Trojaner-Board
Seite 2 von 7 1 2 34 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows XP Laptop möglicherweise infiziert? (https://www.trojaner-board.de/126959-windows-xp-laptop-moeglicherweise-infiziert.html)

cosinus 18.11.2012 23:23
ja mach bitte den MBR-Fix!

Killerbee87 19.11.2012 09:14
Guten Morgen,

anbei der Fix Log und der Scan Log von aswmbr:

Fix Log:

Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 08:10:46
-----------------------------
08:10:46.640    OS Version: Windows 5.1.2600 Service Pack 3
08:10:46.640    Number of processors: 2 586 0xF06
08:10:46.640    ComputerName: PC308434332191  UserName: Katie
08:11:05.140    Initialize success
08:11:19.687    AVAST engine defs: 12111800
08:11:24.890    Verifying
08:11:34.921    Disk 0 Windows 501 MBR fixed successfully
08:12:21.859    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Katie.PC308434332191\Desktop\MBR.dat"
08:12:21.859    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Katie.PC308434332191\Desktop\aswMBRfixlog.txt"

Neuer Scan Log:

Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 08:15:56
-----------------------------
08:15:56.640    OS Version: Windows 5.1.2600 Service Pack 3
08:15:56.640    Number of processors: 2 586 0xF06
08:15:56.640    ComputerName: PC308434332191  UserName: Katie
08:16:17.687    Initialize success
08:16:31.593    AVAST engine defs: 12111800
08:16:37.312    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
08:16:37.312    Disk 0 Vendor:  Size: 0MB BusType: 0
08:16:37.328    Disk 0 MBR read successfully
08:16:37.328    Disk 0 MBR scan
08:16:37.453    Disk 0 Windows XP default MBR code
08:16:37.453    Disk 0 MBR hidden
08:16:37.453    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        85878 MB offset 63
08:16:37.546    Disk 0 Partition 2 00    0C    FAT32 LBA RECOVERY    8479 MB offset 175895685
08:16:37.609    Disk 0 Partition 3 00    D7              NTFS        1027 MB offset 193261950
08:16:37.671    Disk 0 scanning C:\WINDOWS\system32\drivers
08:16:59.437    Service scanning
08:17:12.562    Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
08:17:13.031    Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
08:17:13.796    Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
08:17:13.875    Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
08:17:34.156    Modules scanning
08:17:47.921    Disk 0 trace - called modules:
08:17:47.937    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
08:17:47.953    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f2c030]
08:17:47.953    3 CLASSPNP.SYS[f7564fd7] -> nt!IofCallDriver -> \Device\00000086[0x86ec1a00]
08:17:47.953    5 ACPI.sys[f73da620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86fc6030]
08:17:48.609    AVAST engine scan C:\WINDOWS
08:18:25.968    AVAST engine scan C:\WINDOWS\system32
08:22:13.781    AVAST engine scan C:\WINDOWS\system32\drivers
08:22:37.171    AVAST engine scan C:\Dokumente und Einstellungen\Katie.PC308434332191
08:36:49.000    AVAST engine scan C:\Dokumente und Einstellungen\All Users
08:42:34.625    Scan finished successfully
09:08:13.765    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Katie.PC308434332191\Desktop\MBR.dat"
09:08:13.812    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Katie.PC308434332191\Desktop\aswMBR191112.txt"
lg
Kathi

cosinus 19.11.2012 10:50
Ok, mach auch bitte ein neues Log mit GMER

Killerbee87 19.11.2012 15:34
Hallo cosinus,

untenstehend findest du den neuen Gmer Log:

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-19 15:08:10
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0  rev.
Running: 2dt0qi8k.exe; Driver: C:\DOKUME~1\KATIE~1.PC3\LOKALE~1\Temp\pfliikob.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwAdjustPrivilegesToken [0xEF0F3F2A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwClose [0xEF0F4824]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwConnectPort [0xEF10E7BC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateEvent [0xEF0F4D96]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateMutant [0xEF0F4C84]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreatePort [0xEF10EAD4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateProcess [0xEF0F4FC6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateProcessEx [0xEF0F518E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateSection [0xEF0F3CE6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateSemaphore [0xEF0F4EAE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateThread [0xEF0F4556]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateWaitablePort [0xEF10EB9C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwDebugActiveProcess [0xEF0F54AC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwDeleteKey [0xEF108D6E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwDeleteValueKey [0xEF10A578]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwDeviceIoControlFile [0xEF0F4866]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwDuplicateObject [0xEF0F64AC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwEnumerateKey [0xEF109D72]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwEnumerateValueKey [0xEF10A722]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwLoadDriver [0xEF0F559E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwLoadKey [0xEF1098AA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwLoadKey2 [0xEF109B06]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwMapViewOfSection [0xEF0F5B0A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwNotifyChangeKey [0xEF10CFD8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwOpenEvent [0xEF0F4E28]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwOpenMutant [0xEF0F4D10]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwOpenProcess [0xEF0F4164]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwOpenSection [0xEF0F58EE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwOpenSemaphore [0xEF0F4F40]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwOpenThread [0xEF0F4058]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwQueryKey [0xEF108BA2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwQueryMultipleValueKey [0xEF10A382]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwQueryObject [0xEF10D1CE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwQuerySection [0xEF0F5E30]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwQueryValueKey [0xEF10A172]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwQueueApcThread [0xEF0F573E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwRenameKey [0xEF108E82]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwReplaceKey [0xEF1094F6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwReplyPort [0xEF10ED16]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwReplyWaitReceivePort [0xEF10EC64]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwRequestWaitReplyPort [0xEF10ED82]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwRestoreKey [0xEF1096FE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwResumeThread [0xEF0F634E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSaveKey [0xEF109028]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSaveKeyEx [0xEF1091BE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSaveMergedKeys [0xEF10935A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSecureConnectPort [0xEF10E944]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSetContextThread [0xEF0F46C6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSetInformationToken [0xEF0F5358]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSetSystemInformation [0xEF0F5F80]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSetValueKey [0xEF109F32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSuspendProcess [0xEF0F6074]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSuspendThread [0xEF0F61AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSystemDebugControl [0xEF0F53CE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwTerminateProcess [0xEF0F4302]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwTerminateThread [0xEF0F425A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwUnmapViewOfSection [0xEF0F5CE8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwWriteVirtualMemory [0xEF0F43EC]

Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  FsRtlCheckLockForReadAccess
Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!FsRtlCheckLockForReadAccess                                              804EAFC4 5 Bytes  JMP EF0E5E5A \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text          ntkrnlpa.exe!IoIsOperationSynchronous                                                  804EF96C 5 Bytes  JMP EF0E6236 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text          ntkrnlpa.exe!ZwCallbackReturn + 2C94                                                  8050458C 12 Bytes  [D4, EA, 10, EF, C6, 4F, 0F, ...]
.text          ntkrnlpa.exe!ZwCallbackReturn + 2D60                                                  80504658 12 Bytes  [9E, 55, 0F, EF, AA, 98, 10, ...] {SAHF ; PUSH EBP; PXOR MM5, QWORD [EDX+0x6ef1098]; WAIT ; ADC BH, CH}
.text          ntkrnlpa.exe!ZwCallbackReturn + 2EDC                                                  805047D4 16 Bytes  [82, 8E, 10, EF, F6, 94, 10, ...]
.text          ntkrnlpa.exe!ZwCallbackReturn + 2F14                                                  8050480C 20 Bytes  [4E, 63, 0F, EF, 28, 90, 10, ...]
.text          ntkrnlpa.exe!ZwCallbackReturn + 2FD0                                                  805048C8 12 Bytes  [74, 60, 0F, EF, AE, 61, 0F, ...]
.text          ...                                                                                   
.text          C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                              section is writeable [0xF5362360, 0x2255BD, 0xE8000020]
?              C:\DOKUME~1\KATIE~1.PC3\LOKALE~1\Temp\aswMBR.sys                                      Das System kann die angegebene Datei nicht finden. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject]                [F6F06E60] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT            \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                [F6F06E60] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Ip                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                            kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \FileSystem\Fastfat \Fat                                                              fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                  sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----
lg
Kathi

cosinus 19.11.2012 15:36
Code:
sector 00: rootkit-like behavior
GMER meldet immer noch was

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Killerbee87 19.11.2012 19:35
Hello,

untenstehend der Combofix log (hat einwandfrei funktioniert):

Code:
ComboFix 12-11-19.01 - Katie 19.11.2012  18:48:26.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1022.611 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Katie.PC308434332191\Desktop\ComboFix.exe
AV: Kaspersky PURE 2.0 *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE 2.0 *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\dasetup.log
c:\windows\IsUn0407.exe
c:\windows\system32\roboot.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
D:\Autorun.inf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-10-19 bis 2012-11-19  ))))))))))))))))))))))))))))))
.
.
2012-11-12 19:26 . 2012-11-12 19:26        --------        d-----w-        c:\dokumente und einstellungen\Katie.PC308434332191\Anwendungsdaten\Malwarebytes
2012-11-12 19:26 . 2012-11-12 19:26        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-11-12 19:26 . 2012-11-12 19:26        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-11-12 19:26 . 2012-09-29 18:54        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-11-11 08:11 . 2012-11-11 08:11        --------        d-----w-        c:\windows\system32\LogFiles
2012-11-01 16:41 . 2012-11-01 16:41        --------        d-----r-        C:\Backup
2012-11-01 16:30 . 2009-12-14 11:44        39352        ----a-w-        c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-11-01 16:30 . 2009-12-14 11:44        88632        ----a-w-        c:\windows\system32\drivers\CSCrySec.sys
2012-11-01 16:29 . 2012-11-01 16:29        --------        d-----w-        c:\programme\Gemeinsame Dateien\InfoWatch
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-17 21:34 . 2012-05-28 15:12        696760        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-11-17 21:34 . 2011-10-19 17:11        73656        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 19:56 . 2006-03-25 04:00        1866496        ----a-w-        c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2006-03-25 04:00        58368        ----a-w-        c:\windows\system32\synceng.dll
2012-09-24 14:32 . 2012-05-17 20:26        477168        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-09-24 14:32 . 2011-10-30 18:08        473072        ----a-w-        c:\windows\system32\deployJava1.dll
2012-09-24 12:51 . 2012-05-17 20:26        73728        ----a-w-        c:\windows\system32\javacpl.cpl
2012-08-30 21:23 . 2012-08-30 21:23        229816        ----a-w-        c:\windows\system32\klogon.dll
2012-08-28 15:05 . 2006-03-25 04:00        916992        ----a-w-        c:\windows\system32\wininet.dll
2012-08-28 15:05 . 2006-03-25 04:00        43520        ------w-        c:\windows\system32\licmgr10.dll
2012-08-28 15:05 . 2006-03-25 04:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-03-25 04:00        385024        ------w-        c:\windows\system32\html.iec
2012-08-24 13:53 . 2006-03-25 04:00        177664        ----a-w-        c:\windows\system32\wintrust.dll
2012-08-23 06:26 . 2006-03-25 04:00        2151424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-08-23 06:26 . 2006-03-25 04:00        2030080        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-11-01 12:29 . 2012-11-01 12:28        261600        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-30 21:24        496056        ----a-w-        c:\programme\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"hpWirelessAssistant"="c:\programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"nwiz"="nwiz.exe" [2006-07-20 1519616]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\programme\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"QlbCtrl"="c:\programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\programme\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVP"="c:\programme\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-30 202328]
"HP Software Update"="c:\programme\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
HP Photosmart Premier – Schnellstart.lnk - c:\programme\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Katie.PC308434332191^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\dokumente und einstellungen\Katie.PC308434332191\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [01.11.2012 17:30 88632]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [01.11.2012 17:30 39352]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [20.10.2011 11:48 13104]
R2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\programme\Gemeinsame Dateien\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21.12.2009 17:34 743992]
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [12.11.2012 20:26 399432]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam  ;c:\windows\system32\drivers\5U870CAP.sys [06.06.2006 21:39 61952]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10.03.2011 17:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02.11.2009 19:27 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12.11.2012 20:26 22856]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [12.11.2012 20:26 676936]
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 21:35]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.claro-search.com/?affID=114506&tt=3912_4&babsrc=HP_clro&mntrId=529c611a0000000000000018deaddf4d
uInternet Connection Wizard,ShellNext = "c:\programme\Outlook Express\msimn.exe"
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\Katie.PC308434332191\Anwendungsdaten\Mozilla\Firefox\Profiles\ken3j9kx.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.at/
FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=114506&tt=3912_4&babsrc=KW_clro&mntrId=529c611a0000000000000018deaddf4d&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-26 18:35; ffxtlbr@claro.com; c:\dokumente und einstellungen\Katie.PC308434332191\Anwendungsdaten\Mozilla\Firefox\Profiles\ken3j9kx.default\extensions\ffxtlbr@claro.com
FF - ExtSQL: 2012-11-18 20:07; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.claro.id - 529c611a0000000000000018deaddf4d
FF - user.js: extensions.claro.instlDay - 15608
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.120:09
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-19 19:04
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\programme\Hewlett-Packard\Default Settings\cpqset.exe??@?????????????L?@?????8_??????`?@?????L?@
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
copy of MBR has been found in sector 1 !
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2012-11-19  19:06:19
ComboFix-quarantined-files.txt  2012-11-19 18:06
.
Vor Suchlauf: 16 Verzeichnis(se), 20.513.832.960 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 22.452.420.608 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1B437C907063BDF4B5FBC0624F117B90
lg

cosinus 19.11.2012 20:04
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Killerbee87 19.11.2012 20:22
anbei das TDSS log

Code:
20:17:22.0025 3784  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:17:24.0025 3784  ============================================================
20:17:24.0025 3784  Current date / time: 2012/11/19 20:17:24.0025
20:17:24.0025 3784  SystemInfo:
20:17:24.0025 3784 
20:17:24.0025 3784  OS Version: 5.1.2600 ServicePack: 3.0
20:17:24.0025 3784  Product type: Workstation
20:17:24.0025 3784  ComputerName: PC308434332191
20:17:24.0025 3784  UserName: Katie
20:17:24.0025 3784  Windows directory: C:\WINDOWS
20:17:24.0025 3784  System windows directory: C:\WINDOWS
20:17:24.0025 3784  Processor architecture: Intel x86
20:17:24.0025 3784  Number of processors: 2
20:17:24.0025 3784  Page size: 0x1000
20:17:24.0025 3784  Boot type: Normal boot
20:17:24.0025 3784  ============================================================
20:17:26.0885 3784  Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:17:26.0885 3784  ============================================================
20:17:26.0885 3784  \Device\Harddisk0\DR0:
20:17:26.0916 3784  MBR partitions:
20:17:26.0916 3784  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA7BB585
20:17:26.0916 3784  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0xA7BF485, BlocksNum 0x108FCF9
20:17:26.0916 3784  ============================================================
20:17:26.0994 3784  C: <-> \Device\Harddisk0\DR0\Partition1
20:17:27.0010 3784  D: <-> \Device\Harddisk0\DR0\Partition2
20:17:27.0010 3784  ============================================================
20:17:27.0010 3784  Initialize success
20:17:27.0010 3784  ============================================================
20:18:00.0024 1000  ============================================================
20:18:00.0024 1000  Scan started
20:18:00.0024 1000  Mode: Manual; SigCheck; TDLFS;
20:18:00.0024 1000  ============================================================
20:18:00.0165 1000  ================ Scan system memory ========================
20:18:00.0165 1000  System memory - ok
20:18:00.0165 1000  ================ Scan services =============================
20:18:00.0478 1000  [ D2142FEE659D97B2B05820F21594BFE2 ] 5U870CAP_VID_1262&PID_25FD C:\WINDOWS\system32\Drivers\5U870CAP.sys
20:18:01.0056 1000  5U870CAP_VID_1262&PID_25FD - ok
20:18:01.0071 1000  Abiosdsk - ok
20:18:01.0103 1000  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:18:01.0728 1000  abp480n5 - ok
20:18:01.0806 1000  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:18:02.0040 1000  ACPI - ok
20:18:02.0056 1000  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:18:02.0243 1000  ACPIEC - ok
20:18:02.0415 1000  [ 746742588C07DB53731143229E2EE450 ] AddFiltr        C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
20:18:02.0431 1000  AddFiltr ( UnsignedFile.Multi.Generic ) - warning
20:18:02.0431 1000  AddFiltr - detected UnsignedFile.Multi.Generic (1)
20:18:02.0556 1000  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:18:02.0587 1000  AdobeFlashPlayerUpdateSvc - ok
20:18:02.0602 1000  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:18:02.0727 1000  adpu160m - ok
20:18:02.0759 1000  [ 8BED39E3C35D6A489438B8141717A557 ] aec            C:\WINDOWS\system32\drivers\aec.sys
20:18:02.0946 1000  aec - ok
20:18:02.0993 1000  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD            C:\WINDOWS\System32\drivers\afd.sys
20:18:03.0040 1000  AFD - ok
20:18:03.0071 1000  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
20:18:03.0212 1000  agp440 - ok
20:18:03.0243 1000  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:18:03.0368 1000  agpCPQ - ok
20:18:03.0415 1000  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x        C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:18:03.0509 1000  Aha154x - ok
20:18:03.0524 1000  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2        C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:18:03.0665 1000  aic78u2 - ok
20:18:03.0696 1000  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx        C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:18:03.0837 1000  aic78xx - ok
20:18:03.0868 1000  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter        C:\WINDOWS\system32\alrsvc.dll
20:18:04.0009 1000  Alerter - ok
20:18:04.0024 1000  [ 190CD73D4984F94D823F9444980513E5 ] ALG            C:\WINDOWS\System32\alg.exe
20:18:04.0196 1000  ALG - ok
20:18:04.0212 1000  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
20:18:04.0321 1000  AliIde - ok
20:18:04.0352 1000  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:18:04.0462 1000  alim1541 - ok
20:18:04.0477 1000  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:18:04.0618 1000  amdagp - ok
20:18:04.0649 1000  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
20:18:04.0743 1000  amsint - ok
20:18:04.0790 1000  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt        C:\WINDOWS\System32\appmgmts.dll
20:18:04.0931 1000  AppMgmt - ok
20:18:04.0962 1000  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394        C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:18:05.0087 1000  Arp1394 - ok
20:18:05.0118 1000  [ 62D318E9A0C8FC9B780008E724283707 ] asc            C:\WINDOWS\system32\DRIVERS\asc.sys
20:18:05.0274 1000  asc - ok
20:18:05.0306 1000  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:18:05.0399 1000  asc3350p - ok
20:18:05.0431 1000  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550        C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:18:05.0571 1000  asc3550 - ok
20:18:05.0727 1000  [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
20:18:05.0743 1000  aspnet_state ( UnsignedFile.Multi.Generic ) - warning
20:18:05.0743 1000  aspnet_state - detected UnsignedFile.Multi.Generic (1)
20:18:05.0774 1000  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:18:05.0915 1000  AsyncMac - ok
20:18:05.0946 1000  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi          C:\WINDOWS\system32\DRIVERS\atapi.sys
20:18:06.0087 1000  atapi - ok
20:18:06.0087 1000  Atdisk - ok
20:18:06.0134 1000  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc        C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:18:06.0259 1000  Atmarpc - ok
20:18:06.0321 1000  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:18:06.0446 1000  AudioSrv - ok
20:18:06.0493 1000  [ D9F724AA26C010A217C97606B160ED68 ] audstub        C:\WINDOWS\system32\DRIVERS\audstub.sys
20:18:06.0618 1000  audstub - ok
20:18:06.0681 1000  AVP - ok
20:18:06.0696 1000  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:18:06.0837 1000  Beep - ok
20:18:06.0915 1000  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
20:18:07.0102 1000  BITS - ok
20:18:07.0180 1000  [ B71549F23736ADF83A571061C47777FD ] Browser        C:\WINDOWS\System32\browser.dll
20:18:07.0243 1000  Browser - ok
20:18:07.0274 1000  [ 4272BAB9291D26DA5AC913BC79C3CE85 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
20:18:07.0274 1000  BTWUSB ( UnsignedFile.Multi.Generic ) - warning
20:18:07.0274 1000  BTWUSB - detected UnsignedFile.Multi.Generic (1)
20:18:07.0399 1000  catchme - ok
20:18:07.0399 1000  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf          C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:18:07.0524 1000  cbidf - ok
20:18:07.0524 1000  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k        C:\WINDOWS\system32\drivers\cbidf2k.sys
20:18:07.0634 1000  cbidf2k - ok
20:18:07.0680 1000  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:18:07.0837 1000  CCDECODE - ok
20:18:07.0868 1000  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:18:07.0962 1000  cd20xrnt - ok
20:18:08.0009 1000  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio        C:\WINDOWS\system32\drivers\Cdaudio.sys
20:18:08.0165 1000  Cdaudio - ok
20:18:08.0180 1000  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:18:08.0321 1000  Cdfs - ok
20:18:08.0337 1000  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom          C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:18:08.0462 1000  Cdrom - ok
20:18:08.0462 1000  Changer - ok
20:18:08.0509 1000  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc          C:\WINDOWS\system32\cisvc.exe
20:18:08.0634 1000  CiSvc - ok
20:18:08.0665 1000  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv        C:\WINDOWS\system32\clipsrv.exe
20:18:08.0790 1000  ClipSrv - ok
20:18:08.0805 1000  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:18:08.0930 1000  CmBatt - ok
20:18:08.0962 1000  [ C687F81290303D90099B027A6474F99F ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:18:09.0087 1000  CmdIde - ok
20:18:09.0102 1000  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:18:09.0243 1000  Compbatt - ok
20:18:09.0243 1000  COMSysApp - ok
20:18:09.0274 1000  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:18:09.0415 1000  Cpqarray - ok
20:18:09.0430 1000  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:18:09.0540 1000  CryptSvc - ok
20:18:09.0587 1000  [ 5CBF20674BE8364FEBB6A13451A42F0A ] CSCrySec        C:\WINDOWS\system32\DRIVERS\CSCrySec.sys
20:18:09.0634 1000  CSCrySec - ok
20:18:09.0759 1000  [ 6E5B42219F1FE4A3D087D9D501E343D5 ] CSObjectsSrv    C:\Programme\Gemeinsame Dateien\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
20:18:09.0821 1000  CSObjectsSrv - ok
20:18:09.0852 1000  [ 2C3F213EDDD231099FB779A45D7680E0 ] CSVirtualDiskDrv C:\WINDOWS\system32\DRIVERS\CSVirtualDiskDrv.sys
20:18:09.0868 1000  CSVirtualDiskDrv - ok
20:18:09.0915 1000  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k        C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:18:10.0055 1000  dac2w2k - ok
20:18:10.0071 1000  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:18:10.0274 1000  dac960nt - ok
20:18:10.0352 1000  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:18:10.0462 1000  DcomLaunch - ok
20:18:10.0509 1000  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:18:10.0618 1000  Dhcp - ok
20:18:10.0680 1000  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:18:10.0790 1000  Disk - ok
20:18:10.0790 1000  dmadmin - ok
20:18:10.0837 1000  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:18:11.0024 1000  dmboot - ok
20:18:11.0040 1000  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:18:11.0165 1000  dmio - ok
20:18:11.0180 1000  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:18:11.0321 1000  dmload - ok
20:18:11.0384 1000  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:18:11.0509 1000  dmserver - ok
20:18:11.0524 1000  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:18:11.0649 1000  DMusic - ok
20:18:11.0712 1000  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:18:11.0759 1000  Dnscache - ok
20:18:11.0805 1000  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc        C:\WINDOWS\System32\dot3svc.dll
20:18:11.0930 1000  Dot3svc - ok
20:18:11.0962 1000  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:18:12.0102 1000  dpti2o - ok
20:18:12.0149 1000  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud        C:\WINDOWS\system32\drivers\drmkaud.sys
20:18:12.0258 1000  drmkaud - ok
20:18:12.0321 1000  [ F239EC59B4A30266A4A7B081A5DEE0FC ] e1express      C:\WINDOWS\system32\DRIVERS\e1e5132.sys
20:18:12.0368 1000  e1express - ok
20:18:12.0383 1000  [ B5CB3084046146FD2587D8C9B219FEB4 ] eabfiltr        C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
20:18:12.0430 1000  eabfiltr - ok
20:18:12.0462 1000  [ 231F4547AE1E4B3E60ECA66C3A96D218 ] eabusb          C:\WINDOWS\system32\DRIVERS\eabusb.sys
20:18:12.0508 1000  eabusb - ok
20:18:12.0524 1000  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost        C:\WINDOWS\System32\eapsvc.dll
20:18:12.0665 1000  EapHost - ok
20:18:12.0758 1000  [ D039A0C347632622934906BD59A4E1EA ] ehRecvr        C:\WINDOWS\eHome\ehRecvr.exe
20:18:12.0790 1000  ehRecvr - ok
20:18:12.0821 1000  [ E774BF24A6CB798DCE67AD1C8E917152 ] ehSched        C:\WINDOWS\eHome\ehSched.exe
20:18:12.0868 1000  ehSched - ok
20:18:12.0915 1000  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc          C:\WINDOWS\System32\ersvc.dll
20:18:13.0024 1000  ERSvc - ok
20:18:13.0087 1000  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
20:18:13.0133 1000  Eventlog - ok
20:18:13.0180 1000  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem    C:\WINDOWS\system32\es.dll
20:18:13.0227 1000  EventSystem - ok
20:18:13.0290 1000  [ 38D332A6D56AF32635675F132548343E ] Fastfat        C:\WINDOWS\system32\drivers\Fastfat.sys
20:18:13.0415 1000  Fastfat - ok
20:18:13.0462 1000  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:18:13.0508 1000  FastUserSwitchingCompatibility - ok
20:18:13.0540 1000  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc            C:\WINDOWS\system32\drivers\Fdc.sys
20:18:13.0649 1000  Fdc - ok
20:18:13.0680 1000  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:18:13.0805 1000  Fips - ok
20:18:13.0805 1000  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
20:18:13.0946 1000  Flpydisk - ok
20:18:13.0977 1000  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:18:14.0102 1000  FltMgr - ok
20:18:14.0149 1000  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:18:14.0290 1000  Fs_Rec - ok
20:18:14.0290 1000  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:18:14.0415 1000  Ftdisk - ok
20:18:14.0415 1000  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc            C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:18:14.0524 1000  Gpc - ok
20:18:14.0587 1000  [ 4D4D97671C63C3AF869B3518E6054204 ] HBtnKey        C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
20:18:14.0618 1000  HBtnKey - ok
20:18:14.0649 1000  [ 2A6E9A118DA2DD0439551A7EB3A8F65E ] HdAudAddService C:\WINDOWS\system32\drivers\CHDAud.sys
20:18:14.0743 1000  HdAudAddService - ok
20:18:14.0805 1000  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:18:14.0915 1000  HDAudBus - ok
20:18:15.0024 1000  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc        C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:18:15.0196 1000  helpsvc - ok
20:18:15.0212 1000  HidServ - ok
20:18:15.0274 1000  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:18:15.0383 1000  HidUsb - ok
20:18:15.0430 1000  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:18:15.0540 1000  hkmsvc - ok
20:18:15.0571 1000  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn            C:\WINDOWS\system32\DRIVERS\hpn.sys
20:18:15.0680 1000  hpn - ok
20:18:15.0758 1000  [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex        C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
20:18:15.0790 1000  hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
20:18:15.0790 1000  hpqwmiex - detected UnsignedFile.Multi.Generic (1)
20:18:15.0852 1000  [ 448C0FD272FE1B80046F4767DB21EB8D ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:18:15.0868 1000  HSFHWAZL - ok
20:18:15.0946 1000  [ 2715A27DE9C17BDBAF6D6C79989A7B12 ] HSF_DPV        C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:18:16.0055 1000  HSF_DPV - ok
20:18:16.0118 1000  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:18:16.0180 1000  HTTP - ok
20:18:16.0212 1000  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:18:16.0415 1000  HTTPFilter - ok
20:18:16.0415 1000  hwdatacard - ok
20:18:16.0446 1000  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt        C:\WINDOWS\system32\drivers\i2omgmt.sys
20:18:16.0571 1000  i2omgmt - ok
20:18:16.0587 1000  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp          C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:18:16.0727 1000  i2omp - ok
20:18:16.0774 1000  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:18:16.0899 1000  i8042prt - ok
20:18:16.0977 1000  [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
20:18:17.0055 1000  iaStor - ok
20:18:17.0196 1000  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:18:17.0211 1000  IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:18:17.0211 1000  IDriverT - detected UnsignedFile.Multi.Generic (1)
20:18:17.0227 1000  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi          C:\WINDOWS\system32\DRIVERS\imapi.sys
20:18:17.0336 1000  Imapi - ok
20:18:17.0368 1000  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
20:18:17.0477 1000  ImapiService - ok
20:18:17.0508 1000  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u        C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:18:17.0633 1000  ini910u - ok
20:18:17.0665 1000  [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
20:18:17.0821 1000  IntelIde - ok
20:18:17.0868 1000  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:18:17.0993 1000  intelppm - ok
20:18:18.0024 1000  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw          C:\WINDOWS\system32\drivers\ip6fw.sys
20:18:18.0165 1000  Ip6Fw - ok
20:18:18.0211 1000  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:18:18.0352 1000  IpFilterDriver - ok
20:18:18.0368 1000  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:18:18.0477 1000  IpInIp - ok
20:18:18.0524 1000  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat          C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:18:18.0649 1000  IpNat - ok
20:18:18.0680 1000  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec          C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:18:18.0805 1000  IPSec - ok
20:18:18.0821 1000  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:18:18.0946 1000  IRENUM - ok
20:18:18.0961 1000  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:18:19.0086 1000  isapnp - ok
20:18:19.0196 1000  [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
20:18:19.0211 1000  JavaQuickStarterService - ok
20:18:19.0227 1000  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:18:19.0352 1000  Kbdclass - ok
20:18:19.0352 1000  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:18:19.0477 1000  kbdhid - ok
20:18:19.0508 1000  [ F992818A90C8D79092EE72328968B141 ] KL1            C:\WINDOWS\system32\DRIVERS\kl1.sys
20:18:19.0540 1000  KL1 - ok
20:18:19.0540 1000  [ 7AAD8F20AF01797F0A3C61AB727214E1 ] kl2            C:\WINDOWS\system32\DRIVERS\kl2.sys
20:18:19.0555 1000  kl2 - ok
20:18:19.0618 1000  [ 47F6C0C75528CCD5104C6DDA23314367 ] KLIF            C:\WINDOWS\system32\DRIVERS\klif.sys
20:18:19.0665 1000  KLIF - ok
20:18:19.0711 1000  [ 96A7EC308A93DA26DFE481308BAAC2A2 ] klim5          C:\WINDOWS\system32\DRIVERS\klim5.sys
20:18:19.0727 1000  klim5 - ok
20:18:19.0758 1000  [ 3959530F69E19DA56F1F24F2C89F1E2C ] klmouflt        C:\WINDOWS\system32\DRIVERS\klmouflt.sys
20:18:19.0774 1000  klmouflt - ok
20:18:19.0821 1000  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:18:19.0946 1000  kmixer - ok
20:18:20.0008 1000  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:18:20.0086 1000  KSecDD - ok
20:18:20.0133 1000  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
20:18:20.0196 1000  lanmanserver - ok
20:18:20.0258 1000  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:18:20.0352 1000  lanmanworkstation - ok
20:18:20.0368 1000  lbrtfdc - ok
20:18:20.0461 1000  [ 86E8BCAA91FC2ACFACD99CF2BF9F1F47 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
20:18:20.0493 1000  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:18:20.0493 1000  LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:18:20.0555 1000  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts        C:\WINDOWS\System32\lmhsvc.dll
20:18:20.0743 1000  LmHosts - ok
20:18:20.0774 1000  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector  C:\WINDOWS\system32\drivers\mbam.sys
20:18:20.0790 1000  MBAMProtector - ok
20:18:20.0868 1000  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler  C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:18:20.0899 1000  MBAMScheduler - ok
20:18:20.0977 1000  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService    C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
20:18:21.0040 1000  MBAMService - ok
20:18:21.0086 1000  [ 52404CC76E9D53843BDF97564BB16BED ] McrdSvc        C:\WINDOWS\ehome\mcrdsvc.exe
20:18:21.0118 1000  McrdSvc - ok
20:18:21.0165 1000  [ 74F4372AF97A587ECEC527EC34955712 ] mdmxsdk        C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:18:21.0180 1000  mdmxsdk - ok
20:18:21.0227 1000  [ B7550A7107281D170CE85524B1488C98 ] Messenger      C:\WINDOWS\System32\msgsvc.dll
20:18:21.0368 1000  Messenger - ok
20:18:21.0415 1000  [ DED60230E3019C508769EC3C15BCDA44 ] MHN            C:\WINDOWS\System32\mhn.dll
20:18:21.0446 1000  MHN ( UnsignedFile.Multi.Generic ) - warning
20:18:21.0446 1000  MHN - detected UnsignedFile.Multi.Generic (1)
20:18:21.0477 1000  [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV          C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:18:21.0508 1000  MHNDRV ( UnsignedFile.Multi.Generic ) - warning
20:18:21.0508 1000  MHNDRV - detected UnsignedFile.Multi.Generic (1)
20:18:21.0664 1000  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
20:18:21.0696 1000  Microsoft Office Groove Audit Service - ok
20:18:21.0727 1000  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd          C:\WINDOWS\system32\drivers\mnmdd.sys
20:18:21.0914 1000  mnmdd - ok
20:18:21.0961 1000  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc        C:\WINDOWS\system32\mnmsrvc.exe
20:18:22.0071 1000  mnmsrvc - ok
20:18:22.0118 1000  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem          C:\WINDOWS\system32\drivers\Modem.sys
20:18:22.0243 1000  Modem - ok
20:18:22.0258 1000  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:18:22.0368 1000  Mouclass - ok
20:18:22.0414 1000  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:18:22.0539 1000  mouhid - ok
20:18:22.0571 1000  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:18:22.0727 1000  MountMgr - ok
20:18:22.0789 1000  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
20:18:22.0836 1000  MozillaMaintenance - ok
20:18:22.0883 1000  [ 70C14F5CCA5CF73F8A645C73A01D8726 ] MQAC            C:\WINDOWS\system32\drivers\mqac.sys
20:18:22.0993 1000  MQAC - ok
20:18:23.0039 1000  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:18:23.0196 1000  mraid35x - ok
20:18:23.0196 1000  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:18:23.0336 1000  MRxDAV - ok
20:18:23.0414 1000  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:18:23.0493 1000  MRxSmb - ok
20:18:23.0539 1000  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC          C:\WINDOWS\system32\msdtc.exe
20:18:23.0649 1000  MSDTC - ok
20:18:23.0711 1000  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:18:23.0821 1000  Msfs - ok
20:18:23.0836 1000  MSIServer - ok
20:18:23.0852 1000  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV        C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:18:23.0977 1000  MSKSSRV - ok
20:18:24.0024 1000  [ 0DCA65CF0B5E016192DFC8D184544FB6 ] MSMQ            C:\WINDOWS\system32\mqsvc.exe
20:18:24.0149 1000  MSMQ - ok
20:18:24.0164 1000  [ 7E68E3D511CF98CCD613DE1253DA4247 ] MSMQTriggers    C:\WINDOWS\system32\mqtgsvc.exe
20:18:24.0289 1000  MSMQTriggers - ok
20:18:24.0321 1000  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:18:24.0430 1000  MSPCLOCK - ok
20:18:24.0493 1000  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM          C:\WINDOWS\system32\drivers\MSPQM.sys
20:18:24.0618 1000  MSPQM - ok
20:18:24.0649 1000  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:18:24.0758 1000  mssmbios - ok
20:18:24.0774 1000  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE          C:\WINDOWS\system32\drivers\MSTEE.sys
20:18:24.0899 1000  MSTEE - ok
20:18:24.0930 1000  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup            C:\WINDOWS\system32\drivers\Mup.sys
20:18:24.0977 1000  Mup - ok
20:18:25.0008 1000  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:18:25.0133 1000  NABTSFEC - ok
20:18:25.0196 1000  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
20:18:25.0321 1000  napagent - ok
20:18:25.0352 1000  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:18:25.0493 1000  NDIS - ok
20:18:25.0524 1000  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:18:25.0649 1000  NdisIP - ok
20:18:25.0680 1000  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:18:25.0727 1000  NdisTapi - ok
20:18:25.0774 1000  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio        C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:18:25.0914 1000  Ndisuio - ok
20:18:25.0946 1000  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan        C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:18:26.0102 1000  NdisWan - ok
20:18:26.0149 1000  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy        C:\WINDOWS\system32\drivers\NDProxy.sys
20:18:26.0196 1000  NDProxy - ok
20:18:26.0211 1000  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS        C:\WINDOWS\system32\DRIVERS\netbios.sys
20:18:26.0352 1000  NetBIOS - ok
20:18:26.0383 1000  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT          C:\WINDOWS\system32\DRIVERS\netbt.sys
20:18:26.0524 1000  NetBT - ok
20:18:26.0586 1000  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:18:26.0711 1000  NetDDE - ok
20:18:26.0711 1000  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:18:26.0821 1000  NetDDEdsdm - ok
20:18:26.0883 1000  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:18:26.0992 1000  Netlogon - ok
20:18:27.0024 1000  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
20:18:27.0149 1000  Netman - ok
20:18:27.0274 1000  [ E2F396F71A793A04839DBB6AF304A026 ] NETw3x32        C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
20:18:27.0477 1000  NETw3x32 - ok
20:18:27.0508 1000  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394        C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:18:27.0649 1000  NIC1394 - ok
20:18:27.0680 1000  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla            C:\WINDOWS\System32\mswsock.dll
20:18:27.0727 1000  Nla - ok
20:18:27.0758 1000  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:18:27.0914 1000  Npfs - ok
20:18:27.0961 1000  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:18:28.0117 1000  Ntfs - ok
20:18:28.0149 1000  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp        C:\WINDOWS\system32\lsass.exe
20:18:28.0242 1000  NtLmSsp - ok
20:18:28.0289 1000  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc        C:\WINDOWS\system32\ntmssvc.dll
20:18:28.0461 1000  NtmsSvc - ok
20:18:28.0508 1000  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:18:28.0617 1000  Null - ok
20:18:28.0821 1000  [ 59E5D945934EC2E7EAA22AF81813DABF ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:18:29.0196 1000  nv - ok
20:18:29.0258 1000  [ 6D88C26BF33D2B8404F01CECBDD47D3A ] NVSvc          C:\WINDOWS\system32\nvsvc32.exe
20:18:29.0289 1000  NVSvc - ok
20:18:29.0321 1000  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:18:29.0492 1000  NwlnkFlt - ok
20:18:29.0539 1000  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:18:29.0649 1000  NwlnkFwd - ok
20:18:29.0805 1000  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
20:18:29.0852 1000  odserv - ok
20:18:29.0883 1000  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:18:30.0008 1000  ohci1394 - ok
20:18:30.0071 1000  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
20:18:30.0086 1000  ose - ok
20:18:30.0117 1000  [ F84785660305B9B903FB3BCA8BA29837 ] Parport        C:\WINDOWS\system32\drivers\Parport.sys
20:18:30.0289 1000  Parport - ok
20:18:30.0305 1000  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr        C:\WINDOWS\system32\drivers\PartMgr.sys
20:18:30.0492 1000  PartMgr - ok
20:18:30.0555 1000  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:18:30.0696 1000  ParVdm - ok
20:18:30.0696 1000  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI            C:\WINDOWS\system32\DRIVERS\pci.sys
20:18:30.0836 1000  PCI - ok
20:18:30.0836 1000  PCIDump - ok
20:18:30.0867 1000  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
20:18:30.0977 1000  PCIIde - ok
20:18:30.0992 1000  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:18:31.0102 1000  Pcmcia - ok
20:18:31.0117 1000  PDCOMP - ok
20:18:31.0117 1000  PDFRAME - ok
20:18:31.0117 1000  PDRELI - ok
20:18:31.0133 1000  PDRFRAME - ok
20:18:31.0164 1000  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2          C:\WINDOWS\system32\DRIVERS\perc2.sys
20:18:31.0305 1000  perc2 - ok
20:18:31.0336 1000  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:18:31.0445 1000  perc2hib - ok
20:18:31.0477 1000  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
20:18:31.0508 1000  PlugPlay - ok
20:18:31.0524 1000  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent    C:\WINDOWS\system32\lsass.exe
20:18:31.0633 1000  PolicyAgent - ok
20:18:31.0664 1000  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:18:31.0789 1000  PptpMiniport - ok
20:18:31.0789 1000  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:18:31.0899 1000  ProtectedStorage - ok
20:18:31.0930 1000  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:18:32.0055 1000  PSched - ok
20:18:32.0086 1000  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink        C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:18:32.0211 1000  Ptilink - ok
20:18:32.0227 1000  [ 86724469CD077901706854974CD13C3E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:18:32.0227 1000  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
20:18:32.0227 1000  PxHelp20 - detected UnsignedFile.Multi.Generic (1)
20:18:32.0258 1000  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:18:32.0367 1000  ql1080 - ok
20:18:32.0383 1000  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt        C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:18:32.0524 1000  Ql10wnt - ok
20:18:32.0555 1000  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160        C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:18:32.0680 1000  ql12160 - ok
20:18:32.0695 1000  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:18:32.0820 1000  ql1240 - ok
20:18:32.0867 1000  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:18:32.0977 1000  ql1280 - ok
20:18:32.0992 1000  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:18:33.0117 1000  RasAcd - ok
20:18:33.0149 1000  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto        C:\WINDOWS\System32\rasauto.dll
20:18:33.0258 1000  RasAuto - ok
20:18:33.0305 1000  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp        C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:18:33.0414 1000  Rasl2tp - ok
20:18:33.0477 1000  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:18:33.0586 1000  RasMan - ok
20:18:33.0633 1000  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:18:33.0727 1000  RasPppoe - ok
20:18:33.0758 1000  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:18:33.0883 1000  Raspti - ok
20:18:33.0914 1000  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss          C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:18:34.0024 1000  Rdbss - ok
20:18:34.0039 1000  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:18:34.0164 1000  RDPCDD - ok
20:18:34.0180 1000  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr          C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:18:34.0305 1000  rdpdr - ok
20:18:34.0336 1000  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD          C:\WINDOWS\system32\drivers\RDPWD.sys
20:18:34.0399 1000  RDPWD - ok
20:18:34.0461 1000  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr      C:\WINDOWS\system32\sessmgr.exe
20:18:34.0586 1000  RDSessMgr - ok
20:18:34.0602 1000  [ ED761D453856F795A7FE056E42C36365 ] redbook        C:\WINDOWS\system32\DRIVERS\redbook.sys
20:18:34.0742 1000  redbook - ok
20:18:34.0758 1000  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:18:34.0867 1000  RemoteAccess - ok
20:18:34.0899 1000  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:18:35.0024 1000  RemoteRegistry - ok
20:18:35.0086 1000  [ 7A6648B61661B1421FFAB762E391E33F ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
20:18:35.0117 1000  rimmptsk - ok
20:18:35.0149 1000  [ D0A35B7670AA3558EAAB483F64446496 ] rimsptsk        C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
20:18:35.0180 1000  rimsptsk - ok
20:18:35.0211 1000  [ 3AC17802740C3A4764DC9750E92E6233 ] rismxdp        C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
20:18:35.0242 1000  rismxdp - ok
20:18:35.0305 1000  [ 96F7A9A7BF0C9C0440A967440065D33C ] RMCAST          C:\WINDOWS\system32\drivers\RMCast.sys
20:18:35.0352 1000  RMCAST - ok
20:18:35.0414 1000  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:18:35.0524 1000  RpcLocator - ok
20:18:35.0570 1000  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs          C:\WINDOWS\System32\rpcss.dll
20:18:35.0617 1000  RpcSs - ok
20:18:35.0680 1000  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
20:18:35.0883 1000  RSVP - ok
20:18:35.0945 1000  [ D507C1400284176573224903819FFDA3 ] rtl8139        C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:18:36.0008 1000  rtl8139 - ok
20:18:36.0024 1000  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs          C:\WINDOWS\system32\lsass.exe
20:18:36.0133 1000  SamSs - ok
20:18:36.0195 1000  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:18:36.0305 1000  SCardSvr - ok
20:18:36.0367 1000  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:18:36.0508 1000  Schedule - ok
20:18:36.0555 1000  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus          C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:18:36.0664 1000  sdbus - ok
20:18:36.0695 1000  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:18:36.0805 1000  Secdrv - ok
20:18:36.0836 1000  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:18:36.0945 1000  seclogon - ok
20:18:36.0977 1000  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
20:18:37.0117 1000  SENS - ok
20:18:37.0133 1000  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
20:18:37.0258 1000  Serial - ok
20:18:37.0289 1000  [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk        C:\WINDOWS\system32\DRIVERS\sffdisk.sys
20:18:37.0414 1000  sffdisk - ok
20:18:37.0445 1000  [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd        C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
20:18:37.0555 1000  sffp_sd - ok
20:18:37.0570 1000  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy        C:\WINDOWS\system32\drivers\Sfloppy.sys
20:18:37.0695 1000  Sfloppy - ok
20:18:37.0789 1000  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:18:37.0914 1000  SharedAccess - ok
20:18:37.0945 1000  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:18:37.0977 1000  ShellHWDetection - ok
20:18:37.0977 1000  Simbad - ok
20:18:38.0008 1000  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:18:38.0148 1000  sisagp - ok
20:18:38.0195 1000  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:18:38.0336 1000  SLIP - ok
20:18:38.0367 1000  [ FAC7B89330E20713950925050C91CD04 ] SNP2UVC        C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
20:18:38.0430 1000  SNP2UVC - ok
20:18:38.0461 1000  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow        C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:18:38.0523 1000  Sparrow - ok
20:18:38.0555 1000  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:18:38.0680 1000  splitter - ok
20:18:38.0727 1000  [ 60784F891563FB1B767F70117FC2428F ] Spooler        C:\WINDOWS\system32\spoolsv.exe
20:18:38.0773 1000  Spooler - ok
20:18:38.0836 1000  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:18:38.0945 1000  sr - ok
20:18:39.0008 1000  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice      C:\WINDOWS\system32\srsvc.dll
20:18:39.0133 1000  srservice - ok
20:18:39.0180 1000  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv            C:\WINDOWS\system32\DRIVERS\srv.sys
20:18:39.0289 1000  Srv - ok
20:18:39.0305 1000  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV        C:\WINDOWS\System32\ssdpsrv.dll
20:18:39.0430 1000  SSDPSRV - ok
20:18:39.0492 1000  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:18:39.0633 1000  stisvc - ok
20:18:39.0664 1000  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:18:39.0805 1000  streamip - ok
20:18:39.0820 1000  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:18:39.0945 1000  swenum - ok
20:18:39.0977 1000  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:18:40.0086 1000  swmidi - ok
20:18:40.0102 1000  SwPrv - ok
20:18:40.0148 1000  [ 1FF3217614018630D0A6758630FC698C ] symc810        C:\WINDOWS\system32\DRIVERS\symc810.sys
20:18:40.0258 1000  symc810 - ok
20:18:40.0273 1000  [ 070E001D95CF725186EF8B20335F933C ] symc8xx        C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:18:40.0414 1000  symc8xx - ok
20:18:40.0477 1000  SYMIDSCO - ok
20:18:40.0508 1000  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:18:40.0617 1000  sym_hi - ok
20:18:40.0633 1000  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:18:40.0773 1000  sym_u3 - ok
20:18:40.0789 1000  [ 369D0626687A968182A9DB40FE8A0905 ] SynTP          C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:18:40.0836 1000  SynTP - ok
20:18:40.0883 1000  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:18:40.0992 1000  sysaudio - ok
20:18:41.0008 1000  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog      C:\WINDOWS\system32\smlogsvc.exe
20:18:41.0133 1000  SysmonLog - ok
20:18:41.0180 1000  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv        C:\WINDOWS\System32\tapisrv.dll
20:18:41.0320 1000  TapiSrv - ok
20:18:41.0383 1000  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip          C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:18:41.0445 1000  Tcpip - ok
20:18:41.0492 1000  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:18:41.0601 1000  TDPIPE - ok
20:18:41.0633 1000  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP          C:\WINDOWS\system32\drivers\TDTCP.sys
20:18:41.0773 1000  TDTCP - ok
20:18:41.0820 1000  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:18:41.0945 1000  TermDD - ok
20:18:42.0008 1000  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService    C:\WINDOWS\System32\termsrv.dll
20:18:42.0133 1000  TermService - ok
20:18:42.0164 1000  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:18:42.0180 1000  Themes - ok
20:18:42.0242 1000  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr        C:\WINDOWS\system32\tlntsvr.exe
20:18:42.0351 1000  TlntSvr - ok
20:18:42.0383 1000  [ D213A9247DC347F305A2D4CC9B951487 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
20:18:42.0492 1000  TosIde - ok
20:18:42.0523 1000  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:18:42.0648 1000  TrkWks - ok
20:18:42.0695 1000  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:18:42.0836 1000  Udfs - ok
20:18:42.0836 1000  UIUSys - ok
20:18:42.0883 1000  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra          C:\WINDOWS\system32\DRIVERS\ultra.sys
20:18:42.0945 1000  ultra - ok
20:18:43.0023 1000  [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf          C:\WINDOWS\system32\wdfmgr.exe
20:18:43.0101 1000  UMWdf - ok
20:18:43.0164 1000  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:18:43.0305 1000  Update - ok
20:18:43.0351 1000  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:18:43.0476 1000  upnphost - ok
20:18:43.0508 1000  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS            C:\WINDOWS\System32\ups.exe
20:18:43.0617 1000  UPS - ok
20:18:43.0664 1000  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp        C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:18:43.0789 1000  usbccgp - ok
20:18:43.0820 1000  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci        C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:18:43.0945 1000  usbehci - ok
20:18:43.0961 1000  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:18:44.0070 1000  usbhub - ok
20:18:44.0086 1000  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR        C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:18:44.0226 1000  USBSTOR - ok
20:18:44.0242 1000  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci        C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:18:44.0367 1000  usbuhci - ok
20:18:44.0383 1000  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave        C:\WINDOWS\System32\drivers\vga.sys
20:18:44.0508 1000  VgaSave - ok
20:18:44.0555 1000  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:18:44.0664 1000  viaagp - ok
20:18:44.0695 1000  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
20:18:44.0820 1000  ViaIde - ok
20:18:44.0883 1000  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap        C:\WINDOWS\system32\drivers\VolSnap.sys
20:18:45.0008 1000  VolSnap - ok
20:18:45.0070 1000  [ 68F106273BE29E7B7EF8266977268E78 ] VSS            C:\WINDOWS\System32\vssvc.exe
20:18:45.0211 1000  VSS - ok
20:18:45.0226 1000  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time        C:\WINDOWS\system32\w32time.dll
20:18:45.0351 1000  W32Time - ok
20:18:45.0367 1000  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:18:45.0492 1000  Wanarp - ok
20:18:45.0492 1000  WDICA - ok
20:18:45.0523 1000  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:18:45.0648 1000  wdmaud - ok
20:18:45.0695 1000  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient      C:\WINDOWS\System32\webclnt.dll
20:18:45.0820 1000  WebClient - ok
20:18:45.0867 1000  [ 7FE372B1AB60736CC67E8EB6F1FB1F5B ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:18:45.0976 1000  winachsf - ok
20:18:46.0086 1000  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt        C:\WINDOWS\system32\wbem\WMIsvc.dll
20:18:46.0195 1000  winmgmt - ok
20:18:46.0320 1000  [ F2E9FCB970D02E1647E185DA1D2E3CA9 ] WMConnectCDS    C:\Programme\Windows Media Connect 2\wmccds.exe
20:18:46.0383 1000  WMConnectCDS ( UnsignedFile.Multi.Generic ) - warning
20:18:46.0383 1000  WMConnectCDS - detected UnsignedFile.Multi.Generic (1)
20:18:46.0461 1000  [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:18:46.0508 1000  WmdmPmSN - ok
20:18:46.0586 1000  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi            C:\WINDOWS\System32\advapi32.dll
20:18:46.0648 1000  Wmi - ok
20:18:46.0695 1000  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi        C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:18:46.0820 1000  WmiAcpi - ok
20:18:46.0867 1000  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:18:46.0992 1000  WmiApSrv - ok
20:18:47.0023 1000  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL        C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:18:47.0164 1000  WS2IFSL - ok
20:18:47.0211 1000  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
20:18:47.0336 1000  wscsvc - ok
20:18:47.0367 1000  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:18:47.0476 1000  WSTCODEC - ok
20:18:47.0508 1000  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:18:47.0617 1000  wuauserv - ok
20:18:47.0679 1000  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:18:47.0836 1000  WZCSVC - ok
20:18:47.0851 1000  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov        C:\WINDOWS\System32\xmlprov.dll
20:18:47.0992 1000  xmlprov - ok
20:18:48.0008 1000  ================ Scan global ===============================
20:18:48.0054 1000  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
20:18:48.0117 1000  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
20:18:48.0133 1000  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
20:18:48.0148 1000  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
20:18:48.0148 1000  [Global] - ok
20:18:48.0148 1000  ================ Scan MBR ==================================
20:18:48.0179 1000  [ 5CE77B0F5876E1BF84C5BC2B6CA1DA00 ] \Device\Harddisk0\DR0
20:18:48.0554 1000  \Device\Harddisk0\DR0 - ok
20:18:48.0554 1000  ================ Scan VBR ==================================
20:18:48.0554 1000  [ 678A7D5897E31164FE05FCBFBCF06E14 ] \Device\Harddisk0\DR0\Partition1
20:18:48.0554 1000  \Device\Harddisk0\DR0\Partition1 - ok
20:18:48.0570 1000  [ 7E9DC4600CA6133219AC9E6A9C46DFBC ] \Device\Harddisk0\DR0\Partition2
20:18:48.0586 1000  \Device\Harddisk0\DR0\Partition2 - ok
20:18:48.0586 1000  ============================================================
20:18:48.0586 1000  Scan finished
20:18:48.0586 1000  ============================================================
20:18:48.0711 3680  Detected object count: 10
20:18:48.0711 3680  Actual detected object count: 10
20:19:53.0959 3680  AddFiltr ( UnsignedFile.Multi.Generic ) - skipped by user
20:19:53.0959 3680  AddFiltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:19:53.0959 3680  aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
20:19:53.0959 3680  aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:19:53.0959 3680  BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
20:19:53.0959 3680  BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:19:53.0959 3680  hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
20:19:53.0959 3680  hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:19:53.0959 3680  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:19:53.0959 3680  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:19:53.0975 3680  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:19:53.0975 3680  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:19:53.0975 3680  MHN ( UnsignedFile.Multi.Generic ) - skipped by user
20:19:53.0975 3680  MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:19:53.0975 3680  MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:19:53.0975 3680  MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:19:53.0975 3680  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
20:19:53.0975 3680  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:19:53.0975 3680  WMConnectCDS ( UnsignedFile.Multi.Generic ) - skipped by user
20:19:53.0975 3680  WMConnectCDS ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 19.11.2012 20:25
Da ist och etwas, aber der TDSS-Killer sieht es nicht

Live-System PartedMagic / GParted
  1. Lade Dir ISO-Image von PartedMagic
  2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows
  3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist
  4. Du müsstest ein Symbol PartitionEditor auf dem Desktop finden, das doppelklicken
  5. Wenn das Tool die Partitionen aufgelistet hat, bitte einen Screenshot mit Hilfe der Taste DRUCK auf der Tastatur erstellen, diesen Screenshot hier posten (idR hast du einen Internetzugang mit PartedMagic, wenn nicht einfach den Screenshot auf einem Stick abspeichern und unter Windows hier posten)

Killerbee87 19.11.2012 22:16
Liste der Anhänge anzeigen (Anzahl: 3)
also irgendwas mach ich falsch - hab jetzt schon 2mal versucht das parted magic bei imagefunktion von nero starsmart zu brennen und von der cd zu booten (bootreihenfolge hab ich geändert) und es passiert genau nix - der pc startet ganz normal mit windows.
der 1. versuch war, dass ich parted magic entpackt hab und dann eine bootfähige cd erstellt hab - hat nicht funktioniert
2. versuch: die gezippte version als image auf cd gebrennt - hat auch nicht funktioniert - was mach ich falsch?

CD Laufwerk hab ich jetzt auch nochmal getestet (mit einer stinknormalen audio cd) - das hat funktioniert - irgendwas schmeckt ihm nicht.
bitte um hilfe bzw. weitere anweisung
danke und lg
kathi

EDIT: hat sich erledigt habs jetzt mit dem imgburn gebrannt - Screenshot hat leider auch nicht funktioniert - deswegen hab ich mim Handy Fotos gemacht siehe anbei

lg

cosinus 20.11.2012 09:51
Wir sollten den MBR reparieren. Sichere für den Fall der Fälle jetzt alle wichtigen Daten.

Hast Du noch andere Betriebssystem außer WinXP drauf?

Wenn nicht, also WinXP das einzige installierte System ist: Starte den Rechner neu und wähle im Bootmenü die Wiederherstellungskonsole (Recovery Console) aus.
Tipp dort den Befehl fixmbr ein (dann Enter, mit j bestätigen) danach den Befehl fixboot (dann Enter, mit j bestätigen)
Mit exit (dann enter drücken) wird der Rechner neu gestartet. Führe im normalen Windowsmodus MBRcheck bzw. aswmbr (je nachdem welches Tool ich dir vorhin aufgab) und wenn es geht GMER nochmals aus und poste die neuen Logs.

Killerbee87 20.11.2012 10:11
Hi,

ich wüsste nicht, dass da noch ein anderes Betriebssystem oben ist - löscht sich das Parted Magic denn nach der Verwendung wieder automatisch von der Platte?

Wie komm ich denn in das Bootmenü? Bzw. ist dass daselbe Menü, wo ich auch die Bootreihenfolge auf CD ändern musste?

Nachdem ja Combofix eine Wiederherstellungskonsole erstellt hat, kommt (wie von Combofix angekündigt) beim Hochfahren ganz kurz eine Auflistung, welche Optionen man zum Hochfahren hat: Windows Wiederherstellungskonsole, defogger (enabled - dort steht, dass mans nicht drücken soll) und eben windows xp - wo kommt denn bitte der defogger her? ich hab ihn zwar für den PC meines Bruders heruntergeladen, aber nicht auf dem Laptop ausgeführt!

Kann man denn schon sagen, was der Laptop für ein Problem hat?

lg
Kathi

cosinus 20.11.2012 10:34
Zitat:
löscht sich das Parted Magic denn nach der Verwendung wieder automatisch von der Platte?
Da ist nichts auf Platte installiert! Live-System, läuft direkt von der CD ohne etwas auf die Platte zu kopieren

Zitat:
Nachdem ja Combofix eine Wiederherstellungskonsole erstellt hat, kommt (wie von Combofix angekündigt) beim Hochfahren ganz kurz eine Auflistung, welche Optionen man zum Hochfahren hat: Windows Wiederherstellungskonsole
Und genau da sollst du hin!

Killerbee87 20.11.2012 10:48
Oh man - also ich bin jetzt auf diese wiederherrstellungskonsole gegangen
und jetzt wurde mir folgende Frage gestellt:

Mit welcher Windows Installation möchten Sie sich anmelden?
1: C:\WINDOWS
2: D:\MiniNT
3: F:\WINDOWS

Drücken Sie die Eingabetaste, um den Vorgang abzubrechen

:crazy:

Was mach ich jetzt?

cosinus 20.11.2012 10:52
Nimm Installation 1: C:\WINDOWS


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:26 Uhr.
Seite 2 von 7 1 2 34 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131