61883           (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
06:08:27.0234 1648	61883 - ok
06:08:27.0250 1648	Abiosdsk - ok
06:08:27.0265 1648	abp480n5 - ok
06:08:27.0656 1648	acedrv11        (66dc3740111238c91b875d8a0021834d) C:\WINDOWS\system32\drivers\acedrv11.sys
06:08:27.0906 1648	acedrv11 - ok
06:08:27.0968 1648	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:08:28.0187 1648	ACPI - ok
06:08:28.0234 1648	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:08:28.0390 1648	ACPIEC - ok
06:08:28.0406 1648	adpu160m - ok
06:08:28.0468 1648	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:08:28.0656 1648	aec - ok
06:08:28.0734 1648	AegisP          (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
06:08:28.0781 1648	AegisP ( UnsignedFile.Multi.Generic ) - warning
06:08:28.0781 1648	AegisP - detected UnsignedFile.Multi.Generic (1)
06:08:28.0890 1648	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:08:28.0968 1648	AFD - ok
06:08:28.0984 1648	Aha154x - ok
06:08:29.0000 1648	aic78u2 - ok
06:08:29.0015 1648	aic78xx - ok
06:08:29.0156 1648	ALCXSENS        (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
06:08:29.0421 1648	ALCXSENS - ok
06:08:29.0593 1648	ALCXWDM         (4d4593c10f2c90d48da9fd1b14ace825) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
06:08:29.0937 1648	ALCXWDM - ok
06:08:29.0984 1648	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
06:08:30.0171 1648	Alerter - ok
06:08:30.0218 1648	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
06:08:30.0296 1648	ALG - ok
06:08:30.0343 1648	AliIde          (74b6def7039ecb239a1639c7fcd1bdac) C:\WINDOWS\system32\DRIVERS\aliide.sys
06:08:30.0406 1648	AliIde - ok
06:08:30.0468 1648	AmdK8           (769844eb65df6a62aa51b886290fe51d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
06:08:30.0531 1648	AmdK8 - ok
06:08:30.0546 1648	amsint - ok
06:08:30.0812 1648	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
06:08:30.0859 1648	AntiVirSchedulerService - ok
06:08:30.0921 1648	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
06:08:30.0953 1648	AntiVirService - ok
06:08:31.0015 1648	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
06:08:31.0140 1648	AppMgmt - ok
06:08:31.0203 1648	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:08:31.0390 1648	Arp1394 - ok
06:08:31.0406 1648	asc - ok
06:08:31.0421 1648	asc3350p - ok
06:08:31.0453 1648	asc3550 - ok
06:08:31.0625 1648	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
06:08:31.0640 1648	aspnet_state - ok
06:08:31.0687 1648	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:08:31.0906 1648	AsyncMac - ok
06:08:31.0953 1648	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:08:32.0125 1648	atapi - ok
06:08:32.0140 1648	Atdisk - ok
06:08:32.0187 1648	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:08:32.0375 1648	Atmarpc - ok
06:08:32.0453 1648	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
06:08:32.0625 1648	AudioSrv - ok
06:08:32.0671 1648	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:08:32.0859 1648	audstub - ok
06:08:32.0921 1648	Avc             (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
06:08:33.0109 1648	Avc - ok
06:08:33.0156 1648	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
06:08:33.0187 1648	avgntflt - ok
06:08:33.0234 1648	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
06:08:33.0281 1648	avipbb - ok
06:08:33.0328 1648	avkmgr          (53e56450da16a1a7f0d002f511113f67) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
06:08:33.0343 1648	avkmgr - ok
06:08:33.0390 1648	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:08:33.0531 1648	Beep - ok
06:08:33.0625 1648	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
06:08:34.0062 1648	BITS - ok
06:08:34.0125 1648	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
06:08:34.0281 1648	Browser - ok
06:08:34.0343 1648	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:08:34.0546 1648	cbidf2k - ok
06:08:34.0593 1648	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:08:34.0843 1648	CCDECODE - ok
06:08:34.0859 1648	cd20xrnt - ok
06:08:34.0906 1648	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:08:35.0093 1648	Cdaudio - ok
06:08:35.0125 1648	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:08:35.0296 1648	Cdfs - ok
06:08:35.0328 1648	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:08:35.0515 1648	Cdrom - ok
06:08:35.0531 1648	Changer - ok
06:08:35.0593 1648	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
06:08:35.0812 1648	CiSvc - ok
06:08:35.0859 1648	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
06:08:36.0046 1648	ClipSrv - ok
06:08:36.0234 1648	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:08:36.0265 1648	clr_optimization_v2.0.50727_32 - ok
06:08:36.0281 1648	CmdIde - ok
06:08:36.0312 1648	COMSysApp - ok
06:08:36.0343 1648	Cpqarray - ok
06:08:36.0406 1648	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
06:08:36.0578 1648	CryptSvc - ok
06:08:36.0609 1648	dac2w2k - ok
06:08:36.0625 1648	dac960nt - ok
06:08:36.0859 1648	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
06:08:36.0984 1648	DcomLaunch - ok
06:08:37.0062 1648	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
06:08:37.0281 1648	Dhcp - ok
06:08:37.0312 1648	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:08:37.0515 1648	Disk - ok
06:08:37.0531 1648	dmadmin - ok
06:08:37.0703 1648	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
06:08:38.0187 1648	dmboot - ok
06:08:38.0250 1648	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
06:08:38.0437 1648	dmio - ok
06:08:38.0484 1648	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:08:38.0640 1648	dmload - ok
06:08:38.0703 1648	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
06:08:38.0968 1648	dmserver - ok
06:08:39.0015 1648	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:08:39.0187 1648	DMusic - ok
06:08:39.0328 1648	Dnscache        (c4897fa148470182d42e999a22b83286) C:\WINDOWS\System32\poua3ktnk.dll
06:08:39.0437 1648	Dnscache ( UnsignedFile.Multi.Generic ) - warning
06:08:39.0437 1648	Dnscache - detected UnsignedFile.Multi.Generic (1)
06:08:39.0515 1648	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
06:08:39.0687 1648	Dot3svc - ok
06:08:39.0703 1648	dpti2o - ok
06:08:39.0828 1648	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:08:39.0984 1648	drmkaud - ok
06:08:40.0015 1648	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
06:08:40.0203 1648	EapHost - ok
06:08:40.0250 1648	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
06:08:40.0421 1648	ERSvc - ok
06:08:40.0484 1648	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
06:08:40.0531 1648	Eventlog - ok
06:08:40.0625 1648	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
06:08:40.0703 1648	EventSystem - ok
06:08:40.0843 1648	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:08:41.0015 1648	Fastfat - ok
06:08:41.0093 1648	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:08:41.0187 1648	FastUserSwitchingCompatibility - ok
06:08:41.0234 1648	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
06:08:41.0421 1648	Fdc - ok
06:08:41.0484 1648	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
06:08:41.0656 1648	Fips - ok
06:08:41.0687 1648	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:08:41.0937 1648	Flpydisk - ok
06:08:42.0000 1648	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:08:42.0171 1648	FltMgr - ok
06:08:42.0281 1648	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
06:08:42.0312 1648	FontCache3.0.0.0 - ok
06:08:42.0359 1648	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:08:42.0546 1648	Fs_Rec - ok
06:08:42.0593 1648	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:08:42.0843 1648	Ftdisk - ok
06:08:42.0875 1648	gameenum        (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
06:08:43.0046 1648	gameenum - ok
06:08:43.0093 1648	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:08:43.0250 1648	Gpc - ok
06:08:43.0343 1648	gupdate - ok
06:08:43.0437 1648	gusvc           (408ddd80eede47175f6844817b90213e) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
06:08:43.0500 1648	gusvc - ok
06:08:43.0578 1648	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:08:43.0812 1648	helpsvc - ok
06:08:43.0875 1648	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
06:08:44.0046 1648	HidServ - ok
06:08:44.0109 1648	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:08:44.0265 1648	HidUsb - ok
06:08:44.0328 1648	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
06:08:44.0468 1648	hkmsvc - ok
06:08:44.0484 1648	hpn - ok
06:08:44.0593 1648	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:08:44.0687 1648	HTTP - ok
06:08:44.0718 1648	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
06:08:44.0953 1648	HTTPFilter - ok
06:08:44.0968 1648	i2omgmt - ok
06:08:44.0984 1648	i2omp - ok
06:08:45.0031 1648	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:08:45.0218 1648	i8042prt - ok
06:08:45.0437 1648	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:08:45.0828 1648	idsvc - ok
06:08:45.0906 1648	IGDCTRL         (e28602c9e17b0ddce9f5deb3b3e2a635) C:\Programme\FRITZ!DSL\IGDCTRL.EXE
06:08:45.0937 1648	IGDCTRL - ok
06:08:45.0968 1648	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:08:46.0140 1648	Imapi - ok
06:08:46.0218 1648	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
06:08:46.0375 1648	ImapiService - ok
06:08:46.0406 1648	ini910u - ok
06:08:46.0437 1648	IntelIde - ok
06:08:46.0484 1648	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:08:46.0671 1648	Ip6Fw - ok
06:08:46.0718 1648	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:08:46.0937 1648	IpFilterDriver - ok
06:08:46.0968 1648	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:08:47.0140 1648	IpInIp - ok
06:08:47.0203 1648	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:08:47.0390 1648	IpNat - ok
06:08:47.0421 1648	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:08:47.0640 1648	IPSec - ok
06:08:47.0703 1648	irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
06:08:47.0843 1648	irda - ok
06:08:47.0859 1648	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:08:47.0937 1648	IRENUM - ok
06:08:48.0000 1648	Irmon           (2efe1db1ec58a26b0c14bfda122e246f) C:\WINDOWS\System32\irmon.dll
06:08:48.0093 1648	Irmon - ok
06:08:48.0125 1648	irsir           (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
06:08:48.0203 1648	irsir - ok
06:08:48.0265 1648	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:08:48.0390 1648	isapnp - ok
06:08:48.0515 1648	JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
06:08:48.0562 1648	JavaQuickStarterService - ok
06:08:48.0593 1648	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:08:48.0828 1648	Kbdclass - ok
06:08:48.0890 1648	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:08:49.0046 1648	kbdhid - ok
06:08:49.0125 1648	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:08:49.0296 1648	kmixer - ok
06:08:49.0359 1648	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:08:49.0484 1648	KSecDD - ok
06:08:49.0546 1648	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
06:08:49.0609 1648	lanmanserver - ok
06:08:49.0703 1648	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
06:08:49.0890 1648	lanmanworkstation - ok
06:08:49.0906 1648	lbrtfdc - ok
06:08:50.0000 1648	License Management Service ESD (ce0c00771ba1946cb925f2a18d882c5c) C:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe
06:08:50.0031 1648	License Management Service ESD ( UnsignedFile.Multi.Generic ) - warning
06:08:50.0031 1648	License Management Service ESD - detected UnsignedFile.Multi.Generic (1)
06:08:50.0093 1648	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
06:08:50.0250 1648	LmHosts - ok
06:08:50.0296 1648	LVUSBSta        (90259f3a20fbaec1a08d74ef5415b9d8) C:\WINDOWS\system32\drivers\lvusbsta.sys
06:08:50.0437 1648	LVUSBSta - ok
06:08:50.0500 1648	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
06:08:50.0687 1648	Messenger - ok
06:08:50.0734 1648	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:08:50.0937 1648	mnmdd - ok
06:08:50.0984 1648	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
06:08:51.0156 1648	mnmsrvc - ok
06:08:51.0203 1648	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
06:08:51.0359 1648	Modem - ok
06:08:51.0390 1648	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:08:51.0562 1648	Mouclass - ok
06:08:51.0609 1648	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:08:51.0828 1648	mouhid - ok
06:08:51.0875 1648	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:08:52.0062 1648	MountMgr - ok
06:08:52.0109 1648	mraid35x - ok
06:08:52.0156 1648	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:08:52.0328 1648	MRxDAV - ok
06:08:52.0453 1648	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:08:52.0703 1648	MRxSmb - ok
06:08:52.0828 1648	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
06:08:53.0000 1648	MSDTC - ok
06:08:53.0046 1648	MSDV            (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
06:08:53.0234 1648	MSDV - ok
06:08:53.0265 1648	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:08:53.0421 1648	Msfs - ok
06:08:53.0437 1648	MSIServer - ok
06:08:53.0484 1648	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:08:53.0625 1648	MSKSSRV - ok
06:08:53.0656 1648	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:08:53.0875 1648	MSPCLOCK - ok
06:08:53.0921 1648	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:08:54.0062 1648	MSPQM - ok
06:08:54.0125 1648	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:08:54.0296 1648	mssmbios - ok
06:08:54.0343 1648	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
06:08:54.0515 1648	MSTEE - ok
06:08:54.0531 1648	ms_mpu401       (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
06:08:54.0687 1648	ms_mpu401 - ok
06:08:54.0828 1648	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:08:54.0921 1648	Mup - ok
06:08:54.0953 1648	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:08:55.0156 1648	NABTSFEC - ok
06:08:55.0250 1648	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
06:08:55.0468 1648	napagent - ok
06:08:55.0531 1648	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:08:55.0718 1648	NDIS - ok
06:08:55.0828 1648	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:08:55.0984 1648	NdisIP - ok
06:08:56.0031 1648	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:08:56.0125 1648	NdisTapi - ok
06:08:56.0171 1648	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:08:56.0328 1648	Ndisuio - ok
06:08:56.0406 1648	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:08:56.0562 1648	NdisWan - ok
06:08:56.0625 1648	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:08:56.0687 1648	NDProxy - ok
06:08:56.0734 1648	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:08:56.0953 1648	NetBIOS - ok
06:08:57.0031 1648	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:08:57.0218 1648	NetBT - ok
06:08:57.0312 1648	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
06:08:57.0515 1648	NetDDE - ok
06:08:57.0546 1648	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
06:08:57.0671 1648	NetDDEdsdm - ok
06:08:57.0718 1648	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:08:57.0953 1648	Netlogon - ok
06:08:58.0046 1648	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
06:08:58.0265 1648	Netman - ok
06:08:58.0375 1648	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:08:58.0421 1648	NetTcpPortSharing - ok
06:08:58.0484 1648	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:08:58.0656 1648	NIC1394 - ok
06:08:58.0812 1648	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
06:08:58.0921 1648	Nla - ok
06:08:58.0968 1648	nmwcd           (28e36e677849174c910faaead3e60e9e) C:\WINDOWS\system32\drivers\ccdcmb.sys
06:08:59.0406 1648	nmwcd - ok
06:08:59.0453 1648	nmwcdc          (3823deb17f9f6775de0187a98fa0536d) C:\WINDOWS\system32\drivers\ccdcmbo.sys
06:08:59.0531 1648	nmwcdc - ok
06:08:59.0562 1648	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:08:59.0703 1648	Npfs - ok
06:08:59.0906 1648	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:09:00.0250 1648	Ntfs - ok
06:09:00.0281 1648	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:09:00.0421 1648	NtLmSsp - ok
06:09:00.0546 1648	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
06:09:00.0906 1648	NtmsSvc - ok
06:09:00.0937 1648	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:09:01.0109 1648	Null - ok
06:09:01.0484 1648	nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
06:09:02.0390 1648	nv - ok
06:09:02.0640 1648	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:09:02.0906 1648	NwlnkFlt - ok
06:09:02.0937 1648	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:09:03.0109 1648	NwlnkFwd - ok
06:09:03.0156 1648	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:09:03.0312 1648	ohci1394 - ok
06:09:03.0359 1648	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
06:09:03.0531 1648	Parport - ok
06:09:03.0562 1648	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:09:03.0703 1648	PartMgr - ok
06:09:03.0812 1648	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
06:09:03.0968 1648	ParVdm - ok
06:09:04.0000 1648	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
06:09:04.0078 1648	pccsmcfd - ok
06:09:04.0109 1648	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
06:09:04.0281 1648	PCI - ok
06:09:04.0296 1648	PCIDump - ok
06:09:04.0328 1648	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:09:04.0500 1648	PCIIde - ok
06:09:04.0546 1648	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:09:04.0734 1648	Pcmcia - ok
06:09:04.0765 1648	PDCOMP - ok
06:09:04.0828 1648	PDFRAME - ok
06:09:04.0859 1648	PDRELI - ok
06:09:04.0875 1648	PDRFRAME - ok
06:09:04.0890 1648	perc2 - ok
06:09:04.0921 1648	perc2hib - ok
06:09:05.0031 1648	PID_0928        (6eeb215fabf148b8ac008f134c1f7b9f) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
06:09:05.0125 1648	PID_0928 - ok
06:09:05.0187 1648	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
06:09:05.0218 1648	PlugPlay - ok
06:09:05.0265 1648	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:09:05.0421 1648	PolicyAgent - ok
06:09:05.0468 1648	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:09:05.0640 1648	PptpMiniport - ok
06:09:05.0671 1648	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
06:09:05.0890 1648	Processor - ok
06:09:05.0906 1648	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:09:06.0062 1648	ProtectedStorage - ok
06:09:06.0109 1648	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:09:06.0265 1648	PSched - ok
06:09:06.0328 1648	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:09:06.0500 1648	Ptilink - ok
06:09:06.0515 1648	ql1080 - ok
06:09:06.0546 1648	Ql10wnt - ok
06:09:06.0562 1648	ql12160 - ok
06:09:06.0578 1648	ql1240 - ok
06:09:06.0609 1648	ql1280 - ok
06:09:06.0656 1648	QV2KUX          (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
06:09:06.0859 1648	QV2KUX - ok
06:09:06.0875 1648	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:09:07.0062 1648	RasAcd - ok
06:09:07.0156 1648	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
06:09:07.0328 1648	RasAuto - ok
06:09:07.0359 1648	Rasirda         (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
06:09:07.0421 1648	Rasirda - ok
06:09:07.0484 1648	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:09:07.0656 1648	Rasl2tp - ok
06:09:07.0750 1648	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
06:09:07.0921 1648	RasMan - ok
06:09:07.0953 1648	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:09:08.0109 1648	RasPppoe - ok
06:09:08.0125 1648	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:09:08.0312 1648	Raspti - ok
06:09:08.0375 1648	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:09:08.0562 1648	Rdbss - ok
06:09:08.0593 1648	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:09:08.0734 1648	RDPCDD - ok
06:09:08.0812 1648	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:09:09.0015 1648	rdpdr - ok
06:09:09.0093 1648	RDPWD           (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
06:09:09.0187 1648	RDPWD - ok
06:09:09.0250 1648	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
06:09:09.0421 1648	RDSessMgr - ok
06:09:09.0484 1648	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:09:09.0656 1648	redbook - ok
06:09:09.0718 1648	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
06:09:09.0875 1648	RemoteAccess - ok
06:09:09.0937 1648	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
06:09:10.0109 1648	RemoteRegistry - ok
06:09:10.0156 1648	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
06:09:10.0312 1648	RpcLocator - ok
06:09:10.0421 1648	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
06:09:10.0500 1648	RpcSs - ok
06:09:10.0578 1648	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
06:09:10.0750 1648	RSVP - ok
06:09:10.0859 1648	RT61            (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
06:09:11.0062 1648	RT61 - ok
06:09:11.0109 1648	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:09:11.0265 1648	SamSs - ok
06:09:11.0328 1648	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
06:09:11.0484 1648	SCardSvr - ok
06:09:11.0562 1648	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
06:09:11.0750 1648	Schedule - ok
06:09:11.0796 1648	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:09:11.0859 1648	Secdrv - ok
06:09:11.0906 1648	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
06:09:12.0046 1648	seclogon - ok
06:09:12.0156 1648	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
06:09:12.0312 1648	SENS - ok
06:09:12.0359 1648	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:09:12.0484 1648	serenum - ok
06:09:12.0515 1648	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
06:09:12.0671 1648	Serial - ok
06:09:12.0718 1648	sermouse        (e8f3e51da8098201f50678cec5fce179) C:\WINDOWS\system32\DRIVERS\sermouse.sys
06:09:12.0875 1648	sermouse - ok
06:09:13.0171 1648	ServiceLayer    (5bf59c6bc737baaf541168e5cb2ec1d9) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
06:09:13.0421 1648	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
06:09:13.0421 1648	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
06:09:13.0500 1648	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:09:13.0656 1648	Sfloppy - ok
06:09:13.0765 1648	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
06:09:14.0031 1648	SharedAccess - ok
06:09:14.0109 1648	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:09:14.0140 1648	ShellHWDetection - ok
06:09:14.0156 1648	Simbad - ok
06:09:14.0234 1648	SiS315          (c10865ab0a1fd9f4ec7db70a1b8425d1) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
06:09:14.0390 1648	SiS315 - ok
06:09:14.0484 1648	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Programme\Skype\Updater\Updater.exe
06:09:14.0531 1648	SkypeUpdate - ok
06:09:14.0593 1648	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:09:14.0734 1648	SLIP - ok
06:09:14.0750 1648	Sparrow - ok
06:09:14.0781 1648	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:09:14.0921 1648	splitter - ok
06:09:15.0000 1648	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
06:09:15.0078 1648	Spooler - ok
06:09:15.0140 1648	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
06:09:15.0218 1648	sr - ok
06:09:15.0296 1648	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
06:09:15.0390 1648	srservice - ok
06:09:15.0515 1648	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:09:15.0687 1648	Srv - ok
06:09:15.0750 1648	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
06:09:15.0843 1648	SSDPSRV - ok
06:09:15.0890 1648	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
06:09:15.0906 1648	ssmdrv - ok
06:09:16.0000 1648	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
06:09:16.0250 1648	stisvc - ok
06:09:16.0296 1648	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:09:16.0484 1648	streamip - ok
06:09:16.0515 1648	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:09:16.0640 1648	swenum - ok
06:09:16.0703 1648	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:09:16.0828 1648	swmidi - ok
06:09:16.0843 1648	SwPrv - ok
06:09:16.0890 1648	symc810 - ok
06:09:16.0906 1648	symc8xx - ok
06:09:16.0921 1648	sym_hi - ok
06:09:16.0953 1648	sym_u3 - ok
06:09:16.0984 1648	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:09:17.0156 1648	sysaudio - ok
06:09:17.0187 1648	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
06:09:17.0359 1648	SysmonLog - ok
06:09:17.0437 1648	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
06:09:17.0640 1648	TapiSrv - ok
06:09:17.0734 1648	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:09:17.0890 1648	Tcpip - ok
06:09:17.0937 1648	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:09:18.0078 1648	TDPIPE - ok
06:09:18.0156 1648	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:09:18.0328 1648	TDTCP - ok
06:09:18.0375 1648	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:09:18.0531 1648	TermDD - ok
06:09:18.0609 1648	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
06:09:18.0796 1648	TermService - ok
06:09:18.0890 1648	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:09:18.0906 1648	Themes - ok
06:09:18.0968 1648	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
06:09:19.0046 1648	TlntSvr - ok
06:09:19.0062 1648	TosIde - ok
06:09:19.0140 1648	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
06:09:19.0296 1648	TrkWks - ok
06:09:19.0359 1648	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:09:19.0531 1648	Udfs - ok
06:09:19.0593 1648	ULI5261         (4b5e42130fa1840b0761a88232ad757b) C:\WINDOWS\system32\DRIVERS\ULILAN.SYS
06:09:19.0656 1648	ULI5261 - ok
06:09:19.0687 1648	uliagpkx        (4acecaa41d5f1a4cd3c78afc4de0a8c3) C:\WINDOWS\system32\DRIVERS\agpkx.sys
06:09:19.0750 1648	uliagpkx - ok
06:09:19.0765 1648	ultra - ok
06:09:19.0890 1648	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:09:20.0187 1648	Update - ok
06:09:20.0265 1648	Update-Service  (22bfa49d9d0b4b8d018efcd6f1c8cf14) C:\WINDOWS\System32\UpdSvc.dll
06:09:20.0312 1648	Update-Service - ok
06:09:20.0390 1648	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
06:09:20.0515 1648	upnphost - ok
06:09:20.0546 1648	upperdev        (b1b8bee26227dad9835019201552cb05) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
06:09:20.0625 1648	upperdev - ok
06:09:20.0671 1648	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
06:09:20.0796 1648	UPS - ok
06:09:20.0843 1648	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:09:21.0000 1648	usbccgp - ok
06:09:21.0062 1648	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:09:21.0250 1648	usbehci - ok
06:09:21.0312 1648	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:09:21.0453 1648	usbhub - ok
06:09:21.0515 1648	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
06:09:21.0656 1648	usbohci - ok
06:09:21.0718 1648	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:09:21.0875 1648	usbprint - ok
06:09:21.0921 1648	usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
06:09:22.0093 1648	usbser - ok
06:09:22.0156 1648	UsbserFilt      (98e1ff1d732c6c7200b6c59d4ff8c1c3) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
06:09:22.0203 1648	UsbserFilt - ok
06:09:22.0265 1648	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:09:22.0406 1648	USBSTOR - ok
06:09:22.0468 1648	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:09:22.0671 1648	VgaSave - ok
06:09:22.0687 1648	ViaIde - ok
06:09:22.0734 1648	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
06:09:22.0890 1648	VolSnap - ok
06:09:22.0984 1648	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
06:09:23.0156 1648	VSS - ok
06:09:23.0218 1648	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
06:09:23.0406 1648	W32Time - ok
06:09:23.0453 1648	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:09:23.0625 1648	Wanarp - ok
06:09:23.0765 1648	Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
06:09:23.0937 1648	Wdf01000 - ok
06:09:23.0937 1648	WDICA - ok
06:09:24.0000 1648	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:09:24.0171 1648	wdmaud - ok
06:09:24.0218 1648	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
06:09:24.0390 1648	WebClient - ok
06:09:24.0515 1648	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
06:09:24.0703 1648	winmgmt - ok
06:09:24.0781 1648	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
06:09:24.0859 1648	WmdmPmSN - ok
06:09:25.0031 1648	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
06:09:25.0328 1648	Wmi - ok
06:09:25.0390 1648	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:09:25.0593 1648	WmiApSrv - ok
06:09:25.0625 1648	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
06:09:25.0656 1648	WpdUsb - ok
06:09:25.0718 1648	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
06:09:25.0843 1648	WS2IFSL - ok
06:09:25.0906 1648	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
06:09:26.0062 1648	wscsvc - ok
06:09:26.0109 1648	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:09:26.0265 1648	WSTCODEC - ok
06:09:26.0312 1648	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
06:09:26.0453 1648	wuauserv - ok
06:09:26.0500 1648	WudfPf          (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:09:26.0656 1648	WudfPf - ok
06:09:26.0687 1648	WudfRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:09:26.0734 1648	WudfRd - ok
06:09:26.0781 1648	WudfSvc         (575a4190d989f64732119e4114045a4f) C:\WINDOWS\System32\WUDFSvc.dll
06:09:26.0796 1648	WudfSvc - ok
06:09:26.0968 1648	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
06:09:27.0250 1648	WZCSVC - ok
06:09:27.0312 1648	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
06:09:27.0515 1648	xmlprov - ok
06:09:27.0578 1648	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
06:09:28.0046 1648	\Device\Harddisk0\DR0 - ok
06:09:28.0078 1648	Boot (0x1200)   (486a96fc230695122d44ca4727cedc90) \Device\Harddisk0\DR0\Partition0
06:09:28.0078 1648	\Device\Harddisk0\DR0\Partition0 - ok
06:09:28.0125 1648	Boot (0x1200)   (eedcc364b4b1149697bfc42c6f40c105) \Device\Harddisk0\DR0\Partition1
06:09:28.0125 1648	\Device\Harddisk0\DR0\Partition1 - ok
06:09:28.0140 1648	============================================================
06:09:28.0140 1648	Scan finished
06:09:28.0140 1648	============================================================
06:09:28.0296 1620	Detected object count: 4
06:09:28.0296 1620	Actual detected object count: 4
         
DANKE!!

MfG
Michael

Alt 19.06.2012, 08:33   #32
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BundesTrojaner?  PC startet nicht mehr im abgesicherten Modus - Standard

BundesTrojaner? PC startet nicht mehr im abgesicherten Modus



Log ist unvollständig, die untere Zusammenfassung fehlt
__________________

__________________

Alt 19.06.2012, 09:54   #33
bobbele89
 
BundesTrojaner?  PC startet nicht mehr im abgesicherten Modus - Standard

BundesTrojaner? PC startet nicht mehr im abgesicherten Modus



Muss wohl bei dem Kopieren verloren gegangen sein
Aber hier noch einmal das vollständige log von TDSS-Killer
Code:
ATTFilter
06:06:57.0437 0120	TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
06:06:59.0437 0120	============================================================
06:06:59.0437 0120	Current date / time: 2012/06/19 06:06:59.0437
06:06:59.0437 0120	SystemInfo:
06:06:59.0437 0120	
06:06:59.0437 0120	OS Version: 5.1.2600 ServicePack: 3.0
06:06:59.0437 0120	Product type: Workstation
06:06:59.0437 0120	ComputerName: WINXP
06:06:59.0437 0120	UserName: Maja
06:06:59.0437 0120	Windows directory: C:\WINDOWS
06:06:59.0437 0120	System windows directory: C:\WINDOWS
06:06:59.0437 0120	Processor architecture: Intel x86
06:06:59.0437 0120	Number of processors: 1
06:06:59.0437 0120	Page size: 0x1000
06:06:59.0437 0120	Boot type: Normal boot
06:06:59.0437 0120	============================================================
06:07:03.0093 0120	Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:07:03.0093 0120	============================================================
06:07:03.0093 0120	\Device\Harddisk0\DR0:
06:07:03.0093 0120	MBR partitions:
06:07:03.0093 0120	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
06:07:03.0093 0120	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A962F0, BlocksNum 0x5A781D1
06:07:03.0093 0120	============================================================
06:07:03.0109 0120	C: <-> \Device\Harddisk0\DR0\Partition0
06:07:03.0156 0120	E: <-> \Device\Harddisk0\DR0\Partition1
06:07:03.0187 0120	============================================================
06:07:03.0187 0120	Initialize success
06:07:03.0187 0120	============================================================
06:08:23.0437 1648	============================================================
06:08:23.0437 1648	Scan started
06:08:23.0437 1648	Mode: Manual; SigCheck; TDLFS; 
06:08:23.0437 1648	============================================================
06:08:23.0953 1648	61883           (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
06:08:27.0234 1648	61883 - ok
06:08:27.0250 1648	Abiosdsk - ok
06:08:27.0265 1648	abp480n5 - ok
06:08:27.0656 1648	acedrv11        (66dc3740111238c91b875d8a0021834d) C:\WINDOWS\system32\drivers\acedrv11.sys
06:08:27.0906 1648	acedrv11 - ok
06:08:27.0968 1648	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:08:28.0187 1648	ACPI - ok
06:08:28.0234 1648	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:08:28.0390 1648	ACPIEC - ok
06:08:28.0406 1648	adpu160m - ok
06:08:28.0468 1648	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:08:28.0656 1648	aec - ok
06:08:28.0734 1648	AegisP          (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
06:08:28.0781 1648	AegisP ( UnsignedFile.Multi.Generic ) - warning
06:08:28.0781 1648	AegisP - detected UnsignedFile.Multi.Generic (1)
06:08:28.0890 1648	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:08:28.0968 1648	AFD - ok
06:08:28.0984 1648	Aha154x - ok
06:08:29.0000 1648	aic78u2 - ok
06:08:29.0015 1648	aic78xx - ok
06:08:29.0156 1648	ALCXSENS        (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
06:08:29.0421 1648	ALCXSENS - ok
06:08:29.0593 1648	ALCXWDM         (4d4593c10f2c90d48da9fd1b14ace825) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
06:08:29.0937 1648	ALCXWDM - ok
06:08:29.0984 1648	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
06:08:30.0171 1648	Alerter - ok
06:08:30.0218 1648	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
06:08:30.0296 1648	ALG - ok
06:08:30.0343 1648	AliIde          (74b6def7039ecb239a1639c7fcd1bdac) C:\WINDOWS\system32\DRIVERS\aliide.sys
06:08:30.0406 1648	AliIde - ok
06:08:30.0468 1648	AmdK8           (769844eb65df6a62aa51b886290fe51d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
06:08:30.0531 1648	AmdK8 - ok
06:08:30.0546 1648	amsint - ok
06:08:30.0812 1648	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
06:08:30.0859 1648	AntiVirSchedulerService - ok
06:08:30.0921 1648	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
06:08:30.0953 1648	AntiVirService - ok
06:08:31.0015 1648	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
06:08:31.0140 1648	AppMgmt - ok
06:08:31.0203 1648	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:08:31.0390 1648	Arp1394 - ok
06:08:31.0406 1648	asc - ok
06:08:31.0421 1648	asc3350p - ok
06:08:31.0453 1648	asc3550 - ok
06:08:31.0625 1648	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
06:08:31.0640 1648	aspnet_state - ok
06:08:31.0687 1648	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:08:31.0906 1648	AsyncMac - ok
06:08:31.0953 1648	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:08:32.0125 1648	atapi - ok
06:08:32.0140 1648	Atdisk - ok
06:08:32.0187 1648	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:08:32.0375 1648	Atmarpc - ok
06:08:32.0453 1648	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
06:08:32.0625 1648	AudioSrv - ok
06:08:32.0671 1648	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:08:32.0859 1648	audstub - ok
06:08:32.0921 1648	Avc             (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
06:08:33.0109 1648	Avc - ok
06:08:33.0156 1648	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
06:08:33.0187 1648	avgntflt - ok
06:08:33.0234 1648	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
06:08:33.0281 1648	avipbb - ok
06:08:33.0328 1648	avkmgr          (53e56450da16a1a7f0d002f511113f67) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
06:08:33.0343 1648	avkmgr - ok
06:08:33.0390 1648	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:08:33.0531 1648	Beep - ok
06:08:33.0625 1648	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
06:08:34.0062 1648	BITS - ok
06:08:34.0125 1648	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
06:08:34.0281 1648	Browser - ok
06:08:34.0343 1648	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:08:34.0546 1648	cbidf2k - ok
06:08:34.0593 1648	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:08:34.0843 1648	CCDECODE - ok
06:08:34.0859 1648	cd20xrnt - ok
06:08:34.0906 1648	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:08:35.0093 1648	Cdaudio - ok
06:08:35.0125 1648	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:08:35.0296 1648	Cdfs - ok
06:08:35.0328 1648	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:08:35.0515 1648	Cdrom - ok
06:08:35.0531 1648	Changer - ok
06:08:35.0593 1648	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
06:08:35.0812 1648	CiSvc - ok
06:08:35.0859 1648	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
06:08:36.0046 1648	ClipSrv - ok
06:08:36.0234 1648	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:08:36.0265 1648	clr_optimization_v2.0.50727_32 - ok
06:08:36.0281 1648	CmdIde - ok
06:08:36.0312 1648	COMSysApp - ok
06:08:36.0343 1648	Cpqarray - ok
06:08:36.0406 1648	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
06:08:36.0578 1648	CryptSvc - ok
06:08:36.0609 1648	dac2w2k - ok
06:08:36.0625 1648	dac960nt - ok
06:08:36.0859 1648	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
06:08:36.0984 1648	DcomLaunch - ok
06:08:37.0062 1648	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
06:08:37.0281 1648	Dhcp - ok
06:08:37.0312 1648	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:08:37.0515 1648	Disk - ok
06:08:37.0531 1648	dmadmin - ok
06:08:37.0703 1648	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
06:08:38.0187 1648	dmboot - ok
06:08:38.0250 1648	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
06:08:38.0437 1648	dmio - ok
06:08:38.0484 1648	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:08:38.0640 1648	dmload - ok
06:08:38.0703 1648	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
06:08:38.0968 1648	dmserver - ok
06:08:39.0015 1648	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:08:39.0187 1648	DMusic - ok
06:08:39.0328 1648	Dnscache        (c4897fa148470182d42e999a22b83286) C:\WINDOWS\System32\poua3ktnk.dll
06:08:39.0437 1648	Dnscache ( UnsignedFile.Multi.Generic ) - warning
06:08:39.0437 1648	Dnscache - detected UnsignedFile.Multi.Generic (1)
06:08:39.0515 1648	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
06:08:39.0687 1648	Dot3svc - ok
06:08:39.0703 1648	dpti2o - ok
06:08:39.0828 1648	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:08:39.0984 1648	drmkaud - ok
06:08:40.0015 1648	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
06:08:40.0203 1648	EapHost - ok
06:08:40.0250 1648	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
06:08:40.0421 1648	ERSvc - ok
06:08:40.0484 1648	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
06:08:40.0531 1648	Eventlog - ok
06:08:40.0625 1648	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
06:08:40.0703 1648	EventSystem - ok
06:08:40.0843 1648	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:08:41.0015 1648	Fastfat - ok
06:08:41.0093 1648	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:08:41.0187 1648	FastUserSwitchingCompatibility - ok
06:08:41.0234 1648	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
06:08:41.0421 1648	Fdc - ok
06:08:41.0484 1648	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
06:08:41.0656 1648	Fips - ok
06:08:41.0687 1648	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:08:41.0937 1648	Flpydisk - ok
06:08:42.0000 1648	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:08:42.0171 1648	FltMgr - ok
06:08:42.0281 1648	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
06:08:42.0312 1648	FontCache3.0.0.0 - ok
06:08:42.0359 1648	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:08:42.0546 1648	Fs_Rec - ok
06:08:42.0593 1648	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:08:42.0843 1648	Ftdisk - ok
06:08:42.0875 1648	gameenum        (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
06:08:43.0046 1648	gameenum - ok
06:08:43.0093 1648	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:08:43.0250 1648	Gpc - ok
06:08:43.0343 1648	gupdate - ok
06:08:43.0437 1648	gusvc           (408ddd80eede47175f6844817b90213e) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
06:08:43.0500 1648	gusvc - ok
06:08:43.0578 1648	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:08:43.0812 1648	helpsvc - ok
06:08:43.0875 1648	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
06:08:44.0046 1648	HidServ - ok
06:08:44.0109 1648	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:08:44.0265 1648	HidUsb - ok
06:08:44.0328 1648	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
06:08:44.0468 1648	hkmsvc - ok
06:08:44.0484 1648	hpn - ok
06:08:44.0593 1648	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:08:44.0687 1648	HTTP - ok
06:08:44.0718 1648	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
06:08:44.0953 1648	HTTPFilter - ok
06:08:44.0968 1648	i2omgmt - ok
06:08:44.0984 1648	i2omp - ok
06:08:45.0031 1648	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:08:45.0218 1648	i8042prt - ok
06:08:45.0437 1648	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:08:45.0828 1648	idsvc - ok
06:08:45.0906 1648	IGDCTRL         (e28602c9e17b0ddce9f5deb3b3e2a635) C:\Programme\FRITZ!DSL\IGDCTRL.EXE
06:08:45.0937 1648	IGDCTRL - ok
06:08:45.0968 1648	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:08:46.0140 1648	Imapi - ok
06:08:46.0218 1648	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
06:08:46.0375 1648	ImapiService - ok
06:08:46.0406 1648	ini910u - ok
06:08:46.0437 1648	IntelIde - ok
06:08:46.0484 1648	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:08:46.0671 1648	Ip6Fw - ok
06:08:46.0718 1648	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:08:46.0937 1648	IpFilterDriver - ok
06:08:46.0968 1648	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:08:47.0140 1648	IpInIp - ok
06:08:47.0203 1648	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:08:47.0390 1648	IpNat - ok
06:08:47.0421 1648	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:08:47.0640 1648	IPSec - ok
06:08:47.0703 1648	irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
06:08:47.0843 1648	irda - ok
06:08:47.0859 1648	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:08:47.0937 1648	IRENUM - ok
06:08:48.0000 1648	Irmon           (2efe1db1ec58a26b0c14bfda122e246f) C:\WINDOWS\System32\irmon.dll
06:08:48.0093 1648	Irmon - ok
06:08:48.0125 1648	irsir           (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
06:08:48.0203 1648	irsir - ok
06:08:48.0265 1648	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:08:48.0390 1648	isapnp - ok
06:08:48.0515 1648	JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
06:08:48.0562 1648	JavaQuickStarterService - ok
06:08:48.0593 1648	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:08:48.0828 1648	Kbdclass - ok
06:08:48.0890 1648	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:08:49.0046 1648	kbdhid - ok
06:08:49.0125 1648	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:08:49.0296 1648	kmixer - ok
06:08:49.0359 1648	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:08:49.0484 1648	KSecDD - ok
06:08:49.0546 1648	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
06:08:49.0609 1648	lanmanserver - ok
06:08:49.0703 1648	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
06:08:49.0890 1648	lanmanworkstation - ok
06:08:49.0906 1648	lbrtfdc - ok
06:08:50.0000 1648	License Management Service ESD (ce0c00771ba1946cb925f2a18d882c5c) C:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe
06:08:50.0031 1648	License Management Service ESD ( UnsignedFile.Multi.Generic ) - warning
06:08:50.0031 1648	License Management Service ESD - detected UnsignedFile.Multi.Generic (1)
06:08:50.0093 1648	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
06:08:50.0250 1648	LmHosts - ok
06:08:50.0296 1648	LVUSBSta        (90259f3a20fbaec1a08d74ef5415b9d8) C:\WINDOWS\system32\drivers\lvusbsta.sys
06:08:50.0437 1648	LVUSBSta - ok
06:08:50.0500 1648	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
06:08:50.0687 1648	Messenger - ok
06:08:50.0734 1648	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:08:50.0937 1648	mnmdd - ok
06:08:50.0984 1648	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
06:08:51.0156 1648	mnmsrvc - ok
06:08:51.0203 1648	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
06:08:51.0359 1648	Modem - ok
06:08:51.0390 1648	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:08:51.0562 1648	Mouclass - ok
06:08:51.0609 1648	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:08:51.0828 1648	mouhid - ok
06:08:51.0875 1648	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:08:52.0062 1648	MountMgr - ok
06:08:52.0109 1648	mraid35x - ok
06:08:52.0156 1648	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:08:52.0328 1648	MRxDAV - ok
06:08:52.0453 1648	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:08:52.0703 1648	MRxSmb - ok
06:08:52.0828 1648	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
06:08:53.0000 1648	MSDTC - ok
06:08:53.0046 1648	MSDV            (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
06:08:53.0234 1648	MSDV - ok
06:08:53.0265 1648	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:08:53.0421 1648	Msfs - ok
06:08:53.0437 1648	MSIServer - ok
06:08:53.0484 1648	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:08:53.0625 1648	MSKSSRV - ok
06:08:53.0656 1648	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:08:53.0875 1648	MSPCLOCK - ok
06:08:53.0921 1648	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:08:54.0062 1648	MSPQM - ok
06:08:54.0125 1648	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:08:54.0296 1648	mssmbios - ok
06:08:54.0343 1648	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
06:08:54.0515 1648	MSTEE - ok
06:08:54.0531 1648	ms_mpu401       (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
06:08:54.0687 1648	ms_mpu401 - ok
06:08:54.0828 1648	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:08:54.0921 1648	Mup - ok
06:08:54.0953 1648	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:08:55.0156 1648	NABTSFEC - ok
06:08:55.0250 1648	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
06:08:55.0468 1648	napagent - ok
06:08:55.0531 1648	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:08:55.0718 1648	NDIS - ok
06:08:55.0828 1648	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:08:55.0984 1648	NdisIP - ok
06:08:56.0031 1648	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:08:56.0125 1648	NdisTapi - ok
06:08:56.0171 1648	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:08:56.0328 1648	Ndisuio - ok
06:08:56.0406 1648	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:08:56.0562 1648	NdisWan - ok
06:08:56.0625 1648	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:08:56.0687 1648	NDProxy - ok
06:08:56.0734 1648	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:08:56.0953 1648	NetBIOS - ok
06:08:57.0031 1648	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:08:57.0218 1648	NetBT - ok
06:08:57.0312 1648	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
06:08:57.0515 1648	NetDDE - ok
06:08:57.0546 1648	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
06:08:57.0671 1648	NetDDEdsdm - ok
06:08:57.0718 1648	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:08:57.0953 1648	Netlogon - ok
06:08:58.0046 1648	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
06:08:58.0265 1648	Netman - ok
06:08:58.0375 1648	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:08:58.0421 1648	NetTcpPortSharing - ok
06:08:58.0484 1648	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:08:58.0656 1648	NIC1394 - ok
06:08:58.0812 1648	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
06:08:58.0921 1648	Nla - ok
06:08:58.0968 1648	nmwcd           (28e36e677849174c910faaead3e60e9e) C:\WINDOWS\system32\drivers\ccdcmb.sys
06:08:59.0406 1648	nmwcd - ok
06:08:59.0453 1648	nmwcdc          (3823deb17f9f6775de0187a98fa0536d) C:\WINDOWS\system32\drivers\ccdcmbo.sys
06:08:59.0531 1648	nmwcdc - ok
06:08:59.0562 1648	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:08:59.0703 1648	Npfs - ok
06:08:59.0906 1648	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:09:00.0250 1648	Ntfs - ok
06:09:00.0281 1648	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:09:00.0421 1648	NtLmSsp - ok
06:09:00.0546 1648	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
06:09:00.0906 1648	NtmsSvc - ok
06:09:00.0937 1648	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:09:01.0109 1648	Null - ok
06:09:01.0484 1648	nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
06:09:02.0390 1648	nv - ok
06:09:02.0640 1648	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:09:02.0906 1648	NwlnkFlt - ok
06:09:02.0937 1648	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:09:03.0109 1648	NwlnkFwd - ok
06:09:03.0156 1648	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:09:03.0312 1648	ohci1394 - ok
06:09:03.0359 1648	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
06:09:03.0531 1648	Parport - ok
06:09:03.0562 1648	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:09:03.0703 1648	PartMgr - ok
06:09:03.0812 1648	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
06:09:03.0968 1648	ParVdm - ok
06:09:04.0000 1648	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
06:09:04.0078 1648	pccsmcfd - ok
06:09:04.0109 1648	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
06:09:04.0281 1648	PCI - ok
06:09:04.0296 1648	PCIDump - ok
06:09:04.0328 1648	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:09:04.0500 1648	PCIIde - ok
06:09:04.0546 1648	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:09:04.0734 1648	Pcmcia - ok
06:09:04.0765 1648	PDCOMP - ok
06:09:04.0828 1648	PDFRAME - ok
06:09:04.0859 1648	PDRELI - ok
06:09:04.0875 1648	PDRFRAME - ok
06:09:04.0890 1648	perc2 - ok
06:09:04.0921 1648	perc2hib - ok
06:09:05.0031 1648	PID_0928        (6eeb215fabf148b8ac008f134c1f7b9f) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
06:09:05.0125 1648	PID_0928 - ok
06:09:05.0187 1648	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
06:09:05.0218 1648	PlugPlay - ok
06:09:05.0265 1648	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:09:05.0421 1648	PolicyAgent - ok
06:09:05.0468 1648	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:09:05.0640 1648	PptpMiniport - ok
06:09:05.0671 1648	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
06:09:05.0890 1648	Processor - ok
06:09:05.0906 1648	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:09:06.0062 1648	ProtectedStorage - ok
06:09:06.0109 1648	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:09:06.0265 1648	PSched - ok
06:09:06.0328 1648	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:09:06.0500 1648	Ptilink - ok
06:09:06.0515 1648	ql1080 - ok
06:09:06.0546 1648	Ql10wnt - ok
06:09:06.0562 1648	ql12160 - ok
06:09:06.0578 1648	ql1240 - ok
06:09:06.0609 1648	ql1280 - ok
06:09:06.0656 1648	QV2KUX          (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
06:09:06.0859 1648	QV2KUX - ok
06:09:06.0875 1648	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:09:07.0062 1648	RasAcd - ok
06:09:07.0156 1648	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
06:09:07.0328 1648	RasAuto - ok
06:09:07.0359 1648	Rasirda         (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
06:09:07.0421 1648	Rasirda - ok
06:09:07.0484 1648	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:09:07.0656 1648	Rasl2tp - ok
06:09:07.0750 1648	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
06:09:07.0921 1648	RasMan - ok
06:09:07.0953 1648	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:09:08.0109 1648	RasPppoe - ok
06:09:08.0125 1648	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:09:08.0312 1648	Raspti - ok
06:09:08.0375 1648	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:09:08.0562 1648	Rdbss - ok
06:09:08.0593 1648	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:09:08.0734 1648	RDPCDD - ok
06:09:08.0812 1648	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:09:09.0015 1648	rdpdr - ok
06:09:09.0093 1648	RDPWD           (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
06:09:09.0187 1648	RDPWD - ok
06:09:09.0250 1648	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
06:09:09.0421 1648	RDSessMgr - ok
06:09:09.0484 1648	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:09:09.0656 1648	redbook - ok
06:09:09.0718 1648	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
06:09:09.0875 1648	RemoteAccess - ok
06:09:09.0937 1648	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
06:09:10.0109 1648	RemoteRegistry - ok
06:09:10.0156 1648	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
06:09:10.0312 1648	RpcLocator - ok
06:09:10.0421 1648	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
06:09:10.0500 1648	RpcSs - ok
06:09:10.0578 1648	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
06:09:10.0750 1648	RSVP - ok
06:09:10.0859 1648	RT61            (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
06:09:11.0062 1648	RT61 - ok
06:09:11.0109 1648	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:09:11.0265 1648	SamSs - ok
06:09:11.0328 1648	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
06:09:11.0484 1648	SCardSvr - ok
06:09:11.0562 1648	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
06:09:11.0750 1648	Schedule - ok
06:09:11.0796 1648	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:09:11.0859 1648	Secdrv - ok
06:09:11.0906 1648	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
06:09:12.0046 1648	seclogon - ok
06:09:12.0156 1648	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
06:09:12.0312 1648	SENS - ok
06:09:12.0359 1648	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:09:12.0484 1648	serenum - ok
06:09:12.0515 1648	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
06:09:12.0671 1648	Serial - ok
06:09:12.0718 1648	sermouse        (e8f3e51da8098201f50678cec5fce179) C:\WINDOWS\system32\DRIVERS\sermouse.sys
06:09:12.0875 1648	sermouse - ok
06:09:13.0171 1648	ServiceLayer    (5bf59c6bc737baaf541168e5cb2ec1d9) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
06:09:13.0421 1648	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
06:09:13.0421 1648	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
06:09:13.0500 1648	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:09:13.0656 1648	Sfloppy - ok
06:09:13.0765 1648	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
06:09:14.0031 1648	SharedAccess - ok
06:09:14.0109 1648	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:09:14.0140 1648	ShellHWDetection - ok
06:09:14.0156 1648	Simbad - ok
06:09:14.0234 1648	SiS315          (c10865ab0a1fd9f4ec7db70a1b8425d1) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
06:09:14.0390 1648	SiS315 - ok
06:09:14.0484 1648	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Programme\Skype\Updater\Updater.exe
06:09:14.0531 1648	SkypeUpdate - ok
06:09:14.0593 1648	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:09:14.0734 1648	SLIP - ok
06:09:14.0750 1648	Sparrow - ok
06:09:14.0781 1648	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:09:14.0921 1648	splitter - ok
06:09:15.0000 1648	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
06:09:15.0078 1648	Spooler - ok
06:09:15.0140 1648	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
06:09:15.0218 1648	sr - ok
06:09:15.0296 1648	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
06:09:15.0390 1648	srservice - ok
06:09:15.0515 1648	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:09:15.0687 1648	Srv - ok
06:09:15.0750 1648	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
06:09:15.0843 1648	SSDPSRV - ok
06:09:15.0890 1648	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
06:09:15.0906 1648	ssmdrv - ok
06:09:16.0000 1648	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
06:09:16.0250 1648	stisvc - ok
06:09:16.0296 1648	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:09:16.0484 1648	streamip - ok
06:09:16.0515 1648	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:09:16.0640 1648	swenum - ok
06:09:16.0703 1648	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:09:16.0828 1648	swmidi - ok
06:09:16.0843 1648	SwPrv - ok
06:09:16.0890 1648	symc810 - ok
06:09:16.0906 1648	symc8xx - ok
06:09:16.0921 1648	sym_hi - ok
06:09:16.0953 1648	sym_u3 - ok
06:09:16.0984 1648	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:09:17.0156 1648	sysaudio - ok
06:09:17.0187 1648	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
06:09:17.0359 1648	SysmonLog - ok
06:09:17.0437 1648	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
06:09:17.0640 1648	TapiSrv - ok
06:09:17.0734 1648	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:09:17.0890 1648	Tcpip - ok
06:09:17.0937 1648	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:09:18.0078 1648	TDPIPE - ok
06:09:18.0156 1648	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:09:18.0328 1648	TDTCP - ok
06:09:18.0375 1648	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:09:18.0531 1648	TermDD - ok
06:09:18.0609 1648	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
06:09:18.0796 1648	TermService - ok
06:09:18.0890 1648	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:09:18.0906 1648	Themes - ok
06:09:18.0968 1648	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
06:09:19.0046 1648	TlntSvr - ok
06:09:19.0062 1648	TosIde - ok
06:09:19.0140 1648	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
06:09:19.0296 1648	TrkWks - ok
06:09:19.0359 1648	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:09:19.0531 1648	Udfs - ok
06:09:19.0593 1648	ULI5261         (4b5e42130fa1840b0761a88232ad757b) C:\WINDOWS\system32\DRIVERS\ULILAN.SYS
06:09:19.0656 1648	ULI5261 - ok
06:09:19.0687 1648	uliagpkx        (4acecaa41d5f1a4cd3c78afc4de0a8c3) C:\WINDOWS\system32\DRIVERS\agpkx.sys
06:09:19.0750 1648	uliagpkx - ok
06:09:19.0765 1648	ultra - ok
06:09:19.0890 1648	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:09:20.0187 1648	Update - ok
06:09:20.0265 1648	Update-Service  (22bfa49d9d0b4b8d018efcd6f1c8cf14) C:\WINDOWS\System32\UpdSvc.dll
06:09:20.0312 1648	Update-Service - ok
06:09:20.0390 1648	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
06:09:20.0515 1648	upnphost - ok
06:09:20.0546 1648	upperdev        (b1b8bee26227dad9835019201552cb05) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
06:09:20.0625 1648	upperdev - ok
06:09:20.0671 1648	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
06:09:20.0796 1648	UPS - ok
06:09:20.0843 1648	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:09:21.0000 1648	usbccgp - ok
06:09:21.0062 1648	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:09:21.0250 1648	usbehci - ok
06:09:21.0312 1648	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:09:21.0453 1648	usbhub - ok
06:09:21.0515 1648	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
06:09:21.0656 1648	usbohci - ok
06:09:21.0718 1648	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:09:21.0875 1648	usbprint - ok
06:09:21.0921 1648	usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
06:09:22.0093 1648	usbser - ok
06:09:22.0156 1648	UsbserFilt      (98e1ff1d732c6c7200b6c59d4ff8c1c3) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
06:09:22.0203 1648	UsbserFilt - ok
06:09:22.0265 1648	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:09:22.0406 1648	USBSTOR - ok
06:09:22.0468 1648	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:09:22.0671 1648	VgaSave - ok
06:09:22.0687 1648	ViaIde - ok
06:09:22.0734 1648	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
06:09:22.0890 1648	VolSnap - ok
06:09:22.0984 1648	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
06:09:23.0156 1648	VSS - ok
06:09:23.0218 1648	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
06:09:23.0406 1648	W32Time - ok
06:09:23.0453 1648	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:09:23.0625 1648	Wanarp - ok
06:09:23.0765 1648	Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
06:09:23.0937 1648	Wdf01000 - ok
06:09:23.0937 1648	WDICA - ok
06:09:24.0000 1648	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:09:24.0171 1648	wdmaud - ok
06:09:24.0218 1648	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
06:09:24.0390 1648	WebClient - ok
06:09:24.0515 1648	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
06:09:24.0703 1648	winmgmt - ok
06:09:24.0781 1648	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
06:09:24.0859 1648	WmdmPmSN - ok
06:09:25.0031 1648	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
06:09:25.0328 1648	Wmi - ok
06:09:25.0390 1648	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:09:25.0593 1648	WmiApSrv - ok
06:09:25.0625 1648	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
06:09:25.0656 1648	WpdUsb - ok
06:09:25.0718 1648	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
06:09:25.0843 1648	WS2IFSL - ok
06:09:25.0906 1648	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
06:09:26.0062 1648	wscsvc - ok
06:09:26.0109 1648	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:09:26.0265 1648	WSTCODEC - ok
06:09:26.0312 1648	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
06:09:26.0453 1648	wuauserv - ok
06:09:26.0500 1648	WudfPf          (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:09:26.0656 1648	WudfPf - ok
06:09:26.0687 1648	WudfRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:09:26.0734 1648	WudfRd - ok
06:09:26.0781 1648	WudfSvc         (575a4190d989f64732119e4114045a4f) C:\WINDOWS\System32\WUDFSvc.dll
06:09:26.0796 1648	WudfSvc - ok
06:09:26.0968 1648	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
06:09:27.0250 1648	WZCSVC - ok
06:09:27.0312 1648	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
06:09:27.0515 1648	xmlprov - ok
06:09:27.0578 1648	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
06:09:28.0046 1648	\Device\Harddisk0\DR0 - ok
06:09:28.0078 1648	Boot (0x1200)   (486a96fc230695122d44ca4727cedc90) \Device\Harddisk0\DR0\Partition0
06:09:28.0078 1648	\Device\Harddisk0\DR0\Partition0 - ok
06:09:28.0125 1648	Boot (0x1200)   (eedcc364b4b1149697bfc42c6f40c105) \Device\Harddisk0\DR0\Partition1
06:09:28.0125 1648	\Device\Harddisk0\DR0\Partition1 - ok
06:09:28.0140 1648	============================================================
06:09:28.0140 1648	Scan finished
06:09:28.0140 1648	============================================================
06:09:28.0296 1620	Detected object count: 4
06:09:28.0296 1620	Actual detected object count: 4
06:13:49.0859 1620	AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
06:13:49.0859 1620	AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:13:49.0859 1620	Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
06:13:49.0859 1620	Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:13:49.0859 1620	License Management Service ESD ( UnsignedFile.Multi.Generic ) - skipped by user
06:13:49.0859 1620	License Management Service ESD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:13:49.0859 1620	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
06:13:49.0859 1620	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:13:53.0250 3368	Deinitialize success
         
MfG
Michael
__________________

Alt 19.06.2012, 12:26   #34
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BundesTrojaner?  PC startet nicht mehr im abgesicherten Modus - Standard

BundesTrojaner? PC startet nicht mehr im abgesicherten Modus



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.06.2012, 16:46   #35
bobbele89
 
BundesTrojaner?  PC startet nicht mehr im abgesicherten Modus - Standard

BundesTrojaner? PC startet nicht mehr im abgesicherten Modus



Soooo. Auch das ist erledigt. Wie gehabt ist hier die dazugehörige log:
[CODE]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-06-19.01 - Maja 19.06.2012  17:12:33.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.511.298 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Maja\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Maja\Eigene Dateien\~WRL2210.tmp
c:\dokumente und einstellungen\Maja\WINDOWS
C:\Thumbs.db
c:\windows\IsUn0407.exe
c:\windows\system\COMCAT.DLL
c:\windows\system\MCI32.OCA
c:\windows\system\olepro32.dll
c:\windows\system32\azip32.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\Install.exe
c:\windows\system32\setup.ini
c:\windows\system32\WindowsXP-KB829558-x86-DEU.exe
c:\windows\system32\WinLockDll.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-19 bis 2012-06-19  ))))))))))))))))))))))))))))))
.
.
2012-06-16 16:22 . 2012-06-16 16:22	--------	d-sh--w-	c:\dokumente und einstellungen\Maja\IECompatCache
2012-06-16 16:21 . 2012-06-16 16:21	--------	d-----w-	c:\dokumente und einstellungen\Maja\Lokale Einstellungen\Anwendungsdaten\Sun
2012-06-16 12:41 . 2012-06-16 12:41	--------	d-----w-	c:\programme\Gemeinsame Dateien\Java
2012-06-16 12:39 . 2012-06-16 12:39	--------	d-----w-	c:\programme\Oracle
2012-06-16 12:39 . 2012-06-16 12:39	--------	d-----w-	c:\dokumente und einstellungen\Maja\Anwendungsdaten\Oracle
2012-06-16 12:38 . 2012-05-04 17:29	143872	----a-w-	c:\windows\system32\javacpl.cpl
2012-06-16 12:38 . 2012-05-04 17:29	687504	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-16 12:38 . 2012-05-04 17:29	772504	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-06-16 12:36 . 2012-06-16 12:36	--------	d-----w-	c:\programme\Java
2012-06-16 06:11 . 2012-05-11 14:40	521728	-c----w-	c:\windows\system32\dllcache\jsdbgui.dll
2012-06-15 17:54 . 2012-06-15 17:54	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-15 14:39 . 2012-06-15 14:39	241664	----a-w-	c:\windows\system32\poua3ktnk.dll
2012-06-15 01:20 . 2012-06-15 01:20	--------	d-----w-	c:\dokumente und einstellungen\Maja\Anwendungsdaten\Malwarebytes
2012-06-15 01:19 . 2012-06-15 01:19	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-06-14 23:25 . 2012-06-15 00:46	--------	d-----w-	c:\windows\system32\NtmsData
2012-06-14 15:45 . 2012-06-14 15:45	--------	d-----w-	c:\programme\CCleaner
2012-06-14 14:10 . 2012-06-14 18:47	--------	d-----w-	C:\_OTL
2012-06-14 08:22 . 2008-04-13 17:45	20608	-c--a-w-	c:\windows\system32\dllcache\usbuhci.sys
2012-06-14 08:22 . 2008-04-13 17:45	20608	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2012-06-01 10:34 . 2008-04-14 01:22	21504	-c--a-w-	c:\windows\system32\dllcache\hidserv.dll
2012-06-01 10:34 . 2008-04-14 01:22	21504	----a-w-	c:\windows\system32\hidserv.dll
2012-06-01 10:34 . 2008-04-14 00:58	14720	-c--a-w-	c:\windows\system32\dllcache\kbdhid.sys
2012-06-01 10:34 . 2008-04-14 00:58	14720	----a-w-	c:\windows\system32\drivers\kbdhid.sys
2012-06-01 10:34 . 2008-04-13 17:45	32128	-c--a-w-	c:\windows\system32\dllcache\usbccgp.sys
2012-06-01 10:34 . 2008-04-13 17:45	32128	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2012-05-31 18:33 . 2001-08-18 02:22	12288	-c--a-w-	c:\windows\system32\dllcache\mouhid.sys
2012-05-31 18:33 . 2001-08-18 02:22	12288	----a-w-	c:\windows\system32\drivers\mouhid.sys
2012-05-31 18:33 . 2008-04-13 17:45	10368	-c--a-w-	c:\windows\system32\dllcache\hidusb.sys
2012-05-31 18:33 . 2008-04-13 17:45	10368	----a-w-	c:\windows\system32\drivers\hidusb.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 17:54 . 2011-12-09 20:31	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:22 . 2002-12-31 12:00	604160	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2002-12-31 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2002-12-31 12:00	1863296	----a-w-	c:\windows\system32\win32k.sys
2012-05-11 14:40 . 2002-12-31 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2002-12-31 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2002-12-31 12:00	385024	----a-w-	c:\windows\system32\html.iec
2012-05-05 03:14 . 2004-08-04 00:50	2071424	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2002-12-31 12:00	2194944	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2006-04-29 14:42	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2004-09-07 10:47 . 2004-09-07 10:47	70144	-c--a-w-	c:\programme\Gemeinsame Dateien\IRAMDMTR.DLL
2004-09-07 10:47 . 2004-09-07 10:47	31744	-c--a-w-	c:\programme\Gemeinsame Dateien\IRAWEBTR.DLL
2004-09-07 10:47 . 2004-09-07 10:47	186368	-c--a-w-	c:\programme\Gemeinsame Dateien\IRAREG.DLL
2004-09-07 10:46 . 2004-09-07 10:46	48640	-c--a-w-	c:\programme\Gemeinsame Dateien\IRALPTTR.DLL
2004-09-07 10:46 . 2004-09-07 10:46	99840	-c--a-w-	c:\programme\Gemeinsame Dateien\IRAABOUT.DLL
2004-09-07 10:46 . 2004-09-07 10:46	17920	-c--a-w-	c:\programme\Gemeinsame Dateien\IRASRIAL.DLL
1999-06-10 08:34 . 2006-04-29 14:45	570128	-c--a-w-	c:\programme\Gemeinsame Dateien\DAO350.DLL
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-05 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 68096]
"LogitechVideoRepair"="c:\programme\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\programme\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Maja\Startmenü\Programme\Autostart\
FRITZ!DSL Protect.lnk - c:\programme\FRITZ!DSL\FwebProt.exe [2007-9-7 1070384]
FRITZ!DSL Startcenter.lnk - c:\programme\FRITZ!DSL\StCenter.exe [2007-9-11 804144]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-5-2 450560]
Ralink Wireless Utility.lnk - c:\programme\RALINK\Common\RaUI.exe [2006-5-5 589824]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Lexware Info Service.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Lexware Info Service.lnk
backup=c:\windows\pss\Lexware Info Service.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Symantec Fax Starter Edition-Anschluss.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Symantec Fax Starter Edition-Anschluss.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition-Anschluss.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1und1Dispatcher]
2011-07-13 14:24	216432	----a-w-	c:\programme\1und1Softwareaktualisierung\SchedDispatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10	843712	----a-w-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:22	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2004-10-08 10:06	196608	----a-w-	c:\programme\Logitech\Video\ManifestEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-10-08 09:52	221184	----a-w-	c:\windows\system32\LVCOMSX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22	1695232	------w-	c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2010-03-04 13:10	2192672	----a-w-	c:\programme\Nokia\Ovi Player\NokiaOviPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 07:55	17148552	----a-r-	c:\programme\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-05 10:56	68856	----a-w-	c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programme\\eMule\\eMule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\FRITZ!DSL\\WebwaIgd.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [29.04.2006 17:22 44928]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [23.01.2008 10:19 501560]
R2 IGDCTRL;AVM IGD CTRL Service;c:\programme\FRITZ!DSL\IGDCTRL.EXE [04.09.2007 11:14 87344]
R2 Update-Service;Update-Service;c:\windows\System32\svchost.exe -k Update-Service [31.12.2002 14:00 14336]
R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [29.04.2006 17:23 29696]
S2 gupdate;Google Update Service (gupdate);"c:\programme\Google\Update\GoogleUpdate.exe" /svc --> c:\programme\Google\Update\GoogleUpdate.exe [?]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [29.02.2012 09:50 158856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-01 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-05 12:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://service.gmx.net/de/cgi/g.fcgi/application/navigator/?CUSTOMERNO=46999835&t=de1965361379.1333389311.da35d8dc
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
LSP: c:\programme\FRITZ!DSL\\sarah.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-SunJavaUpdateSched - c:\programme\Java\jre1.5.0_06\bin\jusched.exe
AddRemove-web2date - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-19 17:21
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(776)
c:\programme\FRITZ!DSL\sarah.dll
c:\programme\FRITZ!DSL\block.dll
.
Zeit der Fertigstellung: 2012-06-19  17:29:05
ComboFix-quarantined-files.txt  2012-06-19 15:28
.
Vor Suchlauf: 8 Verzeichnis(se), 14.276.718.592 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 14.375.297.024 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F8CE1AB9C4AC965F0B52F4217401311A
         
--- --- ---


MfG
Michael


Alt 19.06.2012, 22:43   #36
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BundesTrojaner?  PC startet nicht mehr im abgesicherten Modus - Standard

BundesTrojaner? PC startet nicht mehr im abgesicherten Modus



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
--> BundesTrojaner? PC startet nicht mehr im abgesicherten Modus

Alt 21.06.2012, 07:50   #37
bobbele89
 
BundesTrojaner?  PC startet nicht mehr im abgesicherten Modus - Standard

BundesTrojaner? PC startet nicht mehr im abgesicherten Modus



Hallo Arne,

poste hier dir log Dateien die du mir als Aufgabe gestellt hattest.

[CODE]
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-20 07:12:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-e WDC_WD800JD-55MUA1 rev.10.01E01
Running: cwetnz48.exe; Driver: C:\DOKUME~1\Maja\LOKALE~1\Temp\uxtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT            F8BF3474                                                                                                         ZwClose
SSDT            F8BF342E                                                                                                         ZwCreateKey
SSDT            F8BF347E                                                                                                         ZwCreateSection
SSDT            F8BF3424                                                                                                         ZwCreateThread
SSDT            F8BF3433                                                                                                         ZwDeleteKey
SSDT            F8BF343D                                                                                                         ZwDeleteValueKey
SSDT            F8BF346F                                                                                                         ZwDuplicateObject
SSDT            F8BF3442                                                                                                         ZwLoadKey
SSDT            F8BF3410                                                                                                         ZwOpenProcess
SSDT            F8BF3415                                                                                                         ZwOpenThread
SSDT            F8BF3497                                                                                                         ZwQueryValueKey
SSDT            F8BF344C                                                                                                         ZwReplaceKey
SSDT            F8BF3488                                                                                                         ZwRequestWaitReplyPort
SSDT            F8BF3447                                                                                                         ZwRestoreKey
SSDT            F8BF3483                                                                                                         ZwSetContextThread
SSDT            F8BF348D                                                                                                         ZwSetSecurityObject
SSDT            F8BF3438                                                                                                         ZwSetValueKey
SSDT            F8BF3492                                                                                                         ZwSystemDebugControl
SSDT            F8BF341F                                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

init            C:\WINDOWS\system32\drivers\ALCXSENS.SYS                                                                         entry point in "init" section [0xF7C6B900]
.reloc          C:\WINDOWS\system32\drivers\acedrv11.sys                                                                         section is executable [0xA66AD480, 0x306DD, 0xE0000060]

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtClose                                                          7C91CFEE 5 Bytes  JMP 02E21B91 
.text           C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtCreateSection                                                  7C91D17E 5 Bytes  JMP 02E208F8 
.text           C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtMapViewOfSection                                               7C91D51E 5 Bytes  JMP 02E20BD4 
.text           C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtOpenFile                                                       7C91D59E 5 Bytes  JMP 02E218B4 
.text           C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtOpenSection                                                    7C91D62E 5 Bytes  JMP 02E20683 
.text           C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtQueryAttributesFile                                            7C91D70E 5 Bytes  JMP 02E215E1 
.text           C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtQuerySection                                                   7C91D8CE 5 Bytes  JMP 02E2116D 
.text           C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtQueryVirtualMemory                                             7C91D97E 5 Bytes  JMP 02E21D66 
.text           C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtUnmapViewOfSection                                             7C91DF0E 5 Bytes  JMP 02E20F2E 
.text           C:\Programme\Internet Explorer\iexplore.exe[2204] USER32.dll!DialogBoxParamW                                     7E3747AB 5 Bytes  JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2204] USER32.dll!CreateWindowExW                                     7E37D0A3 5 Bytes  JMP 4126DAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2204] USER32.dll!DialogBoxIndirectParamW                             7E382072 5 Bytes  JMP 41367207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2204] USER32.dll!MessageBoxIndirectA                                 7E38A082 5 Bytes  JMP 41367139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2204] USER32.dll!DialogBoxParamA                                     7E38B144 5 Bytes  JMP 413671A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2204] USER32.dll!MessageBoxExW                                       7E3A0838 5 Bytes  JMP 4136700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2204] USER32.dll!MessageBoxExA                                       7E3A085C 5 Bytes  JMP 4136706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2204] USER32.dll!DialogBoxIndirectParamA                             7E3A6D7D 5 Bytes  JMP 4136726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2204] USER32.dll!MessageBoxIndirectW                                 7E3B64D5 5 Bytes  JMP 413670CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtClose                                              7C91CFEE 5 Bytes  JMP 09521B91 
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtCreateSection                                      7C91D17E 5 Bytes  JMP 095208F8 
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtCreateThread                                       7C91D1AE 5 Bytes  JMP 09684CB8 C:\WINDOWS\system32\hxjyv.dll
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtMapViewOfSection                                   7C91D51E 5 Bytes  JMP 09520BD4 
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtOpenFile                                           7C91D59E 5 Bytes  JMP 095218B4 
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtOpenSection                                        7C91D62E 5 Bytes  JMP 09520683 
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtQueryAttributesFile                                7C91D70E 5 Bytes  JMP 095215E1 
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtQuerySection                                       7C91D8CE 5 Bytes  JMP 0952116D 
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtQueryVirtualMemory                                 7C91D97E 5 Bytes  JMP 09521D66 
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtResumeThread                                       7C91DB3E 5 Bytes  JMP 09684CC9 C:\WINDOWS\system32\hxjyv.dll
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtUnmapViewOfSection                                 7C91DF0E 5 Bytes  JMP 09520F2E 
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxParamW                                     7E3747AB 5 Bytes  JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!SetWindowsHookExW                                   7E37820F 5 Bytes  JMP 41269A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!CallNextHookEx                                      7E37B3C6 5 Bytes  JMP 4125D0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!CreateWindowExW                                     7E37D0A3 5 Bytes  JMP 4126DAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!UnhookWindowsHookEx                                 7E37D5F3 5 Bytes  JMP 411D466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxIndirectParamW                             7E382072 5 Bytes  JMP 41367207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxIndirectA                                 7E38A082 5 Bytes  JMP 41367139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxParamA                                     7E38B144 5 Bytes  JMP 413671A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxExW                                       7E3A0838 5 Bytes  JMP 4136700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxExA                                       7E3A085C 5 Bytes  JMP 4136706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxIndirectParamA                             7E3A6D7D 5 Bytes  JMP 4136726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxIndirectW                                 7E3B64D5 5 Bytes  JMP 413670CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] ole32.dll!CoCreateInstance                                     774CF1BC 5 Bytes  JMP 4126DB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2468] ole32.dll!OleLoadFromStream                                    774F983B 5 Bytes  JMP 4136756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Programme\Internet Explorer\iexplore.exe[2468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]  [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                         fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library         C:\WINDOWS\system32\hxjyv.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1196]                         0x04630000                                                                                                                  
Library         C:\WINDOWS\system32\hxjyv.dll (*** hidden *** ) @ C:\Programme\Internet Explorer\iexplore.exe [2468]             0x09670000                                                                                                                  

---- Files - GMER 1.0.15 ----

File            C:\Dokumente und Einstellungen\Maja\Cookies\B8116NKE.txt                                                         497 bytes
File            C:\Dokumente und Einstellungen\Maja\Cookies\LP0BPF4H.txt                                                         755 bytes
File            C:\Dokumente und Einstellungen\Maja\Cookies\9FKZOZ1A.txt                                                         5214 bytes
File            C:\Dokumente und Einstellungen\Maja\Cookies\TF53HK1Y.txt                                                         1168 bytes
File            C:\Dokumente und Einstellungen\Maja\Cookies\3YJ5DEC5.txt                                                         116 bytes
File            C:\Dokumente und Einstellungen\Maja\Cookies\9ABMC1PT.txt                                                         2314 bytes
File            C:\Dokumente und Einstellungen\Maja\Cookies\BPK1GOZP.txt                                                         96 bytes
File            C:\Dokumente und Einstellungen\Maja\Cookies\0QQTRT0C.txt                                                         999 bytes
File            C:\Dokumente und Einstellungen\Maja\Cookies\FM4KFYOE.txt                                                         144 bytes

---- EOF - GMER 1.0.15 ----
         
--- --- ---

--- --- ---


Code:
ATTFilter
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 06:18:24 on 21.06.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"camcpl.cpl" - "Logitech Inc." - C:\WINDOWS\system32\camcpl.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acedrv11.sys
"AEGIS Protocol (IEEE 802.1x) v3.4.3.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Maja\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{8FAF0273-9CA8-4efc-9536-1E35E254D5CD} "GMX NewTab Protocol" - ? - C:\Programme\GMX Toolbar\IE\uitb.dll  (File not found)
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\msgrapp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} "Eigene Logitech-Bilder" - "Logitech Inc." - C:\Programme\Logitech\Video\Namespc2.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{59850401-6664-101B-B21C-00AA004BA90B} "Microsoft Office Binder Unbind" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office\1031\UNBIND.DLL
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_257.ocx / hxxp://active.macromedia.com/flash2/cabs/swflash.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "{7530BFB8-7293-4D34-9923-61A11451AFC5}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.eset.com/special/eos/OnlineScanner.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Logitech Desktop Messenger.lnk" - "Logitech" - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe  (Shortcut exists | File exists)
"Ralink Wireless Utility.lnk" - "Ralink Technology, Corp." - C:\Programme\RALINK\Common\RaUI.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Maja\Startmenü\Programme\Autostart\desktop.ini
"FRITZ!DSL Protect.lnk" - "AVM Berlin" - C:\Programme\FRITZ!DSL\FwebProt.exe  (Shortcut exists | File exists)
"FRITZ!DSL Startcenter.lnk" - "AVM Berlin" - C:\Programme\FRITZ!DSL\StCenter.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"LogitechVideoRepair" - "Logitech Inc." - C:\Programme\Logitech\Video\ISStart.exe 
"LogitechVideoTray" - "Logitech Inc." - C:\Programme\Logitech\Video\LogiTray.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"OLFax Ports" - "Microsoft Corporation" - C:\WINDOWS\system32\OLFMNT40.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
"DNS-Client" (Dnscache) - "Parental Solutions Inc." - C:\WINDOWS\System32\poua3ktnk.dll
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - ? - "C:\Programme\Google\Update\GoogleUpdate.exe" /svc  (File not found)
"Java Quick Starter" (JavaQuickStarterService) - "Oracle Corporation" - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
"License Management Service ESD" (License Management Service ESD) - "element5" - C:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Programme\Skype\Updater\Updater.exe
"Update-Service" (Update-Service) - "Joosoft.com GmbH" - C:\WINDOWS\System32\UpdSvc.dll
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"Sarah NSP" - "AVM Berlin" - C:\Programme\FRITZ!DSL\sarah.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"SARAH LSP" - "AVM Berlin" - C:\Programme\FRITZ!DSL\sarah.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-20 22:17:41
-----------------------------
22:17:41.453    OS Version: Windows 5.1.2600 Service Pack 3
22:17:41.453    Number of processors: 1 586 0x2F02
22:17:41.453    ComputerName: WINXP  UserName: Maja
22:17:42.281    Initialize success
22:18:12.937    AVAST engine defs: 12061901
22:18:20.500    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-e
22:18:20.515    Disk 0 Vendor: WDC_WD800JD-55MUA1 10.01E01 Size: 76319MB BusType: 3
22:18:20.531    Disk 0 MBR read successfully
22:18:20.531    Disk 0 MBR scan
22:18:20.671    Disk 0 Windows XP default MBR code
22:18:20.703    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        29996 MB offset 63
22:18:20.718    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        46320 MB offset 61432560
22:18:20.750    Disk 0 scanning sectors +156296385
22:18:20.921    Disk 0 scanning C:\WINDOWS\system32\drivers
22:18:43.750    Service scanning
22:19:08.437    Modules scanning
22:19:35.921    Disk 0 trace - called modules:
22:19:35.937    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys 
22:19:36.453    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f90ab8]
22:19:36.453    3 CLASSPNP.SYS[f8665fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-e[0x82f94d98]
22:19:36.968    AVAST engine scan C:\WINDOWS
22:20:01.937    AVAST engine scan C:\WINDOWS\system32
22:26:00.468    AVAST engine scan C:\WINDOWS\system32\drivers
22:26:26.406    AVAST engine scan C:\Dokumente und Einstellungen\Maja
22:37:26.609    AVAST engine scan C:\Dokumente und Einstellungen\All Users
22:38:10.328    Scan finished successfully
01:19:01.734    Disk 0 MBR has been saved successfully to "F:\Neusesten\MBR.dat"
01:19:01.750    The log file has been saved successfully to "F:\Neusesten\aswMBR.txt"
         
Nochmals vielen Dank für deine Ünterstützung

MfG
Michael

Alt 21.06.2012, 12:05   #38
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BundesTrojaner?  PC startet nicht mehr im abgesicherten Modus - Standard

BundesTrojaner? PC startet nicht mehr im abgesicherten Modus



Da ist noch was!

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.


Code:
ATTFilter
Killall::
File::
C:\WINDOWS\system32\hxjyv.dll
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.06.2012, 06:12   #39
bobbele89
 
BundesTrojaner?  PC startet nicht mehr im abgesicherten Modus - Standard

BundesTrojaner? PC startet nicht mehr im abgesicherten Modus



Morsche!!

auch das habe ich so ausgeführt wie du es mir beschrieben hattest. Die dazugehörige log poste ich hier.

[CODE]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-06-19.01 - Maja 22.06.2012   6:20.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.511.252 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Maja\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Maja\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\system32\hxjyv.dll"
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-22 bis 2012-06-22  ))))))))))))))))))))))))))))))
.
.
2012-06-19 15:42 . 2012-06-19 15:42	--------	d-----w-	c:\dokumente und einstellungen\Maja\Anwendungsdaten\Avira
2012-06-19 15:34 . 2012-04-27 08:20	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-06-19 15:34 . 2012-04-24 22:32	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-06-19 15:34 . 2012-04-16 19:17	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-06-19 15:34 . 2012-06-19 15:34	--------	d-----w-	c:\programme\Avira
2012-06-19 15:34 . 2012-06-19 15:34	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2012-06-16 16:22 . 2012-06-16 16:22	--------	d-sh--w-	c:\dokumente und einstellungen\Maja\IECompatCache
2012-06-16 16:21 . 2012-06-16 16:21	--------	d-----w-	c:\dokumente und einstellungen\Maja\Lokale Einstellungen\Anwendungsdaten\Sun
2012-06-16 12:41 . 2012-06-16 12:41	--------	d-----w-	c:\programme\Gemeinsame Dateien\Java
2012-06-16 12:39 . 2012-06-16 12:39	--------	d-----w-	c:\programme\Oracle
2012-06-16 12:39 . 2012-06-16 12:39	--------	d-----w-	c:\dokumente und einstellungen\Maja\Anwendungsdaten\Oracle
2012-06-16 12:38 . 2012-05-04 17:29	143872	----a-w-	c:\windows\system32\javacpl.cpl
2012-06-16 12:38 . 2012-05-04 17:29	687504	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-16 12:38 . 2012-05-04 17:29	772504	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-06-16 12:36 . 2012-06-16 12:36	--------	d-----w-	c:\programme\Java
2012-06-16 06:11 . 2012-05-11 14:40	521728	-c----w-	c:\windows\system32\dllcache\jsdbgui.dll
2012-06-15 17:54 . 2012-06-15 17:54	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-15 14:39 . 2012-06-15 14:39	241664	----a-w-	c:\windows\system32\poua3ktnk.dll
2012-06-15 01:20 . 2012-06-15 01:20	--------	d-----w-	c:\dokumente und einstellungen\Maja\Anwendungsdaten\Malwarebytes
2012-06-15 01:19 . 2012-06-15 01:19	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-06-14 23:25 . 2012-06-15 00:46	--------	d-----w-	c:\windows\system32\NtmsData
2012-06-14 15:45 . 2012-06-14 15:45	--------	d-----w-	c:\programme\CCleaner
2012-06-14 14:10 . 2012-06-14 18:47	--------	d-----w-	C:\_OTL
2012-06-14 08:22 . 2008-04-13 17:45	20608	-c--a-w-	c:\windows\system32\dllcache\usbuhci.sys
2012-06-14 08:22 . 2008-04-13 17:45	20608	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2012-06-01 10:34 . 2008-04-14 01:22	21504	-c--a-w-	c:\windows\system32\dllcache\hidserv.dll
2012-06-01 10:34 . 2008-04-14 01:22	21504	----a-w-	c:\windows\system32\hidserv.dll
2012-06-01 10:34 . 2008-04-14 00:58	14720	-c--a-w-	c:\windows\system32\dllcache\kbdhid.sys
2012-06-01 10:34 . 2008-04-14 00:58	14720	----a-w-	c:\windows\system32\drivers\kbdhid.sys
2012-06-01 10:34 . 2008-04-13 17:45	32128	-c--a-w-	c:\windows\system32\dllcache\usbccgp.sys
2012-06-01 10:34 . 2008-04-13 17:45	32128	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2012-05-31 18:33 . 2001-08-18 02:22	12288	-c--a-w-	c:\windows\system32\dllcache\mouhid.sys
2012-05-31 18:33 . 2001-08-18 02:22	12288	----a-w-	c:\windows\system32\drivers\mouhid.sys
2012-05-31 18:33 . 2008-04-13 17:45	10368	-c--a-w-	c:\windows\system32\dllcache\hidusb.sys
2012-05-31 18:33 . 2008-04-13 17:45	10368	----a-w-	c:\windows\system32\drivers\hidusb.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 17:54 . 2011-12-09 20:31	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2007-06-20 19:36	18456	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-06-20 19:36	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2006-04-29 14:48	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2006-04-29 14:48	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2006-04-29 14:48	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-06-20 19:36	15896	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2006-04-29 14:48	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2006-04-29 14:48	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2005-05-26 02:16	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2002-12-31 12:00	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-06-20 19:36	23576	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2006-04-29 14:48	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2006-04-29 14:48	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2012-03-31 15:03	214256	----a-w-	c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2012-03-31 15:03	275696	----a-w-	c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2012-03-31 15:03	18160	----a-w-	c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2002-12-31 12:00	604160	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2002-12-31 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2002-12-31 12:00	1863296	----a-w-	c:\windows\system32\win32k.sys
2012-05-11 14:40 . 2002-12-31 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2002-12-31 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2002-12-31 12:00	385024	----a-w-	c:\windows\system32\html.iec
2012-05-05 03:14 . 2004-08-04 00:50	2071424	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2002-12-31 12:00	2194944	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2006-04-29 14:42	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2004-09-07 10:47 . 2004-09-07 10:47	70144	-c--a-w-	c:\programme\Gemeinsame Dateien\IRAMDMTR.DLL
2004-09-07 10:47 . 2004-09-07 10:47	31744	-c--a-w-	c:\programme\Gemeinsame Dateien\IRAWEBTR.DLL
2004-09-07 10:47 . 2004-09-07 10:47	186368	-c--a-w-	c:\programme\Gemeinsame Dateien\IRAREG.DLL
2004-09-07 10:46 . 2004-09-07 10:46	48640	-c--a-w-	c:\programme\Gemeinsame Dateien\IRALPTTR.DLL
2004-09-07 10:46 . 2004-09-07 10:46	99840	-c--a-w-	c:\programme\Gemeinsame Dateien\IRAABOUT.DLL
2004-09-07 10:46 . 2004-09-07 10:46	17920	-c--a-w-	c:\programme\Gemeinsame Dateien\IRASRIAL.DLL
1999-06-10 08:34 . 2006-04-29 14:45	570128	-c--a-w-	c:\programme\Gemeinsame Dateien\DAO350.DLL
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-06-19_15.21.47   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-22 04:33 . 2012-06-22 04:33	16384              c:\windows\temp\Perflib_Perfdata_1cc.dat
+ 2012-06-21 04:09 . 2012-06-02 13:19	45080              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-06-21 04:09 . 2012-06-02 13:19	35864              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2006-04-29 14:48 . 2012-06-02 13:19	35864              c:\windows\system32\dllcache\wups.dll
+ 2006-04-29 14:48 . 2012-06-02 13:19	53784              c:\windows\system32\dllcache\wuauclt.exe
+ 2002-12-31 12:00 . 2012-06-02 13:19	97304              c:\windows\system32\dllcache\cdm.dll
+ 2012-06-19 15:27 . 2012-06-19 15:27	36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3b34fc2c8c94ffe21f75168980b69dfe\System.Web.DynamicData.Design.ni.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00	294912              c:\windows\system32\tnns8yjnu.dll
+ 2006-04-29 14:48 . 2012-06-02 13:19	210968              c:\windows\system32\dllcache\wuweb.dll
+ 2006-04-29 14:48 . 2012-06-02 13:19	329240              c:\windows\system32\dllcache\wucltui.dll
+ 2006-04-29 14:48 . 2012-06-02 13:19	577048              c:\windows\system32\dllcache\wuapi.dll
+ 2012-06-19 15:27 . 2012-06-19 15:27	129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\698c2093d7ac57af935b399d1c0b1790\System.Web.Routing.ni.dll
+ 2012-06-19 15:28 . 2012-06-19 15:28	859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\75248baf640115daeb0e580f1c5ff98b\System.Web.Extensions.Design.ni.dll
+ 2012-06-19 15:27 . 2012-06-19 15:27	328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\40c3b61ac38613e2b4b0f196e86185eb\System.Web.Entity.ni.dll
+ 2012-06-19 15:27 . 2012-06-19 15:27	301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\39cc9a830f7f08fd9f397be452fd78b0\System.Web.Entity.Design.ni.dll
+ 2012-06-19 15:27 . 2012-06-19 15:27	547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\88b1fd4792e7b698b788594d8e5e3c09\System.Web.DynamicData.ni.dll
+ 2012-06-19 15:27 . 2012-06-19 15:27	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6333d22a2ea347432d46c40d93194c68\System.Web.Abstractions.ni.dll
+ 2012-06-19 15:26 . 2012-06-19 15:26	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
+ 2012-06-19 15:25 . 2012-06-19 15:25	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
+ 2006-04-29 14:48 . 2012-06-02 13:19	1933848              c:\windows\system32\dllcache\wuaueng.dll
+ 2012-06-19 15:29 . 2012-06-19 15:29	1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP16.tmp\System.Web.Services.dll
+ 2012-06-20 04:30 . 2012-06-20 04:30	1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bd5bd406670d483b82bd51249eee59e3\System.WorkflowServices.ni.dll
+ 2012-06-20 04:29 . 2012-06-20 04:29	1908224              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\77361ebe9ad8ff77cc9a8d7f8363eb05\System.Workflow.Runtime.ni.dll
+ 2012-06-20 04:29 . 2012-06-20 04:29	4514304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1c12dfa7826b331b243b7b45daf9904d\System.Workflow.ComponentModel.ni.dll
+ 2012-06-20 04:28 . 2012-06-20 04:28	2992640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\514bf0e69e2c9fc8509cd23236057356\System.Workflow.Activities.ni.dll
+ 2012-06-20 04:26 . 2012-06-20 04:26	1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll
+ 2012-06-19 15:29 . 2012-06-19 15:29	2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\77f8cde07b131839f1841be702837e8e\System.Web.Mobile.ni.dll
+ 2012-06-19 15:27 . 2012-06-19 15:27	2405888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\242b168aaca18197eca371ec269e23ac\System.Web.Extensions.ni.dll
+ 2012-06-19 15:25 . 2012-06-19 15:25	1801216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll
+ 2012-06-19 15:24 . 2012-06-19 15:24	1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
+ 2012-06-19 15:26 . 2012-06-19 15:26	11817472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-05 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 68096]
"LogitechVideoRepair"="c:\programme\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\programme\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Maja\Startmenü\Programme\Autostart\
FRITZ!DSL Protect.lnk - c:\programme\FRITZ!DSL\FwebProt.exe [2007-9-7 1070384]
FRITZ!DSL Startcenter.lnk - c:\programme\FRITZ!DSL\StCenter.exe [2007-9-11 804144]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-5-2 450560]
Ralink Wireless Utility.lnk - c:\programme\RALINK\Common\RaUI.exe [2006-5-5 589824]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Lexware Info Service.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Lexware Info Service.lnk
backup=c:\windows\pss\Lexware Info Service.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Symantec Fax Starter Edition-Anschluss.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Symantec Fax Starter Edition-Anschluss.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition-Anschluss.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1und1Dispatcher]
2011-07-13 14:24	216432	----a-w-	c:\programme\1und1Softwareaktualisierung\SchedDispatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10	843712	----a-w-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:22	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2004-10-08 10:06	196608	----a-w-	c:\programme\Logitech\Video\ManifestEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-10-08 09:52	221184	----a-w-	c:\windows\system32\LVCOMSX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22	1695232	------w-	c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2010-03-04 13:10	2192672	----a-w-	c:\programme\Nokia\Ovi Player\NokiaOviPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 07:55	17148552	----a-r-	c:\programme\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-05 10:56	68856	----a-w-	c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programme\\eMule\\eMule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\FRITZ!DSL\\WebwaIgd.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [29.04.2006 17:22 44928]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [19.06.2012 17:34 36000]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [23.01.2008 10:19 501560]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [19.06.2012 17:34 86224]
R2 IGDCTRL;AVM IGD CTRL Service;c:\programme\FRITZ!DSL\IGDCTRL.EXE [04.09.2007 11:14 87344]
R2 Update-Service;Update-Service;c:\windows\System32\svchost.exe -k Update-Service [31.12.2002 14:00 14336]
R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [29.04.2006 17:23 29696]
S2 gupdate;Google Update Service (gupdate);"c:\programme\Google\Update\GoogleUpdate.exe" /svc --> c:\programme\Google\Update\GoogleUpdate.exe [?]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [29.02.2012 09:50 158856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-01 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-05 12:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
LSP: c:\programme\FRITZ!DSL\\sarah.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - 
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-22 06:35
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(796)
c:\programme\FRITZ!DSL\sarah.dll
c:\programme\FRITZ!DSL\block.dll
.
- - - - - - - > 'explorer.exe'(2148)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-22  06:42:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-22 04:42
ComboFix2.txt  2012-06-19 15:29
.
Vor Suchlauf: 10 Verzeichnis(se), 14.642.593.792 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 14.690.947.072 Bytes frei
.
- - End Of File - - 67799B8FA7709A350214E2C69D267D0B
         
--- --- ---


Wie geht es weiter?
Glaubst du er ist jetzt Virenfrei?
Freue mich wieder von dir zu Hören.

MfG
Michael

Alt 22.06.2012, 10:30   #40
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BundesTrojaner?  PC startet nicht mehr im abgesicherten Modus - Standard

BundesTrojaner? PC startet nicht mehr im abgesicherten Modus



Mach bitte ein neues Log mit GMER
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.06.2012, 17:43   #41
bobbele89
 
BundesTrojaner?  PC startet nicht mehr im abgesicherten Modus - Standard

BundesTrojaner? PC startet nicht mehr im abgesicherten Modus



Hier die log:

[CODE]
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-22 18:39:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-e WDC_WD800JD-55MUA1 rev.10.01E01
Running: cwetnz48.exe; Driver: C:\DOKUME~1\Maja\LOKALE~1\Temp\uxtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT            AEC7276C                                                                                  ZwClose
SSDT            AEC72726                                                                                  ZwCreateKey
SSDT            AEC72776                                                                                  ZwCreateSection
SSDT            AEC7271C                                                                                  ZwCreateThread
SSDT            AEC7272B                                                                                  ZwDeleteKey
SSDT            AEC72735                                                                                  ZwDeleteValueKey
SSDT            AEC72767                                                                                  ZwDuplicateObject
SSDT            AEC7273A                                                                                  ZwLoadKey
SSDT            AEC72708                                                                                  ZwOpenProcess
SSDT            AEC7270D                                                                                  ZwOpenThread
SSDT            AEC7278F                                                                                  ZwQueryValueKey
SSDT            AEC72744                                                                                  ZwReplaceKey
SSDT            AEC72780                                                                                  ZwRequestWaitReplyPort
SSDT            AEC7273F                                                                                  ZwRestoreKey
SSDT            AEC7277B                                                                                  ZwSetContextThread
SSDT            AEC72785                                                                                  ZwSetSecurityObject
SSDT            AEC72730                                                                                  ZwSetValueKey
SSDT            AEC7278A                                                                                  ZwSystemDebugControl
SSDT            AEC72717                                                                                  ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

init            C:\WINDOWS\system32\drivers\ALCXSENS.SYS                                                  entry point in "init" section [0xF818E900]
.reloc          C:\WINDOWS\system32\drivers\acedrv11.sys                                                  section is executable [0xA647C480, 0x306DD, 0xE0000060]

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtClose                                   7C91CFEE 5 Bytes  JMP 033E1B91 
.text           C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtCreateSection                           7C91D17E 5 Bytes  JMP 033E08F8 
.text           C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtMapViewOfSection                        7C91D51E 5 Bytes  JMP 033E0BD4 
.text           C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtOpenFile                                7C91D59E 5 Bytes  JMP 033E18B4 
.text           C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtOpenSection                             7C91D62E 5 Bytes  JMP 033E0683 
.text           C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtQueryAttributesFile                     7C91D70E 5 Bytes  JMP 033E15E1 
.text           C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtQuerySection                            7C91D8CE 5 Bytes  JMP 033E116D 
.text           C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtQueryVirtualMemory                      7C91D97E 5 Bytes  JMP 033E1D66 
.text           C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtUnmapViewOfSection                      7C91DF0E 5 Bytes  JMP 033E0F2E 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                                  fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library         C:\WINDOWS\system32\hxjyv.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1184]  0x044B0000                                                              

---- EOF - GMER 1.0.15 ----
         
--- --- ---


MfG
Michael

Alt 24.06.2012, 15:37   #42
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BundesTrojaner?  PC startet nicht mehr im abgesicherten Modus - Standard

BundesTrojaner? PC startet nicht mehr im abgesicherten Modus



Code:
ATTFilter
Library         C:\WINDOWS\system32\hxjyv.dll (*** hidden *** )
         
Diese Datei ist da immer noch
Boote den Rechner nochmal bitte von der OTLPE-CD
Navigiere dann nach \WINDOWS\system32, also dem system32-Ordner des auf Festplatte installierten Windows.
Benenne die Datei bitte um in hxjyv.dll.vir

Starte danach den Rechner neu und boote Windows normal. Mach danach ein neues GMER-Log und lad die umbenannte Datei also C:\WINDOWS\system32\hxjyv.dll.vir bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.06.2012, 07:17   #43
bobbele89
 
BundesTrojaner?  PC startet nicht mehr im abgesicherten Modus - Standard

BundesTrojaner? PC startet nicht mehr im abgesicherten Modus



Morgen Arne,

wollte mich entschuldigen dafür, dass ich so spät antworte. Aber ich war die letzten 2 Tage nicht online.
Habe versucht die von dir beschriebene Datei unter dem angegebenen Pfad nachdem ich von CD gebootet hatte zu finden und umzubenennen. Aber leider ist diese nicht dort zu finden...

Auch eine Suche über das komplette System ergab keinen Treffer.

Also was soll ich tun?
Bitte sei so nett und gib mir einen Rat oder erkläre mir was ich falsch gemacht habe.

DANKE!
MfG
Michael

Alt 27.06.2012, 13:42   #44
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BundesTrojaner?  PC startet nicht mehr im abgesicherten Modus - Standard

BundesTrojaner? PC startet nicht mehr im abgesicherten Modus



Boote mal deinen Rechner von einer Xubuntu-CD, siehe Link in meiner Signatur
Da wird beschrieben wir du diese CD erstellst und wie du davon bootest
Navigiere dann mal mit Ubuntu zu diesem Pfad und versuch diese Datei ausfindig zu machen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.06.2012, 09:47   #45
bobbele89
 
BundesTrojaner?  PC startet nicht mehr im abgesicherten Modus - Standard

BundesTrojaner? PC startet nicht mehr im abgesicherten Modus



Hallo,

auch hiermit ist unter diesem Pfad die Datei nicht auffindbar. Habe auch darauf geachtet, dass alle Dateien auch die versteckten mir angezeigt werden.

MfG
Michael

Antwort

Themen zu BundesTrojaner? PC startet nicht mehr im abgesicherten Modus
abgesicherten, abgesicherten modus, abgesicherten modus funktioniert, bios, boards, bundestrojaner, erstellt, funktioniert, hallo zusammen, hinweis, hochfahren, keine taskleiste, modus, neu, nicht mehr, nichts, offline, pc startet nicht mehr, programm, start, startet, startet nicht, taskleiste, tipps, trojaner, verschiedene, windows, windows xp



Ähnliche Themen: BundesTrojaner? PC startet nicht mehr im abgesicherten Modus


  1. Bundestrojaner, Windows startet nicht im abgesicherten Modus
    Log-Analyse und Auswertung - 13.05.2014 (17)
  2. Bundestrojaner - Win XP lässt sich im abgesicherten Modus nicht starten
    Log-Analyse und Auswertung - 19.03.2014 (5)
  3. Windows 7: Langsam, MBam startet nicht, auch im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 11.03.2014 (7)
  4. United Kingdom Police Trojaner, Rechner startet nicht mehr im Abgesicherten Modus
    Log-Analyse und Auswertung - 22.02.2014 (3)
  5. Bundestrojaner, Reparatur über den abgesicherten Modus funktioniert nicht
    Log-Analyse und Auswertung - 08.01.2014 (14)
  6. GVU Trojaner - Windows XP startet nicht im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 15.12.2013 (13)
  7. GVU Trojaner - Windows startet nicht mehr im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 08.11.2013 (17)
  8. GVU BKA Trojaner Win 7 startet nicht mehr im abgesicherten Modus
    Log-Analyse und Auswertung - 11.09.2013 (13)
  9. Win 7 startet nur im abgesicherten Modus - USB Massenspeicher den es nicht gibt wird angezeigt
    Plagegeister aller Art und deren Bekämpfung - 02.09.2013 (17)
  10. gvu-virus,windows7 startet nicht mehr im abgesicherten modus
    Log-Analyse und Auswertung - 12.01.2013 (2)
  11. Bundestrojaner Auch im Abgesicherten modus
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (16)
  12. Bundestrojaner, der auch im abgesicherten Modus startet
    Log-Analyse und Auswertung - 03.08.2012 (7)
  13. GVU Trojaner - Windows XP startet nicht im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (37)
  14. Verschlüsselungs Trojaner - XP startet nicht im abgesicherten Modus
    Log-Analyse und Auswertung - 22.06.2012 (42)
  15. komme nicht mehr in den abgesicherten modus win XP
    Log-Analyse und Auswertung - 14.03.2012 (3)
  16. Windows XP Pro startet nur mehr im abgesicherten Modus
    Log-Analyse und Auswertung - 05.11.2011 (6)
  17. Windows startet nicht,auch nicht im abgesicherten Modus
    Alles rund um Windows - 29.07.2008 (3)

Zum Thema BundesTrojaner? PC startet nicht mehr im abgesicherten Modus - Guten Morgen, log von TDSSKiller: Code: Alles auswählen Aufklappen ATTFilter 06:06:57.0437 0120 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31 06:06:59.0437 0120 ============================================================ 06:06:59.0437 0120 Current date / time: - BundesTrojaner? PC startet nicht mehr im abgesicherten Modus...
Archiv
Du betrachtest: BundesTrojaner? PC startet nicht mehr im abgesicherten Modus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.