| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BundesTrojaner? PC startet nicht mehr im abgesicherten ModusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.06.2012, 05:12
| #31 |
 |  BundesTrojaner? PC startet nicht mehr im abgesicherten Modus Guten Morgen, log von TDSSKiller: Code:
ATTFilter 06:06:57.0437 0120 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
06:06:59.0437 0120 ============================================================
06:06:59.0437 0120 Current date / time: 2012/06/19 06:06:59.0437
06:06:59.0437 0120 SystemInfo:
06:06:59.0437 0120
06:06:59.0437 0120 OS Version: 5.1.2600 ServicePack: 3.0
06:06:59.0437 0120 Product type: Workstation
06:06:59.0437 0120 ComputerName: WINXP
06:06:59.0437 0120 UserName: Maja
06:06:59.0437 0120 Windows directory: C:\WINDOWS
06:06:59.0437 0120 System windows directory: C:\WINDOWS
06:06:59.0437 0120 Processor architecture: Intel x86
06:06:59.0437 0120 Number of processors: 1
06:06:59.0437 0120 Page size: 0x1000
06:06:59.0437 0120 Boot type: Normal boot
06:06:59.0437 0120 ============================================================
06:07:03.0093 0120 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:07:03.0093 0120 ============================================================
06:07:03.0093 0120 \Device\Harddisk0\DR0:
06:07:03.0093 0120 MBR partitions:
06:07:03.0093 0120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
06:07:03.0093 0120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A962F0, BlocksNum 0x5A781D1
06:07:03.0093 0120 ============================================================
06:07:03.0109 0120 C: <-> \Device\Harddisk0\DR0\Partition0
06:07:03.0156 0120 E: <-> \Device\Harddisk0\DR0\Partition1
06:07:03.0187 0120 ============================================================
06:07:03.0187 0120 Initialize success
06:07:03.0187 0120 ============================================================
06:08:23.0437 1648 ============================================================
06:08:23.0437 1648 Scan started
06:08:23.0437 1648 Mode: Manual; SigCheck; TDLFS;
06:08:23.0437 1648 ============================================================
06:08:23.0953 1648 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
06:08:27.0234 1648 61883 - ok
06:08:27.0250 1648 Abiosdsk - ok
06:08:27.0265 1648 abp480n5 - ok
06:08:27.0656 1648 acedrv11 (66dc3740111238c91b875d8a0021834d) C:\WINDOWS\system32\drivers\acedrv11.sys
06:08:27.0906 1648 acedrv11 - ok
06:08:27.0968 1648 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:08:28.0187 1648 ACPI - ok
06:08:28.0234 1648 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:08:28.0390 1648 ACPIEC - ok
06:08:28.0406 1648 adpu160m - ok
06:08:28.0468 1648 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:08:28.0656 1648 aec - ok
06:08:28.0734 1648 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
06:08:28.0781 1648 AegisP ( UnsignedFile.Multi.Generic ) - warning
06:08:28.0781 1648 AegisP - detected UnsignedFile.Multi.Generic (1)
06:08:28.0890 1648 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:08:28.0968 1648 AFD - ok
06:08:28.0984 1648 Aha154x - ok
06:08:29.0000 1648 aic78u2 - ok
06:08:29.0015 1648 aic78xx - ok
06:08:29.0156 1648 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
06:08:29.0421 1648 ALCXSENS - ok
06:08:29.0593 1648 ALCXWDM (4d4593c10f2c90d48da9fd1b14ace825) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
06:08:29.0937 1648 ALCXWDM - ok
06:08:29.0984 1648 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
06:08:30.0171 1648 Alerter - ok
06:08:30.0218 1648 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
06:08:30.0296 1648 ALG - ok
06:08:30.0343 1648 AliIde (74b6def7039ecb239a1639c7fcd1bdac) C:\WINDOWS\system32\DRIVERS\aliide.sys
06:08:30.0406 1648 AliIde - ok
06:08:30.0468 1648 AmdK8 (769844eb65df6a62aa51b886290fe51d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
06:08:30.0531 1648 AmdK8 - ok
06:08:30.0546 1648 amsint - ok
06:08:30.0812 1648 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
06:08:30.0859 1648 AntiVirSchedulerService - ok
06:08:30.0921 1648 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
06:08:30.0953 1648 AntiVirService - ok
06:08:31.0015 1648 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
06:08:31.0140 1648 AppMgmt - ok
06:08:31.0203 1648 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:08:31.0390 1648 Arp1394 - ok
06:08:31.0406 1648 asc - ok
06:08:31.0421 1648 asc3350p - ok
06:08:31.0453 1648 asc3550 - ok
06:08:31.0625 1648 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
06:08:31.0640 1648 aspnet_state - ok
06:08:31.0687 1648 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:08:31.0906 1648 AsyncMac - ok
06:08:31.0953 1648 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:08:32.0125 1648 atapi - ok
06:08:32.0140 1648 Atdisk - ok
06:08:32.0187 1648 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:08:32.0375 1648 Atmarpc - ok
06:08:32.0453 1648 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
06:08:32.0625 1648 AudioSrv - ok
06:08:32.0671 1648 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:08:32.0859 1648 audstub - ok
06:08:32.0921 1648 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
06:08:33.0109 1648 Avc - ok
06:08:33.0156 1648 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
06:08:33.0187 1648 avgntflt - ok
06:08:33.0234 1648 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
06:08:33.0281 1648 avipbb - ok
06:08:33.0328 1648 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
06:08:33.0343 1648 avkmgr - ok
06:08:33.0390 1648 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:08:33.0531 1648 Beep - ok
06:08:33.0625 1648 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
06:08:34.0062 1648 BITS - ok
06:08:34.0125 1648 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
06:08:34.0281 1648 Browser - ok
06:08:34.0343 1648 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:08:34.0546 1648 cbidf2k - ok
06:08:34.0593 1648 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:08:34.0843 1648 CCDECODE - ok
06:08:34.0859 1648 cd20xrnt - ok
06:08:34.0906 1648 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:08:35.0093 1648 Cdaudio - ok
06:08:35.0125 1648 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:08:35.0296 1648 Cdfs - ok
06:08:35.0328 1648 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:08:35.0515 1648 Cdrom - ok
06:08:35.0531 1648 Changer - ok
06:08:35.0593 1648 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
06:08:35.0812 1648 CiSvc - ok
06:08:35.0859 1648 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
06:08:36.0046 1648 ClipSrv - ok
06:08:36.0234 1648 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:08:36.0265 1648 clr_optimization_v2.0.50727_32 - ok
06:08:36.0281 1648 CmdIde - ok
06:08:36.0312 1648 COMSysApp - ok
06:08:36.0343 1648 Cpqarray - ok
06:08:36.0406 1648 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
06:08:36.0578 1648 CryptSvc - ok
06:08:36.0609 1648 dac2w2k - ok
06:08:36.0625 1648 dac960nt - ok
06:08:36.0859 1648 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
06:08:36.0984 1648 DcomLaunch - ok
06:08:37.0062 1648 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
06:08:37.0281 1648 Dhcp - ok
06:08:37.0312 1648 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:08:37.0515 1648 Disk - ok
06:08:37.0531 1648 dmadmin - ok
06:08:37.0703 1648 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
06:08:38.0187 1648 dmboot - ok
06:08:38.0250 1648 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
06:08:38.0437 1648 dmio - ok
06:08:38.0484 1648 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:08:38.0640 1648 dmload - ok
06:08:38.0703 1648 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
06:08:38.0968 1648 dmserver - ok
06:08:39.0015 1648 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:08:39.0187 1648 DMusic - ok
06:08:39.0328 1648 Dnscache (c4897fa148470182d42e999a22b83286) C:\WINDOWS\System32\poua3ktnk.dll
06:08:39.0437 1648 Dnscache ( UnsignedFile.Multi.Generic ) - warning
06:08:39.0437 1648 Dnscache - detected UnsignedFile.Multi.Generic (1)
06:08:39.0515 1648 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
06:08:39.0687 1648 Dot3svc - ok
06:08:39.0703 1648 dpti2o - ok
06:08:39.0828 1648 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:08:39.0984 1648 drmkaud - ok
06:08:40.0015 1648 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
06:08:40.0203 1648 EapHost - ok
06:08:40.0250 1648 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
06:08:40.0421 1648 ERSvc - ok
06:08:40.0484 1648 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
06:08:40.0531 1648 Eventlog - ok
06:08:40.0625 1648 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
06:08:40.0703 1648 EventSystem - ok
06:08:40.0843 1648 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:08:41.0015 1648 Fastfat - ok
06:08:41.0093 1648 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:08:41.0187 1648 FastUserSwitchingCompatibility - ok
06:08:41.0234 1648 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
06:08:41.0421 1648 Fdc - ok
06:08:41.0484 1648 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
06:08:41.0656 1648 Fips - ok
06:08:41.0687 1648 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:08:41.0937 1648 Flpydisk - ok
06:08:42.0000 1648 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:08:42.0171 1648 FltMgr - ok
06:08:42.0281 1648 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
06:08:42.0312 1648 FontCache3.0.0.0 - ok
06:08:42.0359 1648 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:08:42.0546 1648 Fs_Rec - ok
06:08:42.0593 1648 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:08:42.0843 1648 Ftdisk - ok
06:08:42.0875 1648 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
06:08:43.0046 1648 gameenum - ok
06:08:43.0093 1648 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:08:43.0250 1648 Gpc - ok
06:08:43.0343 1648 gupdate - ok
06:08:43.0437 1648 gusvc (408ddd80eede47175f6844817b90213e) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
06:08:43.0500 1648 gusvc - ok
06:08:43.0578 1648 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:08:43.0812 1648 helpsvc - ok
06:08:43.0875 1648 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
06:08:44.0046 1648 HidServ - ok
06:08:44.0109 1648 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:08:44.0265 1648 HidUsb - ok
06:08:44.0328 1648 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
06:08:44.0468 1648 hkmsvc - ok
06:08:44.0484 1648 hpn - ok
06:08:44.0593 1648 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:08:44.0687 1648 HTTP - ok
06:08:44.0718 1648 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
06:08:44.0953 1648 HTTPFilter - ok
06:08:44.0968 1648 i2omgmt - ok
06:08:44.0984 1648 i2omp - ok
06:08:45.0031 1648 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:08:45.0218 1648 i8042prt - ok
06:08:45.0437 1648 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:08:45.0828 1648 idsvc - ok
06:08:45.0906 1648 IGDCTRL (e28602c9e17b0ddce9f5deb3b3e2a635) C:\Programme\FRITZ!DSL\IGDCTRL.EXE
06:08:45.0937 1648 IGDCTRL - ok
06:08:45.0968 1648 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:08:46.0140 1648 Imapi - ok
06:08:46.0218 1648 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
06:08:46.0375 1648 ImapiService - ok
06:08:46.0406 1648 ini910u - ok
06:08:46.0437 1648 IntelIde - ok
06:08:46.0484 1648 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:08:46.0671 1648 Ip6Fw - ok
06:08:46.0718 1648 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:08:46.0937 1648 IpFilterDriver - ok
06:08:46.0968 1648 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:08:47.0140 1648 IpInIp - ok
06:08:47.0203 1648 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:08:47.0390 1648 IpNat - ok
06:08:47.0421 1648 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:08:47.0640 1648 IPSec - ok
06:08:47.0703 1648 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
06:08:47.0843 1648 irda - ok
06:08:47.0859 1648 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:08:47.0937 1648 IRENUM - ok
06:08:48.0000 1648 Irmon (2efe1db1ec58a26b0c14bfda122e246f) C:\WINDOWS\System32\irmon.dll
06:08:48.0093 1648 Irmon - ok
06:08:48.0125 1648 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
06:08:48.0203 1648 irsir - ok
06:08:48.0265 1648 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:08:48.0390 1648 isapnp - ok
06:08:48.0515 1648 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
06:08:48.0562 1648 JavaQuickStarterService - ok
06:08:48.0593 1648 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:08:48.0828 1648 Kbdclass - ok
06:08:48.0890 1648 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:08:49.0046 1648 kbdhid - ok
06:08:49.0125 1648 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:08:49.0296 1648 kmixer - ok
06:08:49.0359 1648 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:08:49.0484 1648 KSecDD - ok
06:08:49.0546 1648 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
06:08:49.0609 1648 lanmanserver - ok
06:08:49.0703 1648 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
06:08:49.0890 1648 lanmanworkstation - ok
06:08:49.0906 1648 lbrtfdc - ok
06:08:50.0000 1648 License Management Service ESD (ce0c00771ba1946cb925f2a18d882c5c) C:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe
06:08:50.0031 1648 License Management Service ESD ( UnsignedFile.Multi.Generic ) - warning
06:08:50.0031 1648 License Management Service ESD - detected UnsignedFile.Multi.Generic (1)
06:08:50.0093 1648 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
06:08:50.0250 1648 LmHosts - ok
06:08:50.0296 1648 LVUSBSta (90259f3a20fbaec1a08d74ef5415b9d8) C:\WINDOWS\system32\drivers\lvusbsta.sys
06:08:50.0437 1648 LVUSBSta - ok
06:08:50.0500 1648 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
06:08:50.0687 1648 Messenger - ok
06:08:50.0734 1648 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:08:50.0937 1648 mnmdd - ok
06:08:50.0984 1648 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
06:08:51.0156 1648 mnmsrvc - ok
06:08:51.0203 1648 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
06:08:51.0359 1648 Modem - ok
06:08:51.0390 1648 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:08:51.0562 1648 Mouclass - ok
06:08:51.0609 1648 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:08:51.0828 1648 mouhid - ok
06:08:51.0875 1648 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:08:52.0062 1648 MountMgr - ok
06:08:52.0109 1648 mraid35x - ok
06:08:52.0156 1648 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:08:52.0328 1648 MRxDAV - ok
06:08:52.0453 1648 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:08:52.0703 1648 MRxSmb - ok
06:08:52.0828 1648 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
06:08:53.0000 1648 MSDTC - ok
06:08:53.0046 1648 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
06:08:53.0234 1648 MSDV - ok
06:08:53.0265 1648 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:08:53.0421 1648 Msfs - ok
06:08:53.0437 1648 MSIServer - ok
06:08:53.0484 1648 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:08:53.0625 1648 MSKSSRV - ok
06:08:53.0656 1648 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:08:53.0875 1648 MSPCLOCK - ok
06:08:53.0921 1648 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:08:54.0062 1648 MSPQM - ok
06:08:54.0125 1648 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:08:54.0296 1648 mssmbios - ok
06:08:54.0343 1648 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
06:08:54.0515 1648 MSTEE - ok
06:08:54.0531 1648 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
06:08:54.0687 1648 ms_mpu401 - ok
06:08:54.0828 1648 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:08:54.0921 1648 Mup - ok
06:08:54.0953 1648 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:08:55.0156 1648 NABTSFEC - ok
06:08:55.0250 1648 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
06:08:55.0468 1648 napagent - ok
06:08:55.0531 1648 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:08:55.0718 1648 NDIS - ok
06:08:55.0828 1648 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:08:55.0984 1648 NdisIP - ok
06:08:56.0031 1648 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:08:56.0125 1648 NdisTapi - ok
06:08:56.0171 1648 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:08:56.0328 1648 Ndisuio - ok
06:08:56.0406 1648 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:08:56.0562 1648 NdisWan - ok
06:08:56.0625 1648 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:08:56.0687 1648 NDProxy - ok
06:08:56.0734 1648 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:08:56.0953 1648 NetBIOS - ok
06:08:57.0031 1648 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:08:57.0218 1648 NetBT - ok
06:08:57.0312 1648 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
06:08:57.0515 1648 NetDDE - ok
06:08:57.0546 1648 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
06:08:57.0671 1648 NetDDEdsdm - ok
06:08:57.0718 1648 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:08:57.0953 1648 Netlogon - ok
06:08:58.0046 1648 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
06:08:58.0265 1648 Netman - ok
06:08:58.0375 1648 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:08:58.0421 1648 NetTcpPortSharing - ok
06:08:58.0484 1648 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:08:58.0656 1648 NIC1394 - ok
06:08:58.0812 1648 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
06:08:58.0921 1648 Nla - ok
06:08:58.0968 1648 nmwcd (28e36e677849174c910faaead3e60e9e) C:\WINDOWS\system32\drivers\ccdcmb.sys
06:08:59.0406 1648 nmwcd - ok
06:08:59.0453 1648 nmwcdc (3823deb17f9f6775de0187a98fa0536d) C:\WINDOWS\system32\drivers\ccdcmbo.sys
06:08:59.0531 1648 nmwcdc - ok
06:08:59.0562 1648 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:08:59.0703 1648 Npfs - ok
06:08:59.0906 1648 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:09:00.0250 1648 Ntfs - ok
06:09:00.0281 1648 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:09:00.0421 1648 NtLmSsp - ok
06:09:00.0546 1648 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
06:09:00.0906 1648 NtmsSvc - ok
06:09:00.0937 1648 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:09:01.0109 1648 Null - ok
06:09:01.0484 1648 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
06:09:02.0390 1648 nv - ok
06:09:02.0640 1648 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:09:02.0906 1648 NwlnkFlt - ok
06:09:02.0937 1648 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:09:03.0109 1648 NwlnkFwd - ok
06:09:03.0156 1648 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:09:03.0312 1648 ohci1394 - ok
06:09:03.0359 1648 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
06:09:03.0531 1648 Parport - ok
06:09:03.0562 1648 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:09:03.0703 1648 PartMgr - ok
06:09:03.0812 1648 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
06:09:03.0968 1648 ParVdm - ok
06:09:04.0000 1648 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
06:09:04.0078 1648 pccsmcfd - ok
06:09:04.0109 1648 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
06:09:04.0281 1648 PCI - ok
06:09:04.0296 1648 PCIDump - ok
06:09:04.0328 1648 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:09:04.0500 1648 PCIIde - ok
06:09:04.0546 1648 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:09:04.0734 1648 Pcmcia - ok
06:09:04.0765 1648 PDCOMP - ok
06:09:04.0828 1648 PDFRAME - ok
06:09:04.0859 1648 PDRELI - ok
06:09:04.0875 1648 PDRFRAME - ok
06:09:04.0890 1648 perc2 - ok
06:09:04.0921 1648 perc2hib - ok
06:09:05.0031 1648 PID_0928 (6eeb215fabf148b8ac008f134c1f7b9f) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
06:09:05.0125 1648 PID_0928 - ok
06:09:05.0187 1648 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
06:09:05.0218 1648 PlugPlay - ok
06:09:05.0265 1648 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:09:05.0421 1648 PolicyAgent - ok
06:09:05.0468 1648 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:09:05.0640 1648 PptpMiniport - ok
06:09:05.0671 1648 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
06:09:05.0890 1648 Processor - ok
06:09:05.0906 1648 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:09:06.0062 1648 ProtectedStorage - ok
06:09:06.0109 1648 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:09:06.0265 1648 PSched - ok
06:09:06.0328 1648 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:09:06.0500 1648 Ptilink - ok
06:09:06.0515 1648 ql1080 - ok
06:09:06.0546 1648 Ql10wnt - ok
06:09:06.0562 1648 ql12160 - ok
06:09:06.0578 1648 ql1240 - ok
06:09:06.0609 1648 ql1280 - ok
06:09:06.0656 1648 QV2KUX (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
06:09:06.0859 1648 QV2KUX - ok
06:09:06.0875 1648 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:09:07.0062 1648 RasAcd - ok
06:09:07.0156 1648 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
06:09:07.0328 1648 RasAuto - ok
06:09:07.0359 1648 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
06:09:07.0421 1648 Rasirda - ok
06:09:07.0484 1648 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:09:07.0656 1648 Rasl2tp - ok
06:09:07.0750 1648 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
06:09:07.0921 1648 RasMan - ok
06:09:07.0953 1648 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:09:08.0109 1648 RasPppoe - ok
06:09:08.0125 1648 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:09:08.0312 1648 Raspti - ok
06:09:08.0375 1648 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:09:08.0562 1648 Rdbss - ok
06:09:08.0593 1648 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:09:08.0734 1648 RDPCDD - ok
06:09:08.0812 1648 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:09:09.0015 1648 rdpdr - ok
06:09:09.0093 1648 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
06:09:09.0187 1648 RDPWD - ok
06:09:09.0250 1648 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
06:09:09.0421 1648 RDSessMgr - ok
06:09:09.0484 1648 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:09:09.0656 1648 redbook - ok
06:09:09.0718 1648 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
06:09:09.0875 1648 RemoteAccess - ok
06:09:09.0937 1648 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
06:09:10.0109 1648 RemoteRegistry - ok
06:09:10.0156 1648 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
06:09:10.0312 1648 RpcLocator - ok
06:09:10.0421 1648 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
06:09:10.0500 1648 RpcSs - ok
06:09:10.0578 1648 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
06:09:10.0750 1648 RSVP - ok
06:09:10.0859 1648 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
06:09:11.0062 1648 RT61 - ok
06:09:11.0109 1648 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:09:11.0265 1648 SamSs - ok
06:09:11.0328 1648 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
06:09:11.0484 1648 SCardSvr - ok
06:09:11.0562 1648 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
06:09:11.0750 1648 Schedule - ok
06:09:11.0796 1648 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:09:11.0859 1648 Secdrv - ok
06:09:11.0906 1648 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
06:09:12.0046 1648 seclogon - ok
06:09:12.0156 1648 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
06:09:12.0312 1648 SENS - ok
06:09:12.0359 1648 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:09:12.0484 1648 serenum - ok
06:09:12.0515 1648 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
06:09:12.0671 1648 Serial - ok
06:09:12.0718 1648 sermouse (e8f3e51da8098201f50678cec5fce179) C:\WINDOWS\system32\DRIVERS\sermouse.sys
06:09:12.0875 1648 sermouse - ok
06:09:13.0171 1648 ServiceLayer (5bf59c6bc737baaf541168e5cb2ec1d9) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
06:09:13.0421 1648 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
06:09:13.0421 1648 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
06:09:13.0500 1648 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:09:13.0656 1648 Sfloppy - ok
06:09:13.0765 1648 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
06:09:14.0031 1648 SharedAccess - ok
06:09:14.0109 1648 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:09:14.0140 1648 ShellHWDetection - ok
06:09:14.0156 1648 Simbad - ok
06:09:14.0234 1648 SiS315 (c10865ab0a1fd9f4ec7db70a1b8425d1) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
06:09:14.0390 1648 SiS315 - ok
06:09:14.0484 1648 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Programme\Skype\Updater\Updater.exe
06:09:14.0531 1648 SkypeUpdate - ok
06:09:14.0593 1648 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:09:14.0734 1648 SLIP - ok
06:09:14.0750 1648 Sparrow - ok
06:09:14.0781 1648 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:09:14.0921 1648 splitter - ok
06:09:15.0000 1648 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
06:09:15.0078 1648 Spooler - ok
06:09:15.0140 1648 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
06:09:15.0218 1648 sr - ok
06:09:15.0296 1648 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
06:09:15.0390 1648 srservice - ok
06:09:15.0515 1648 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:09:15.0687 1648 Srv - ok
06:09:15.0750 1648 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
06:09:15.0843 1648 SSDPSRV - ok
06:09:15.0890 1648 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
06:09:15.0906 1648 ssmdrv - ok
06:09:16.0000 1648 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
06:09:16.0250 1648 stisvc - ok
06:09:16.0296 1648 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:09:16.0484 1648 streamip - ok
06:09:16.0515 1648 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:09:16.0640 1648 swenum - ok
06:09:16.0703 1648 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:09:16.0828 1648 swmidi - ok
06:09:16.0843 1648 SwPrv - ok
06:09:16.0890 1648 symc810 - ok
06:09:16.0906 1648 symc8xx - ok
06:09:16.0921 1648 sym_hi - ok
06:09:16.0953 1648 sym_u3 - ok
06:09:16.0984 1648 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:09:17.0156 1648 sysaudio - ok
06:09:17.0187 1648 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
06:09:17.0359 1648 SysmonLog - ok
06:09:17.0437 1648 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
06:09:17.0640 1648 TapiSrv - ok
06:09:17.0734 1648 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:09:17.0890 1648 Tcpip - ok
06:09:17.0937 1648 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:09:18.0078 1648 TDPIPE - ok
06:09:18.0156 1648 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:09:18.0328 1648 TDTCP - ok
06:09:18.0375 1648 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:09:18.0531 1648 TermDD - ok
06:09:18.0609 1648 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
06:09:18.0796 1648 TermService - ok
06:09:18.0890 1648 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:09:18.0906 1648 Themes - ok
06:09:18.0968 1648 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
06:09:19.0046 1648 TlntSvr - ok
06:09:19.0062 1648 TosIde - ok
06:09:19.0140 1648 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
06:09:19.0296 1648 TrkWks - ok
06:09:19.0359 1648 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:09:19.0531 1648 Udfs - ok
06:09:19.0593 1648 ULI5261 (4b5e42130fa1840b0761a88232ad757b) C:\WINDOWS\system32\DRIVERS\ULILAN.SYS
06:09:19.0656 1648 ULI5261 - ok
06:09:19.0687 1648 uliagpkx (4acecaa41d5f1a4cd3c78afc4de0a8c3) C:\WINDOWS\system32\DRIVERS\agpkx.sys
06:09:19.0750 1648 uliagpkx - ok
06:09:19.0765 1648 ultra - ok
06:09:19.0890 1648 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:09:20.0187 1648 Update - ok
06:09:20.0265 1648 Update-Service (22bfa49d9d0b4b8d018efcd6f1c8cf14) C:\WINDOWS\System32\UpdSvc.dll
06:09:20.0312 1648 Update-Service - ok
06:09:20.0390 1648 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
06:09:20.0515 1648 upnphost - ok
06:09:20.0546 1648 upperdev (b1b8bee26227dad9835019201552cb05) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
06:09:20.0625 1648 upperdev - ok
06:09:20.0671 1648 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
06:09:20.0796 1648 UPS - ok
06:09:20.0843 1648 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:09:21.0000 1648 usbccgp - ok
06:09:21.0062 1648 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:09:21.0250 1648 usbehci - ok
06:09:21.0312 1648 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:09:21.0453 1648 usbhub - ok
06:09:21.0515 1648 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
06:09:21.0656 1648 usbohci - ok
06:09:21.0718 1648 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:09:21.0875 1648 usbprint - ok
06:09:21.0921 1648 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
06:09:22.0093 1648 usbser - ok
06:09:22.0156 1648 UsbserFilt (98e1ff1d732c6c7200b6c59d4ff8c1c3) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
06:09:22.0203 1648 UsbserFilt - ok
06:09:22.0265 1648 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:09:22.0406 1648 USBSTOR - ok
06:09:22.0468 1648 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:09:22.0671 1648 VgaSave - ok
06:09:22.0687 1648 ViaIde - ok
06:09:22.0734 1648 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
06:09:22.0890 1648 VolSnap - ok
06:09:22.0984 1648 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
06:09:23.0156 1648 VSS - ok
06:09:23.0218 1648 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
06:09:23.0406 1648 W32Time - ok
06:09:23.0453 1648 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:09:23.0625 1648 Wanarp - ok
06:09:23.0765 1648 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
06:09:23.0937 1648 Wdf01000 - ok
06:09:23.0937 1648 WDICA - ok
06:09:24.0000 1648 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:09:24.0171 1648 wdmaud - ok
06:09:24.0218 1648 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
06:09:24.0390 1648 WebClient - ok
06:09:24.0515 1648 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
06:09:24.0703 1648 winmgmt - ok
06:09:24.0781 1648 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
06:09:24.0859 1648 WmdmPmSN - ok
06:09:25.0031 1648 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
06:09:25.0328 1648 Wmi - ok
06:09:25.0390 1648 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:09:25.0593 1648 WmiApSrv - ok
06:09:25.0625 1648 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
06:09:25.0656 1648 WpdUsb - ok
06:09:25.0718 1648 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
06:09:25.0843 1648 WS2IFSL - ok
06:09:25.0906 1648 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
06:09:26.0062 1648 wscsvc - ok
06:09:26.0109 1648 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:09:26.0265 1648 WSTCODEC - ok
06:09:26.0312 1648 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
06:09:26.0453 1648 wuauserv - ok
06:09:26.0500 1648 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:09:26.0656 1648 WudfPf - ok
06:09:26.0687 1648 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:09:26.0734 1648 WudfRd - ok
06:09:26.0781 1648 WudfSvc (575a4190d989f64732119e4114045a4f) C:\WINDOWS\System32\WUDFSvc.dll
06:09:26.0796 1648 WudfSvc - ok
06:09:26.0968 1648 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
06:09:27.0250 1648 WZCSVC - ok
06:09:27.0312 1648 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
06:09:27.0515 1648 xmlprov - ok
06:09:27.0578 1648 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
06:09:28.0046 1648 \Device\Harddisk0\DR0 - ok
06:09:28.0078 1648 Boot (0x1200) (486a96fc230695122d44ca4727cedc90) \Device\Harddisk0\DR0\Partition0
06:09:28.0078 1648 \Device\Harddisk0\DR0\Partition0 - ok
06:09:28.0125 1648 Boot (0x1200) (eedcc364b4b1149697bfc42c6f40c105) \Device\Harddisk0\DR0\Partition1
06:09:28.0125 1648 \Device\Harddisk0\DR0\Partition1 - ok
06:09:28.0140 1648 ============================================================
06:09:28.0140 1648 Scan finished
06:09:28.0140 1648 ============================================================
06:09:28.0296 1620 Detected object count: 4
06:09:28.0296 1620 Actual detected object count: 4
MfG Michael |
|
19.06.2012, 08:33
| #32 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | BundesTrojaner? PC startet nicht mehr im abgesicherten Modus Log ist unvollständig, die untere Zusammenfassung fehlt
__________________
__________________ |
|
19.06.2012, 09:54
| #33 |
| | BundesTrojaner? PC startet nicht mehr im abgesicherten Modus Muss wohl bei dem Kopieren verloren gegangen sein
__________________ Aber hier noch einmal das vollständige log von TDSS-Killer Code:
ATTFilter 06:06:57.0437 0120 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
06:06:59.0437 0120 ============================================================
06:06:59.0437 0120 Current date / time: 2012/06/19 06:06:59.0437
06:06:59.0437 0120 SystemInfo:
06:06:59.0437 0120
06:06:59.0437 0120 OS Version: 5.1.2600 ServicePack: 3.0
06:06:59.0437 0120 Product type: Workstation
06:06:59.0437 0120 ComputerName: WINXP
06:06:59.0437 0120 UserName: Maja
06:06:59.0437 0120 Windows directory: C:\WINDOWS
06:06:59.0437 0120 System windows directory: C:\WINDOWS
06:06:59.0437 0120 Processor architecture: Intel x86
06:06:59.0437 0120 Number of processors: 1
06:06:59.0437 0120 Page size: 0x1000
06:06:59.0437 0120 Boot type: Normal boot
06:06:59.0437 0120 ============================================================
06:07:03.0093 0120 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:07:03.0093 0120 ============================================================
06:07:03.0093 0120 \Device\Harddisk0\DR0:
06:07:03.0093 0120 MBR partitions:
06:07:03.0093 0120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
06:07:03.0093 0120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A962F0, BlocksNum 0x5A781D1
06:07:03.0093 0120 ============================================================
06:07:03.0109 0120 C: <-> \Device\Harddisk0\DR0\Partition0
06:07:03.0156 0120 E: <-> \Device\Harddisk0\DR0\Partition1
06:07:03.0187 0120 ============================================================
06:07:03.0187 0120 Initialize success
06:07:03.0187 0120 ============================================================
06:08:23.0437 1648 ============================================================
06:08:23.0437 1648 Scan started
06:08:23.0437 1648 Mode: Manual; SigCheck; TDLFS;
06:08:23.0437 1648 ============================================================
06:08:23.0953 1648 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
06:08:27.0234 1648 61883 - ok
06:08:27.0250 1648 Abiosdsk - ok
06:08:27.0265 1648 abp480n5 - ok
06:08:27.0656 1648 acedrv11 (66dc3740111238c91b875d8a0021834d) C:\WINDOWS\system32\drivers\acedrv11.sys
06:08:27.0906 1648 acedrv11 - ok
06:08:27.0968 1648 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:08:28.0187 1648 ACPI - ok
06:08:28.0234 1648 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:08:28.0390 1648 ACPIEC - ok
06:08:28.0406 1648 adpu160m - ok
06:08:28.0468 1648 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:08:28.0656 1648 aec - ok
06:08:28.0734 1648 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
06:08:28.0781 1648 AegisP ( UnsignedFile.Multi.Generic ) - warning
06:08:28.0781 1648 AegisP - detected UnsignedFile.Multi.Generic (1)
06:08:28.0890 1648 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:08:28.0968 1648 AFD - ok
06:08:28.0984 1648 Aha154x - ok
06:08:29.0000 1648 aic78u2 - ok
06:08:29.0015 1648 aic78xx - ok
06:08:29.0156 1648 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
06:08:29.0421 1648 ALCXSENS - ok
06:08:29.0593 1648 ALCXWDM (4d4593c10f2c90d48da9fd1b14ace825) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
06:08:29.0937 1648 ALCXWDM - ok
06:08:29.0984 1648 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
06:08:30.0171 1648 Alerter - ok
06:08:30.0218 1648 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
06:08:30.0296 1648 ALG - ok
06:08:30.0343 1648 AliIde (74b6def7039ecb239a1639c7fcd1bdac) C:\WINDOWS\system32\DRIVERS\aliide.sys
06:08:30.0406 1648 AliIde - ok
06:08:30.0468 1648 AmdK8 (769844eb65df6a62aa51b886290fe51d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
06:08:30.0531 1648 AmdK8 - ok
06:08:30.0546 1648 amsint - ok
06:08:30.0812 1648 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
06:08:30.0859 1648 AntiVirSchedulerService - ok
06:08:30.0921 1648 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
06:08:30.0953 1648 AntiVirService - ok
06:08:31.0015 1648 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
06:08:31.0140 1648 AppMgmt - ok
06:08:31.0203 1648 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:08:31.0390 1648 Arp1394 - ok
06:08:31.0406 1648 asc - ok
06:08:31.0421 1648 asc3350p - ok
06:08:31.0453 1648 asc3550 - ok
06:08:31.0625 1648 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
06:08:31.0640 1648 aspnet_state - ok
06:08:31.0687 1648 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:08:31.0906 1648 AsyncMac - ok
06:08:31.0953 1648 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:08:32.0125 1648 atapi - ok
06:08:32.0140 1648 Atdisk - ok
06:08:32.0187 1648 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:08:32.0375 1648 Atmarpc - ok
06:08:32.0453 1648 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
06:08:32.0625 1648 AudioSrv - ok
06:08:32.0671 1648 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:08:32.0859 1648 audstub - ok
06:08:32.0921 1648 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
06:08:33.0109 1648 Avc - ok
06:08:33.0156 1648 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
06:08:33.0187 1648 avgntflt - ok
06:08:33.0234 1648 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
06:08:33.0281 1648 avipbb - ok
06:08:33.0328 1648 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
06:08:33.0343 1648 avkmgr - ok
06:08:33.0390 1648 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:08:33.0531 1648 Beep - ok
06:08:33.0625 1648 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
06:08:34.0062 1648 BITS - ok
06:08:34.0125 1648 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
06:08:34.0281 1648 Browser - ok
06:08:34.0343 1648 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:08:34.0546 1648 cbidf2k - ok
06:08:34.0593 1648 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:08:34.0843 1648 CCDECODE - ok
06:08:34.0859 1648 cd20xrnt - ok
06:08:34.0906 1648 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:08:35.0093 1648 Cdaudio - ok
06:08:35.0125 1648 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:08:35.0296 1648 Cdfs - ok
06:08:35.0328 1648 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:08:35.0515 1648 Cdrom - ok
06:08:35.0531 1648 Changer - ok
06:08:35.0593 1648 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
06:08:35.0812 1648 CiSvc - ok
06:08:35.0859 1648 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
06:08:36.0046 1648 ClipSrv - ok
06:08:36.0234 1648 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:08:36.0265 1648 clr_optimization_v2.0.50727_32 - ok
06:08:36.0281 1648 CmdIde - ok
06:08:36.0312 1648 COMSysApp - ok
06:08:36.0343 1648 Cpqarray - ok
06:08:36.0406 1648 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
06:08:36.0578 1648 CryptSvc - ok
06:08:36.0609 1648 dac2w2k - ok
06:08:36.0625 1648 dac960nt - ok
06:08:36.0859 1648 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
06:08:36.0984 1648 DcomLaunch - ok
06:08:37.0062 1648 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
06:08:37.0281 1648 Dhcp - ok
06:08:37.0312 1648 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:08:37.0515 1648 Disk - ok
06:08:37.0531 1648 dmadmin - ok
06:08:37.0703 1648 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
06:08:38.0187 1648 dmboot - ok
06:08:38.0250 1648 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
06:08:38.0437 1648 dmio - ok
06:08:38.0484 1648 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:08:38.0640 1648 dmload - ok
06:08:38.0703 1648 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
06:08:38.0968 1648 dmserver - ok
06:08:39.0015 1648 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:08:39.0187 1648 DMusic - ok
06:08:39.0328 1648 Dnscache (c4897fa148470182d42e999a22b83286) C:\WINDOWS\System32\poua3ktnk.dll
06:08:39.0437 1648 Dnscache ( UnsignedFile.Multi.Generic ) - warning
06:08:39.0437 1648 Dnscache - detected UnsignedFile.Multi.Generic (1)
06:08:39.0515 1648 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
06:08:39.0687 1648 Dot3svc - ok
06:08:39.0703 1648 dpti2o - ok
06:08:39.0828 1648 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:08:39.0984 1648 drmkaud - ok
06:08:40.0015 1648 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
06:08:40.0203 1648 EapHost - ok
06:08:40.0250 1648 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
06:08:40.0421 1648 ERSvc - ok
06:08:40.0484 1648 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
06:08:40.0531 1648 Eventlog - ok
06:08:40.0625 1648 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
06:08:40.0703 1648 EventSystem - ok
06:08:40.0843 1648 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:08:41.0015 1648 Fastfat - ok
06:08:41.0093 1648 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:08:41.0187 1648 FastUserSwitchingCompatibility - ok
06:08:41.0234 1648 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
06:08:41.0421 1648 Fdc - ok
06:08:41.0484 1648 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
06:08:41.0656 1648 Fips - ok
06:08:41.0687 1648 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:08:41.0937 1648 Flpydisk - ok
06:08:42.0000 1648 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:08:42.0171 1648 FltMgr - ok
06:08:42.0281 1648 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
06:08:42.0312 1648 FontCache3.0.0.0 - ok
06:08:42.0359 1648 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:08:42.0546 1648 Fs_Rec - ok
06:08:42.0593 1648 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:08:42.0843 1648 Ftdisk - ok
06:08:42.0875 1648 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
06:08:43.0046 1648 gameenum - ok
06:08:43.0093 1648 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:08:43.0250 1648 Gpc - ok
06:08:43.0343 1648 gupdate - ok
06:08:43.0437 1648 gusvc (408ddd80eede47175f6844817b90213e) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
06:08:43.0500 1648 gusvc - ok
06:08:43.0578 1648 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:08:43.0812 1648 helpsvc - ok
06:08:43.0875 1648 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
06:08:44.0046 1648 HidServ - ok
06:08:44.0109 1648 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:08:44.0265 1648 HidUsb - ok
06:08:44.0328 1648 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
06:08:44.0468 1648 hkmsvc - ok
06:08:44.0484 1648 hpn - ok
06:08:44.0593 1648 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:08:44.0687 1648 HTTP - ok
06:08:44.0718 1648 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
06:08:44.0953 1648 HTTPFilter - ok
06:08:44.0968 1648 i2omgmt - ok
06:08:44.0984 1648 i2omp - ok
06:08:45.0031 1648 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:08:45.0218 1648 i8042prt - ok
06:08:45.0437 1648 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:08:45.0828 1648 idsvc - ok
06:08:45.0906 1648 IGDCTRL (e28602c9e17b0ddce9f5deb3b3e2a635) C:\Programme\FRITZ!DSL\IGDCTRL.EXE
06:08:45.0937 1648 IGDCTRL - ok
06:08:45.0968 1648 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:08:46.0140 1648 Imapi - ok
06:08:46.0218 1648 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
06:08:46.0375 1648 ImapiService - ok
06:08:46.0406 1648 ini910u - ok
06:08:46.0437 1648 IntelIde - ok
06:08:46.0484 1648 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:08:46.0671 1648 Ip6Fw - ok
06:08:46.0718 1648 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:08:46.0937 1648 IpFilterDriver - ok
06:08:46.0968 1648 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:08:47.0140 1648 IpInIp - ok
06:08:47.0203 1648 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:08:47.0390 1648 IpNat - ok
06:08:47.0421 1648 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:08:47.0640 1648 IPSec - ok
06:08:47.0703 1648 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
06:08:47.0843 1648 irda - ok
06:08:47.0859 1648 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:08:47.0937 1648 IRENUM - ok
06:08:48.0000 1648 Irmon (2efe1db1ec58a26b0c14bfda122e246f) C:\WINDOWS\System32\irmon.dll
06:08:48.0093 1648 Irmon - ok
06:08:48.0125 1648 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
06:08:48.0203 1648 irsir - ok
06:08:48.0265 1648 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:08:48.0390 1648 isapnp - ok
06:08:48.0515 1648 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
06:08:48.0562 1648 JavaQuickStarterService - ok
06:08:48.0593 1648 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:08:48.0828 1648 Kbdclass - ok
06:08:48.0890 1648 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:08:49.0046 1648 kbdhid - ok
06:08:49.0125 1648 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:08:49.0296 1648 kmixer - ok
06:08:49.0359 1648 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:08:49.0484 1648 KSecDD - ok
06:08:49.0546 1648 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
06:08:49.0609 1648 lanmanserver - ok
06:08:49.0703 1648 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
06:08:49.0890 1648 lanmanworkstation - ok
06:08:49.0906 1648 lbrtfdc - ok
06:08:50.0000 1648 License Management Service ESD (ce0c00771ba1946cb925f2a18d882c5c) C:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe
06:08:50.0031 1648 License Management Service ESD ( UnsignedFile.Multi.Generic ) - warning
06:08:50.0031 1648 License Management Service ESD - detected UnsignedFile.Multi.Generic (1)
06:08:50.0093 1648 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
06:08:50.0250 1648 LmHosts - ok
06:08:50.0296 1648 LVUSBSta (90259f3a20fbaec1a08d74ef5415b9d8) C:\WINDOWS\system32\drivers\lvusbsta.sys
06:08:50.0437 1648 LVUSBSta - ok
06:08:50.0500 1648 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
06:08:50.0687 1648 Messenger - ok
06:08:50.0734 1648 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:08:50.0937 1648 mnmdd - ok
06:08:50.0984 1648 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
06:08:51.0156 1648 mnmsrvc - ok
06:08:51.0203 1648 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
06:08:51.0359 1648 Modem - ok
06:08:51.0390 1648 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:08:51.0562 1648 Mouclass - ok
06:08:51.0609 1648 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:08:51.0828 1648 mouhid - ok
06:08:51.0875 1648 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:08:52.0062 1648 MountMgr - ok
06:08:52.0109 1648 mraid35x - ok
06:08:52.0156 1648 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:08:52.0328 1648 MRxDAV - ok
06:08:52.0453 1648 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:08:52.0703 1648 MRxSmb - ok
06:08:52.0828 1648 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
06:08:53.0000 1648 MSDTC - ok
06:08:53.0046 1648 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
06:08:53.0234 1648 MSDV - ok
06:08:53.0265 1648 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:08:53.0421 1648 Msfs - ok
06:08:53.0437 1648 MSIServer - ok
06:08:53.0484 1648 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:08:53.0625 1648 MSKSSRV - ok
06:08:53.0656 1648 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:08:53.0875 1648 MSPCLOCK - ok
06:08:53.0921 1648 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:08:54.0062 1648 MSPQM - ok
06:08:54.0125 1648 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:08:54.0296 1648 mssmbios - ok
06:08:54.0343 1648 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
06:08:54.0515 1648 MSTEE - ok
06:08:54.0531 1648 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
06:08:54.0687 1648 ms_mpu401 - ok
06:08:54.0828 1648 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:08:54.0921 1648 Mup - ok
06:08:54.0953 1648 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:08:55.0156 1648 NABTSFEC - ok
06:08:55.0250 1648 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
06:08:55.0468 1648 napagent - ok
06:08:55.0531 1648 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:08:55.0718 1648 NDIS - ok
06:08:55.0828 1648 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:08:55.0984 1648 NdisIP - ok
06:08:56.0031 1648 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:08:56.0125 1648 NdisTapi - ok
06:08:56.0171 1648 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:08:56.0328 1648 Ndisuio - ok
06:08:56.0406 1648 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:08:56.0562 1648 NdisWan - ok
06:08:56.0625 1648 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:08:56.0687 1648 NDProxy - ok
06:08:56.0734 1648 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:08:56.0953 1648 NetBIOS - ok
06:08:57.0031 1648 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:08:57.0218 1648 NetBT - ok
06:08:57.0312 1648 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
06:08:57.0515 1648 NetDDE - ok
06:08:57.0546 1648 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
06:08:57.0671 1648 NetDDEdsdm - ok
06:08:57.0718 1648 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:08:57.0953 1648 Netlogon - ok
06:08:58.0046 1648 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
06:08:58.0265 1648 Netman - ok
06:08:58.0375 1648 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:08:58.0421 1648 NetTcpPortSharing - ok
06:08:58.0484 1648 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:08:58.0656 1648 NIC1394 - ok
06:08:58.0812 1648 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
06:08:58.0921 1648 Nla - ok
06:08:58.0968 1648 nmwcd (28e36e677849174c910faaead3e60e9e) C:\WINDOWS\system32\drivers\ccdcmb.sys
06:08:59.0406 1648 nmwcd - ok
06:08:59.0453 1648 nmwcdc (3823deb17f9f6775de0187a98fa0536d) C:\WINDOWS\system32\drivers\ccdcmbo.sys
06:08:59.0531 1648 nmwcdc - ok
06:08:59.0562 1648 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:08:59.0703 1648 Npfs - ok
06:08:59.0906 1648 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:09:00.0250 1648 Ntfs - ok
06:09:00.0281 1648 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:09:00.0421 1648 NtLmSsp - ok
06:09:00.0546 1648 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
06:09:00.0906 1648 NtmsSvc - ok
06:09:00.0937 1648 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:09:01.0109 1648 Null - ok
06:09:01.0484 1648 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
06:09:02.0390 1648 nv - ok
06:09:02.0640 1648 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:09:02.0906 1648 NwlnkFlt - ok
06:09:02.0937 1648 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:09:03.0109 1648 NwlnkFwd - ok
06:09:03.0156 1648 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:09:03.0312 1648 ohci1394 - ok
06:09:03.0359 1648 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
06:09:03.0531 1648 Parport - ok
06:09:03.0562 1648 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:09:03.0703 1648 PartMgr - ok
06:09:03.0812 1648 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
06:09:03.0968 1648 ParVdm - ok
06:09:04.0000 1648 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
06:09:04.0078 1648 pccsmcfd - ok
06:09:04.0109 1648 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
06:09:04.0281 1648 PCI - ok
06:09:04.0296 1648 PCIDump - ok
06:09:04.0328 1648 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:09:04.0500 1648 PCIIde - ok
06:09:04.0546 1648 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:09:04.0734 1648 Pcmcia - ok
06:09:04.0765 1648 PDCOMP - ok
06:09:04.0828 1648 PDFRAME - ok
06:09:04.0859 1648 PDRELI - ok
06:09:04.0875 1648 PDRFRAME - ok
06:09:04.0890 1648 perc2 - ok
06:09:04.0921 1648 perc2hib - ok
06:09:05.0031 1648 PID_0928 (6eeb215fabf148b8ac008f134c1f7b9f) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
06:09:05.0125 1648 PID_0928 - ok
06:09:05.0187 1648 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
06:09:05.0218 1648 PlugPlay - ok
06:09:05.0265 1648 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:09:05.0421 1648 PolicyAgent - ok
06:09:05.0468 1648 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:09:05.0640 1648 PptpMiniport - ok
06:09:05.0671 1648 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
06:09:05.0890 1648 Processor - ok
06:09:05.0906 1648 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:09:06.0062 1648 ProtectedStorage - ok
06:09:06.0109 1648 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:09:06.0265 1648 PSched - ok
06:09:06.0328 1648 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:09:06.0500 1648 Ptilink - ok
06:09:06.0515 1648 ql1080 - ok
06:09:06.0546 1648 Ql10wnt - ok
06:09:06.0562 1648 ql12160 - ok
06:09:06.0578 1648 ql1240 - ok
06:09:06.0609 1648 ql1280 - ok
06:09:06.0656 1648 QV2KUX (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
06:09:06.0859 1648 QV2KUX - ok
06:09:06.0875 1648 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:09:07.0062 1648 RasAcd - ok
06:09:07.0156 1648 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
06:09:07.0328 1648 RasAuto - ok
06:09:07.0359 1648 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
06:09:07.0421 1648 Rasirda - ok
06:09:07.0484 1648 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:09:07.0656 1648 Rasl2tp - ok
06:09:07.0750 1648 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
06:09:07.0921 1648 RasMan - ok
06:09:07.0953 1648 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:09:08.0109 1648 RasPppoe - ok
06:09:08.0125 1648 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:09:08.0312 1648 Raspti - ok
06:09:08.0375 1648 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:09:08.0562 1648 Rdbss - ok
06:09:08.0593 1648 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:09:08.0734 1648 RDPCDD - ok
06:09:08.0812 1648 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:09:09.0015 1648 rdpdr - ok
06:09:09.0093 1648 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
06:09:09.0187 1648 RDPWD - ok
06:09:09.0250 1648 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
06:09:09.0421 1648 RDSessMgr - ok
06:09:09.0484 1648 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:09:09.0656 1648 redbook - ok
06:09:09.0718 1648 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
06:09:09.0875 1648 RemoteAccess - ok
06:09:09.0937 1648 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
06:09:10.0109 1648 RemoteRegistry - ok
06:09:10.0156 1648 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
06:09:10.0312 1648 RpcLocator - ok
06:09:10.0421 1648 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
06:09:10.0500 1648 RpcSs - ok
06:09:10.0578 1648 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
06:09:10.0750 1648 RSVP - ok
06:09:10.0859 1648 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
06:09:11.0062 1648 RT61 - ok
06:09:11.0109 1648 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
06:09:11.0265 1648 SamSs - ok
06:09:11.0328 1648 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
06:09:11.0484 1648 SCardSvr - ok
06:09:11.0562 1648 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
06:09:11.0750 1648 Schedule - ok
06:09:11.0796 1648 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:09:11.0859 1648 Secdrv - ok
06:09:11.0906 1648 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
06:09:12.0046 1648 seclogon - ok
06:09:12.0156 1648 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
06:09:12.0312 1648 SENS - ok
06:09:12.0359 1648 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:09:12.0484 1648 serenum - ok
06:09:12.0515 1648 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
06:09:12.0671 1648 Serial - ok
06:09:12.0718 1648 sermouse (e8f3e51da8098201f50678cec5fce179) C:\WINDOWS\system32\DRIVERS\sermouse.sys
06:09:12.0875 1648 sermouse - ok
06:09:13.0171 1648 ServiceLayer (5bf59c6bc737baaf541168e5cb2ec1d9) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
06:09:13.0421 1648 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
06:09:13.0421 1648 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
06:09:13.0500 1648 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:09:13.0656 1648 Sfloppy - ok
06:09:13.0765 1648 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
06:09:14.0031 1648 SharedAccess - ok
06:09:14.0109 1648 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:09:14.0140 1648 ShellHWDetection - ok
06:09:14.0156 1648 Simbad - ok
06:09:14.0234 1648 SiS315 (c10865ab0a1fd9f4ec7db70a1b8425d1) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
06:09:14.0390 1648 SiS315 - ok
06:09:14.0484 1648 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Programme\Skype\Updater\Updater.exe
06:09:14.0531 1648 SkypeUpdate - ok
06:09:14.0593 1648 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:09:14.0734 1648 SLIP - ok
06:09:14.0750 1648 Sparrow - ok
06:09:14.0781 1648 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:09:14.0921 1648 splitter - ok
06:09:15.0000 1648 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
06:09:15.0078 1648 Spooler - ok
06:09:15.0140 1648 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
06:09:15.0218 1648 sr - ok
06:09:15.0296 1648 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
06:09:15.0390 1648 srservice - ok
06:09:15.0515 1648 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:09:15.0687 1648 Srv - ok
06:09:15.0750 1648 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
06:09:15.0843 1648 SSDPSRV - ok
06:09:15.0890 1648 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
06:09:15.0906 1648 ssmdrv - ok
06:09:16.0000 1648 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
06:09:16.0250 1648 stisvc - ok
06:09:16.0296 1648 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:09:16.0484 1648 streamip - ok
06:09:16.0515 1648 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:09:16.0640 1648 swenum - ok
06:09:16.0703 1648 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:09:16.0828 1648 swmidi - ok
06:09:16.0843 1648 SwPrv - ok
06:09:16.0890 1648 symc810 - ok
06:09:16.0906 1648 symc8xx - ok
06:09:16.0921 1648 sym_hi - ok
06:09:16.0953 1648 sym_u3 - ok
06:09:16.0984 1648 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:09:17.0156 1648 sysaudio - ok
06:09:17.0187 1648 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
06:09:17.0359 1648 SysmonLog - ok
06:09:17.0437 1648 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
06:09:17.0640 1648 TapiSrv - ok
06:09:17.0734 1648 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:09:17.0890 1648 Tcpip - ok
06:09:17.0937 1648 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:09:18.0078 1648 TDPIPE - ok
06:09:18.0156 1648 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:09:18.0328 1648 TDTCP - ok
06:09:18.0375 1648 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:09:18.0531 1648 TermDD - ok
06:09:18.0609 1648 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
06:09:18.0796 1648 TermService - ok
06:09:18.0890 1648 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
06:09:18.0906 1648 Themes - ok
06:09:18.0968 1648 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
06:09:19.0046 1648 TlntSvr - ok
06:09:19.0062 1648 TosIde - ok
06:09:19.0140 1648 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
06:09:19.0296 1648 TrkWks - ok
06:09:19.0359 1648 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:09:19.0531 1648 Udfs - ok
06:09:19.0593 1648 ULI5261 (4b5e42130fa1840b0761a88232ad757b) C:\WINDOWS\system32\DRIVERS\ULILAN.SYS
06:09:19.0656 1648 ULI5261 - ok
06:09:19.0687 1648 uliagpkx (4acecaa41d5f1a4cd3c78afc4de0a8c3) C:\WINDOWS\system32\DRIVERS\agpkx.sys
06:09:19.0750 1648 uliagpkx - ok
06:09:19.0765 1648 ultra - ok
06:09:19.0890 1648 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:09:20.0187 1648 Update - ok
06:09:20.0265 1648 Update-Service (22bfa49d9d0b4b8d018efcd6f1c8cf14) C:\WINDOWS\System32\UpdSvc.dll
06:09:20.0312 1648 Update-Service - ok
06:09:20.0390 1648 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
06:09:20.0515 1648 upnphost - ok
06:09:20.0546 1648 upperdev (b1b8bee26227dad9835019201552cb05) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
06:09:20.0625 1648 upperdev - ok
06:09:20.0671 1648 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
06:09:20.0796 1648 UPS - ok
06:09:20.0843 1648 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:09:21.0000 1648 usbccgp - ok
06:09:21.0062 1648 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:09:21.0250 1648 usbehci - ok
06:09:21.0312 1648 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:09:21.0453 1648 usbhub - ok
06:09:21.0515 1648 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
06:09:21.0656 1648 usbohci - ok
06:09:21.0718 1648 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:09:21.0875 1648 usbprint - ok
06:09:21.0921 1648 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
06:09:22.0093 1648 usbser - ok
06:09:22.0156 1648 UsbserFilt (98e1ff1d732c6c7200b6c59d4ff8c1c3) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
06:09:22.0203 1648 UsbserFilt - ok
06:09:22.0265 1648 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:09:22.0406 1648 USBSTOR - ok
06:09:22.0468 1648 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:09:22.0671 1648 VgaSave - ok
06:09:22.0687 1648 ViaIde - ok
06:09:22.0734 1648 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
06:09:22.0890 1648 VolSnap - ok
06:09:22.0984 1648 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
06:09:23.0156 1648 VSS - ok
06:09:23.0218 1648 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
06:09:23.0406 1648 W32Time - ok
06:09:23.0453 1648 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:09:23.0625 1648 Wanarp - ok
06:09:23.0765 1648 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
06:09:23.0937 1648 Wdf01000 - ok
06:09:23.0937 1648 WDICA - ok
06:09:24.0000 1648 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:09:24.0171 1648 wdmaud - ok
06:09:24.0218 1648 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
06:09:24.0390 1648 WebClient - ok
06:09:24.0515 1648 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
06:09:24.0703 1648 winmgmt - ok
06:09:24.0781 1648 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
06:09:24.0859 1648 WmdmPmSN - ok
06:09:25.0031 1648 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
06:09:25.0328 1648 Wmi - ok
06:09:25.0390 1648 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:09:25.0593 1648 WmiApSrv - ok
06:09:25.0625 1648 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
06:09:25.0656 1648 WpdUsb - ok
06:09:25.0718 1648 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
06:09:25.0843 1648 WS2IFSL - ok
06:09:25.0906 1648 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
06:09:26.0062 1648 wscsvc - ok
06:09:26.0109 1648 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:09:26.0265 1648 WSTCODEC - ok
06:09:26.0312 1648 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
06:09:26.0453 1648 wuauserv - ok
06:09:26.0500 1648 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:09:26.0656 1648 WudfPf - ok
06:09:26.0687 1648 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:09:26.0734 1648 WudfRd - ok
06:09:26.0781 1648 WudfSvc (575a4190d989f64732119e4114045a4f) C:\WINDOWS\System32\WUDFSvc.dll
06:09:26.0796 1648 WudfSvc - ok
06:09:26.0968 1648 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
06:09:27.0250 1648 WZCSVC - ok
06:09:27.0312 1648 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
06:09:27.0515 1648 xmlprov - ok
06:09:27.0578 1648 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
06:09:28.0046 1648 \Device\Harddisk0\DR0 - ok
06:09:28.0078 1648 Boot (0x1200) (486a96fc230695122d44ca4727cedc90) \Device\Harddisk0\DR0\Partition0
06:09:28.0078 1648 \Device\Harddisk0\DR0\Partition0 - ok
06:09:28.0125 1648 Boot (0x1200) (eedcc364b4b1149697bfc42c6f40c105) \Device\Harddisk0\DR0\Partition1
06:09:28.0125 1648 \Device\Harddisk0\DR0\Partition1 - ok
06:09:28.0140 1648 ============================================================
06:09:28.0140 1648 Scan finished
06:09:28.0140 1648 ============================================================
06:09:28.0296 1620 Detected object count: 4
06:09:28.0296 1620 Actual detected object count: 4
06:13:49.0859 1620 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
06:13:49.0859 1620 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:13:49.0859 1620 Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
06:13:49.0859 1620 Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:13:49.0859 1620 License Management Service ESD ( UnsignedFile.Multi.Generic ) - skipped by user
06:13:49.0859 1620 License Management Service ESD ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:13:49.0859 1620 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
06:13:49.0859 1620 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:13:53.0250 3368 Deinitialize success
Michael |
|
19.06.2012, 12:26
| #34 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BundesTrojaner? PC startet nicht mehr im abgesicherten Modus Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.06.2012, 16:46
| #35 |
| | BundesTrojaner? PC startet nicht mehr im abgesicherten Modus Soooo. Auch das ist erledigt. Wie gehabt ist hier die dazugehörige log: [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 12-06-19.01 - Maja 19.06.2012 17:12:33.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.511.298 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Maja\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Maja\Eigene Dateien\~WRL2210.tmp
c:\dokumente und einstellungen\Maja\WINDOWS
C:\Thumbs.db
c:\windows\IsUn0407.exe
c:\windows\system\COMCAT.DLL
c:\windows\system\MCI32.OCA
c:\windows\system\olepro32.dll
c:\windows\system32\azip32.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\Install.exe
c:\windows\system32\setup.ini
c:\windows\system32\WindowsXP-KB829558-x86-DEU.exe
c:\windows\system32\WinLockDll.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-19 bis 2012-06-19 ))))))))))))))))))))))))))))))
.
.
2012-06-16 16:22 . 2012-06-16 16:22 -------- d-sh--w- c:\dokumente und einstellungen\Maja\IECompatCache
2012-06-16 16:21 . 2012-06-16 16:21 -------- d-----w- c:\dokumente und einstellungen\Maja\Lokale Einstellungen\Anwendungsdaten\Sun
2012-06-16 12:41 . 2012-06-16 12:41 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2012-06-16 12:39 . 2012-06-16 12:39 -------- d-----w- c:\programme\Oracle
2012-06-16 12:39 . 2012-06-16 12:39 -------- d-----w- c:\dokumente und einstellungen\Maja\Anwendungsdaten\Oracle
2012-06-16 12:38 . 2012-05-04 17:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-16 12:38 . 2012-05-04 17:29 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-16 12:38 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-16 12:36 . 2012-06-16 12:36 -------- d-----w- c:\programme\Java
2012-06-16 06:11 . 2012-05-11 14:40 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-15 17:54 . 2012-06-15 17:54 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-15 14:39 . 2012-06-15 14:39 241664 ----a-w- c:\windows\system32\poua3ktnk.dll
2012-06-15 01:20 . 2012-06-15 01:20 -------- d-----w- c:\dokumente und einstellungen\Maja\Anwendungsdaten\Malwarebytes
2012-06-15 01:19 . 2012-06-15 01:19 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-06-14 23:25 . 2012-06-15 00:46 -------- d-----w- c:\windows\system32\NtmsData
2012-06-14 15:45 . 2012-06-14 15:45 -------- d-----w- c:\programme\CCleaner
2012-06-14 14:10 . 2012-06-14 18:47 -------- d-----w- C:\_OTL
2012-06-14 08:22 . 2008-04-13 17:45 20608 -c--a-w- c:\windows\system32\dllcache\usbuhci.sys
2012-06-14 08:22 . 2008-04-13 17:45 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-06-01 10:34 . 2008-04-14 01:22 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-06-01 10:34 . 2008-04-14 01:22 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-06-01 10:34 . 2008-04-14 00:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-06-01 10:34 . 2008-04-14 00:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-06-01 10:34 . 2008-04-13 17:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-06-01 10:34 . 2008-04-13 17:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-05-31 18:33 . 2001-08-18 02:22 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-05-31 18:33 . 2001-08-18 02:22 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-05-31 18:33 . 2008-04-13 17:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2012-05-31 18:33 . 2008-04-13 17:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 17:54 . 2011-12-09 20:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:22 . 2002-12-31 12:00 604160 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2002-12-31 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2002-12-31 12:00 1863296 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:40 . 2002-12-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2002-12-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2002-12-31 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2004-08-04 00:50 2071424 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2002-12-31 12:00 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2006-04-29 14:42 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2004-09-07 10:47 . 2004-09-07 10:47 70144 -c--a-w- c:\programme\Gemeinsame Dateien\IRAMDMTR.DLL
2004-09-07 10:47 . 2004-09-07 10:47 31744 -c--a-w- c:\programme\Gemeinsame Dateien\IRAWEBTR.DLL
2004-09-07 10:47 . 2004-09-07 10:47 186368 -c--a-w- c:\programme\Gemeinsame Dateien\IRAREG.DLL
2004-09-07 10:46 . 2004-09-07 10:46 48640 -c--a-w- c:\programme\Gemeinsame Dateien\IRALPTTR.DLL
2004-09-07 10:46 . 2004-09-07 10:46 99840 -c--a-w- c:\programme\Gemeinsame Dateien\IRAABOUT.DLL
2004-09-07 10:46 . 2004-09-07 10:46 17920 -c--a-w- c:\programme\Gemeinsame Dateien\IRASRIAL.DLL
1999-06-10 08:34 . 2006-04-29 14:45 570128 -c--a-w- c:\programme\Gemeinsame Dateien\DAO350.DLL
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-05 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 68096]
"LogitechVideoRepair"="c:\programme\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\programme\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Maja\Startmenü\Programme\Autostart\
FRITZ!DSL Protect.lnk - c:\programme\FRITZ!DSL\FwebProt.exe [2007-9-7 1070384]
FRITZ!DSL Startcenter.lnk - c:\programme\FRITZ!DSL\StCenter.exe [2007-9-11 804144]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-5-2 450560]
Ralink Wireless Utility.lnk - c:\programme\RALINK\Common\RaUI.exe [2006-5-5 589824]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Lexware Info Service.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Lexware Info Service.lnk
backup=c:\windows\pss\Lexware Info Service.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Symantec Fax Starter Edition-Anschluss.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Symantec Fax Starter Edition-Anschluss.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition-Anschluss.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1und1Dispatcher]
2011-07-13 14:24 216432 ----a-w- c:\programme\1und1Softwareaktualisierung\SchedDispatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2004-10-08 10:06 196608 ----a-w- c:\programme\Logitech\Video\ManifestEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-10-08 09:52 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22 1695232 ------w- c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2010-03-04 13:10 2192672 ----a-w- c:\programme\Nokia\Ovi Player\NokiaOviPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 07:55 17148552 ----a-r- c:\programme\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-05 10:56 68856 ----a-w- c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programme\\eMule\\eMule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\FRITZ!DSL\\WebwaIgd.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [29.04.2006 17:22 44928]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [23.01.2008 10:19 501560]
R2 IGDCTRL;AVM IGD CTRL Service;c:\programme\FRITZ!DSL\IGDCTRL.EXE [04.09.2007 11:14 87344]
R2 Update-Service;Update-Service;c:\windows\System32\svchost.exe -k Update-Service [31.12.2002 14:00 14336]
R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [29.04.2006 17:23 29696]
S2 gupdate;Google Update Service (gupdate);"c:\programme\Google\Update\GoogleUpdate.exe" /svc --> c:\programme\Google\Update\GoogleUpdate.exe [?]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [29.02.2012 09:50 158856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-01 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-05 12:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://service.gmx.net/de/cgi/g.fcgi/application/navigator/?CUSTOMERNO=46999835&t=de1965361379.1333389311.da35d8dc
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
LSP: c:\programme\FRITZ!DSL\\sarah.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-SunJavaUpdateSched - c:\programme\Java\jre1.5.0_06\bin\jusched.exe
AddRemove-web2date - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-19 17:21
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(776)
c:\programme\FRITZ!DSL\sarah.dll
c:\programme\FRITZ!DSL\block.dll
.
Zeit der Fertigstellung: 2012-06-19 17:29:05
ComboFix-quarantined-files.txt 2012-06-19 15:28
.
Vor Suchlauf: 8 Verzeichnis(se), 14.276.718.592 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 14.375.297.024 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F8CE1AB9C4AC965F0B52F4217401311A
MfG Michael |
|
19.06.2012, 22:43
| #36 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BundesTrojaner? PC startet nicht mehr im abgesicherten Modus Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ --> BundesTrojaner? PC startet nicht mehr im abgesicherten Modus |
|
21.06.2012, 07:50
| #37 |
| | BundesTrojaner? PC startet nicht mehr im abgesicherten Modus Hallo Arne, poste hier dir log Dateien die du mir als Aufgabe gestellt hattest. [CODE] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-20 07:12:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-e WDC_WD800JD-55MUA1 rev.10.01E01
Running: cwetnz48.exe; Driver: C:\DOKUME~1\Maja\LOKALE~1\Temp\uxtdqpog.sys
---- System - GMER 1.0.15 ----
SSDT F8BF3474 ZwClose
SSDT F8BF342E ZwCreateKey
SSDT F8BF347E ZwCreateSection
SSDT F8BF3424 ZwCreateThread
SSDT F8BF3433 ZwDeleteKey
SSDT F8BF343D ZwDeleteValueKey
SSDT F8BF346F ZwDuplicateObject
SSDT F8BF3442 ZwLoadKey
SSDT F8BF3410 ZwOpenProcess
SSDT F8BF3415 ZwOpenThread
SSDT F8BF3497 ZwQueryValueKey
SSDT F8BF344C ZwReplaceKey
SSDT F8BF3488 ZwRequestWaitReplyPort
SSDT F8BF3447 ZwRestoreKey
SSDT F8BF3483 ZwSetContextThread
SSDT F8BF348D ZwSetSecurityObject
SSDT F8BF3438 ZwSetValueKey
SSDT F8BF3492 ZwSystemDebugControl
SSDT F8BF341F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF7C6B900]
.reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xA66AD480, 0x306DD, 0xE0000060]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 02E21B91
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtCreateSection 7C91D17E 5 Bytes JMP 02E208F8
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 02E20BD4
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 02E218B4
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtOpenSection 7C91D62E 5 Bytes JMP 02E20683
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtQueryAttributesFile 7C91D70E 5 Bytes JMP 02E215E1
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtQuerySection 7C91D8CE 5 Bytes JMP 02E2116D
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtQueryVirtualMemory 7C91D97E 5 Bytes JMP 02E21D66
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtUnmapViewOfSection 7C91DF0E 5 Bytes JMP 02E20F2E
.text C:\Programme\Internet Explorer\iexplore.exe[2204] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2204] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2204] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41367207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2204] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41367139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2204] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 413671A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2204] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 4136700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2204] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 4136706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2204] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 4136726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2204] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 413670CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 09521B91
.text C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtCreateSection 7C91D17E 5 Bytes JMP 095208F8
.text C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 09684CB8 C:\WINDOWS\system32\hxjyv.dll
.text C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 09520BD4
.text C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 095218B4
.text C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtOpenSection 7C91D62E 5 Bytes JMP 09520683
.text C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtQueryAttributesFile 7C91D70E 5 Bytes JMP 095215E1
.text C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtQuerySection 7C91D8CE 5 Bytes JMP 0952116D
.text C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtQueryVirtualMemory 7C91D97E 5 Bytes JMP 09521D66
.text C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 09684CC9 C:\WINDOWS\system32\hxjyv.dll
.text C:\Programme\Internet Explorer\iexplore.exe[2468] ntdll.dll!NtUnmapViewOfSection 7C91DF0E 5 Bytes JMP 09520F2E
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125D0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41367207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41367139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 413671A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 4136700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 4136706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 4136726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 413670CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] ole32.dll!CoCreateInstance 774CF1BC 5 Bytes JMP 4126DB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] ole32.dll!OleLoadFromStream 774F983B 5 Bytes JMP 4136756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Programme\Internet Explorer\iexplore.exe[2468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library C:\WINDOWS\system32\hxjyv.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1196] 0x04630000
Library C:\WINDOWS\system32\hxjyv.dll (*** hidden *** ) @ C:\Programme\Internet Explorer\iexplore.exe [2468] 0x09670000
---- Files - GMER 1.0.15 ----
File C:\Dokumente und Einstellungen\Maja\Cookies\B8116NKE.txt 497 bytes
File C:\Dokumente und Einstellungen\Maja\Cookies\LP0BPF4H.txt 755 bytes
File C:\Dokumente und Einstellungen\Maja\Cookies\9FKZOZ1A.txt 5214 bytes
File C:\Dokumente und Einstellungen\Maja\Cookies\TF53HK1Y.txt 1168 bytes
File C:\Dokumente und Einstellungen\Maja\Cookies\3YJ5DEC5.txt 116 bytes
File C:\Dokumente und Einstellungen\Maja\Cookies\9ABMC1PT.txt 2314 bytes
File C:\Dokumente und Einstellungen\Maja\Cookies\BPK1GOZP.txt 96 bytes
File C:\Dokumente und Einstellungen\Maja\Cookies\0QQTRT0C.txt 999 bytes
File C:\Dokumente und Einstellungen\Maja\Cookies\FM4KFYOE.txt 144 bytes
---- EOF - GMER 1.0.15 ----
--- --- --- Code:
ATTFilter OSAM Logfile: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-20 22:17:41
-----------------------------
22:17:41.453 OS Version: Windows 5.1.2600 Service Pack 3
22:17:41.453 Number of processors: 1 586 0x2F02
22:17:41.453 ComputerName: WINXP UserName: Maja
22:17:42.281 Initialize success
22:18:12.937 AVAST engine defs: 12061901
22:18:20.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-e
22:18:20.515 Disk 0 Vendor: WDC_WD800JD-55MUA1 10.01E01 Size: 76319MB BusType: 3
22:18:20.531 Disk 0 MBR read successfully
22:18:20.531 Disk 0 MBR scan
22:18:20.671 Disk 0 Windows XP default MBR code
22:18:20.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29996 MB offset 63
22:18:20.718 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 46320 MB offset 61432560
22:18:20.750 Disk 0 scanning sectors +156296385
22:18:20.921 Disk 0 scanning C:\WINDOWS\system32\drivers
22:18:43.750 Service scanning
22:19:08.437 Modules scanning
22:19:35.921 Disk 0 trace - called modules:
22:19:35.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
22:19:36.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f90ab8]
22:19:36.453 3 CLASSPNP.SYS[f8665fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-e[0x82f94d98]
22:19:36.968 AVAST engine scan C:\WINDOWS
22:20:01.937 AVAST engine scan C:\WINDOWS\system32
22:26:00.468 AVAST engine scan C:\WINDOWS\system32\drivers
22:26:26.406 AVAST engine scan C:\Dokumente und Einstellungen\Maja
22:37:26.609 AVAST engine scan C:\Dokumente und Einstellungen\All Users
22:38:10.328 Scan finished successfully
01:19:01.734 Disk 0 MBR has been saved successfully to "F:\Neusesten\MBR.dat"
01:19:01.750 The log file has been saved successfully to "F:\Neusesten\aswMBR.txt"
 MfG Michael |
|
21.06.2012, 12:05
| #38 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BundesTrojaner? PC startet nicht mehr im abgesicherten Modus Da ist noch was!  Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Killall::
File::
C:\WINDOWS\system32\hxjyv.dll
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.06.2012, 06:12
| #39 |
| | BundesTrojaner? PC startet nicht mehr im abgesicherten Modus Morsche!! auch das habe ich so ausgeführt wie du es mir beschrieben hattest. Die dazugehörige log poste ich hier. [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 12-06-19.01 - Maja 22.06.2012 6:20.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.511.252 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Maja\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Maja\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\system32\hxjyv.dll"
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-22 bis 2012-06-22 ))))))))))))))))))))))))))))))
.
.
2012-06-19 15:42 . 2012-06-19 15:42 -------- d-----w- c:\dokumente und einstellungen\Maja\Anwendungsdaten\Avira
2012-06-19 15:34 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-19 15:34 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-19 15:34 . 2012-04-16 19:17 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-19 15:34 . 2012-06-19 15:34 -------- d-----w- c:\programme\Avira
2012-06-19 15:34 . 2012-06-19 15:34 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2012-06-16 16:22 . 2012-06-16 16:22 -------- d-sh--w- c:\dokumente und einstellungen\Maja\IECompatCache
2012-06-16 16:21 . 2012-06-16 16:21 -------- d-----w- c:\dokumente und einstellungen\Maja\Lokale Einstellungen\Anwendungsdaten\Sun
2012-06-16 12:41 . 2012-06-16 12:41 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2012-06-16 12:39 . 2012-06-16 12:39 -------- d-----w- c:\programme\Oracle
2012-06-16 12:39 . 2012-06-16 12:39 -------- d-----w- c:\dokumente und einstellungen\Maja\Anwendungsdaten\Oracle
2012-06-16 12:38 . 2012-05-04 17:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-16 12:38 . 2012-05-04 17:29 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-16 12:38 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-16 12:36 . 2012-06-16 12:36 -------- d-----w- c:\programme\Java
2012-06-16 06:11 . 2012-05-11 14:40 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-15 17:54 . 2012-06-15 17:54 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-15 14:39 . 2012-06-15 14:39 241664 ----a-w- c:\windows\system32\poua3ktnk.dll
2012-06-15 01:20 . 2012-06-15 01:20 -------- d-----w- c:\dokumente und einstellungen\Maja\Anwendungsdaten\Malwarebytes
2012-06-15 01:19 . 2012-06-15 01:19 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-06-14 23:25 . 2012-06-15 00:46 -------- d-----w- c:\windows\system32\NtmsData
2012-06-14 15:45 . 2012-06-14 15:45 -------- d-----w- c:\programme\CCleaner
2012-06-14 14:10 . 2012-06-14 18:47 -------- d-----w- C:\_OTL
2012-06-14 08:22 . 2008-04-13 17:45 20608 -c--a-w- c:\windows\system32\dllcache\usbuhci.sys
2012-06-14 08:22 . 2008-04-13 17:45 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-06-01 10:34 . 2008-04-14 01:22 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-06-01 10:34 . 2008-04-14 01:22 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-06-01 10:34 . 2008-04-14 00:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-06-01 10:34 . 2008-04-14 00:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-06-01 10:34 . 2008-04-13 17:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-06-01 10:34 . 2008-04-13 17:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-05-31 18:33 . 2001-08-18 02:22 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-05-31 18:33 . 2001-08-18 02:22 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-05-31 18:33 . 2008-04-13 17:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2012-05-31 18:33 . 2008-04-13 17:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 17:54 . 2011-12-09 20:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2007-06-20 19:36 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-06-20 19:36 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2006-04-29 14:48 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2006-04-29 14:48 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2006-04-29 14:48 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-06-20 19:36 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2006-04-29 14:48 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2006-04-29 14:48 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2005-05-26 02:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2002-12-31 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-06-20 19:36 23576 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2006-04-29 14:48 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2006-04-29 14:48 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2012-03-31 15:03 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2012-03-31 15:03 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2012-03-31 15:03 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2002-12-31 12:00 604160 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2002-12-31 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2002-12-31 12:00 1863296 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:40 . 2002-12-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2002-12-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2002-12-31 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2004-08-04 00:50 2071424 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2002-12-31 12:00 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2006-04-29 14:42 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2004-09-07 10:47 . 2004-09-07 10:47 70144 -c--a-w- c:\programme\Gemeinsame Dateien\IRAMDMTR.DLL
2004-09-07 10:47 . 2004-09-07 10:47 31744 -c--a-w- c:\programme\Gemeinsame Dateien\IRAWEBTR.DLL
2004-09-07 10:47 . 2004-09-07 10:47 186368 -c--a-w- c:\programme\Gemeinsame Dateien\IRAREG.DLL
2004-09-07 10:46 . 2004-09-07 10:46 48640 -c--a-w- c:\programme\Gemeinsame Dateien\IRALPTTR.DLL
2004-09-07 10:46 . 2004-09-07 10:46 99840 -c--a-w- c:\programme\Gemeinsame Dateien\IRAABOUT.DLL
2004-09-07 10:46 . 2004-09-07 10:46 17920 -c--a-w- c:\programme\Gemeinsame Dateien\IRASRIAL.DLL
1999-06-10 08:34 . 2006-04-29 14:45 570128 -c--a-w- c:\programme\Gemeinsame Dateien\DAO350.DLL
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-19_15.21.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-22 04:33 . 2012-06-22 04:33 16384 c:\windows\temp\Perflib_Perfdata_1cc.dat
+ 2012-06-21 04:09 . 2012-06-02 13:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-06-21 04:09 . 2012-06-02 13:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2006-04-29 14:48 . 2012-06-02 13:19 35864 c:\windows\system32\dllcache\wups.dll
+ 2006-04-29 14:48 . 2012-06-02 13:19 53784 c:\windows\system32\dllcache\wuauclt.exe
+ 2002-12-31 12:00 . 2012-06-02 13:19 97304 c:\windows\system32\dllcache\cdm.dll
+ 2012-06-19 15:27 . 2012-06-19 15:27 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3b34fc2c8c94ffe21f75168980b69dfe\System.Web.DynamicData.Design.ni.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 294912 c:\windows\system32\tnns8yjnu.dll
+ 2006-04-29 14:48 . 2012-06-02 13:19 210968 c:\windows\system32\dllcache\wuweb.dll
+ 2006-04-29 14:48 . 2012-06-02 13:19 329240 c:\windows\system32\dllcache\wucltui.dll
+ 2006-04-29 14:48 . 2012-06-02 13:19 577048 c:\windows\system32\dllcache\wuapi.dll
+ 2012-06-19 15:27 . 2012-06-19 15:27 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\698c2093d7ac57af935b399d1c0b1790\System.Web.Routing.ni.dll
+ 2012-06-19 15:28 . 2012-06-19 15:28 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\75248baf640115daeb0e580f1c5ff98b\System.Web.Extensions.Design.ni.dll
+ 2012-06-19 15:27 . 2012-06-19 15:27 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\40c3b61ac38613e2b4b0f196e86185eb\System.Web.Entity.ni.dll
+ 2012-06-19 15:27 . 2012-06-19 15:27 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\39cc9a830f7f08fd9f397be452fd78b0\System.Web.Entity.Design.ni.dll
+ 2012-06-19 15:27 . 2012-06-19 15:27 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\88b1fd4792e7b698b788594d8e5e3c09\System.Web.DynamicData.ni.dll
+ 2012-06-19 15:27 . 2012-06-19 15:27 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6333d22a2ea347432d46c40d93194c68\System.Web.Abstractions.ni.dll
+ 2012-06-19 15:26 . 2012-06-19 15:26 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
+ 2012-06-19 15:25 . 2012-06-19 15:25 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
+ 2006-04-29 14:48 . 2012-06-02 13:19 1933848 c:\windows\system32\dllcache\wuaueng.dll
+ 2012-06-19 15:29 . 2012-06-19 15:29 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP16.tmp\System.Web.Services.dll
+ 2012-06-20 04:30 . 2012-06-20 04:30 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bd5bd406670d483b82bd51249eee59e3\System.WorkflowServices.ni.dll
+ 2012-06-20 04:29 . 2012-06-20 04:29 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\77361ebe9ad8ff77cc9a8d7f8363eb05\System.Workflow.Runtime.ni.dll
+ 2012-06-20 04:29 . 2012-06-20 04:29 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1c12dfa7826b331b243b7b45daf9904d\System.Workflow.ComponentModel.ni.dll
+ 2012-06-20 04:28 . 2012-06-20 04:28 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\514bf0e69e2c9fc8509cd23236057356\System.Workflow.Activities.ni.dll
+ 2012-06-20 04:26 . 2012-06-20 04:26 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll
+ 2012-06-19 15:29 . 2012-06-19 15:29 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\77f8cde07b131839f1841be702837e8e\System.Web.Mobile.ni.dll
+ 2012-06-19 15:27 . 2012-06-19 15:27 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\242b168aaca18197eca371ec269e23ac\System.Web.Extensions.ni.dll
+ 2012-06-19 15:25 . 2012-06-19 15:25 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll
+ 2012-06-19 15:24 . 2012-06-19 15:24 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
+ 2012-06-19 15:26 . 2012-06-19 15:26 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-05 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 68096]
"LogitechVideoRepair"="c:\programme\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\programme\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Maja\Startmenü\Programme\Autostart\
FRITZ!DSL Protect.lnk - c:\programme\FRITZ!DSL\FwebProt.exe [2007-9-7 1070384]
FRITZ!DSL Startcenter.lnk - c:\programme\FRITZ!DSL\StCenter.exe [2007-9-11 804144]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-5-2 450560]
Ralink Wireless Utility.lnk - c:\programme\RALINK\Common\RaUI.exe [2006-5-5 589824]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Lexware Info Service.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Lexware Info Service.lnk
backup=c:\windows\pss\Lexware Info Service.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Symantec Fax Starter Edition-Anschluss.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Symantec Fax Starter Edition-Anschluss.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition-Anschluss.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1und1Dispatcher]
2011-07-13 14:24 216432 ----a-w- c:\programme\1und1Softwareaktualisierung\SchedDispatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2004-10-08 10:06 196608 ----a-w- c:\programme\Logitech\Video\ManifestEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-10-08 09:52 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22 1695232 ------w- c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2010-03-04 13:10 2192672 ----a-w- c:\programme\Nokia\Ovi Player\NokiaOviPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 07:55 17148552 ----a-r- c:\programme\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-05 10:56 68856 ----a-w- c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programme\\eMule\\eMule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\FRITZ!DSL\\WebwaIgd.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [29.04.2006 17:22 44928]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [19.06.2012 17:34 36000]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [23.01.2008 10:19 501560]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [19.06.2012 17:34 86224]
R2 IGDCTRL;AVM IGD CTRL Service;c:\programme\FRITZ!DSL\IGDCTRL.EXE [04.09.2007 11:14 87344]
R2 Update-Service;Update-Service;c:\windows\System32\svchost.exe -k Update-Service [31.12.2002 14:00 14336]
R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [29.04.2006 17:23 29696]
S2 gupdate;Google Update Service (gupdate);"c:\programme\Google\Update\GoogleUpdate.exe" /svc --> c:\programme\Google\Update\GoogleUpdate.exe [?]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [29.02.2012 09:50 158856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-01 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-05 12:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
LSP: c:\programme\FRITZ!DSL\\sarah.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-22 06:35
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(796)
c:\programme\FRITZ!DSL\sarah.dll
c:\programme\FRITZ!DSL\block.dll
.
- - - - - - - > 'explorer.exe'(2148)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-22 06:42:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-22 04:42
ComboFix2.txt 2012-06-19 15:29
.
Vor Suchlauf: 10 Verzeichnis(se), 14.642.593.792 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 14.690.947.072 Bytes frei
.
- - End Of File - - 67799B8FA7709A350214E2C69D267D0B
Wie geht es weiter? Glaubst du er ist jetzt Virenfrei? Freue mich wieder von dir zu Hören. MfG Michael |
|
22.06.2012, 10:30
| #40 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BundesTrojaner? PC startet nicht mehr im abgesicherten Modus Mach bitte ein neues Log mit GMER
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.06.2012, 17:43
| #41 |
| | BundesTrojaner? PC startet nicht mehr im abgesicherten Modus Hier die log: [CODE] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-22 18:39:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-e WDC_WD800JD-55MUA1 rev.10.01E01
Running: cwetnz48.exe; Driver: C:\DOKUME~1\Maja\LOKALE~1\Temp\uxtdqpog.sys
---- System - GMER 1.0.15 ----
SSDT AEC7276C ZwClose
SSDT AEC72726 ZwCreateKey
SSDT AEC72776 ZwCreateSection
SSDT AEC7271C ZwCreateThread
SSDT AEC7272B ZwDeleteKey
SSDT AEC72735 ZwDeleteValueKey
SSDT AEC72767 ZwDuplicateObject
SSDT AEC7273A ZwLoadKey
SSDT AEC72708 ZwOpenProcess
SSDT AEC7270D ZwOpenThread
SSDT AEC7278F ZwQueryValueKey
SSDT AEC72744 ZwReplaceKey
SSDT AEC72780 ZwRequestWaitReplyPort
SSDT AEC7273F ZwRestoreKey
SSDT AEC7277B ZwSetContextThread
SSDT AEC72785 ZwSetSecurityObject
SSDT AEC72730 ZwSetValueKey
SSDT AEC7278A ZwSystemDebugControl
SSDT AEC72717 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF818E900]
.reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xA647C480, 0x306DD, 0xE0000060]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 033E1B91
.text C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtCreateSection 7C91D17E 5 Bytes JMP 033E08F8
.text C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtMapViewOfSection 7C91D51E 5 Bytes JMP 033E0BD4
.text C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 033E18B4
.text C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtOpenSection 7C91D62E 5 Bytes JMP 033E0683
.text C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtQueryAttributesFile 7C91D70E 5 Bytes JMP 033E15E1
.text C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtQuerySection 7C91D8CE 5 Bytes JMP 033E116D
.text C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtQueryVirtualMemory 7C91D97E 5 Bytes JMP 033E1D66
.text C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtUnmapViewOfSection 7C91DF0E 5 Bytes JMP 033E0F2E
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library C:\WINDOWS\system32\hxjyv.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1184] 0x044B0000
---- EOF - GMER 1.0.15 ----
MfG Michael |
|
24.06.2012, 15:37
| #42 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BundesTrojaner? PC startet nicht mehr im abgesicherten ModusCode:
ATTFilter Library C:\WINDOWS\system32\hxjyv.dll (*** hidden *** )
 Boote den Rechner nochmal bitte von der OTLPE-CD Navigiere dann nach \WINDOWS\system32, also dem system32-Ordner des auf Festplatte installierten Windows. Benenne die Datei bitte um in hxjyv.dll.vir Starte danach den Rechner neu und boote Windows normal. Mach danach ein neues GMER-Log und lad die umbenannte Datei also C:\WINDOWS\system32\hxjyv.dll.vir bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.06.2012, 07:17
| #43 |
| | BundesTrojaner? PC startet nicht mehr im abgesicherten Modus Morgen Arne, wollte mich entschuldigen dafür, dass ich so spät antworte. Aber ich war die letzten 2 Tage nicht online. Habe versucht die von dir beschriebene Datei unter dem angegebenen Pfad nachdem ich von CD gebootet hatte zu finden und umzubenennen. Aber leider ist diese nicht dort zu finden...  Auch eine Suche über das komplette System ergab keinen Treffer.  Also was soll ich tun? Bitte sei so nett und gib mir einen Rat oder erkläre mir was ich falsch gemacht habe. DANKE! MfG Michael |
|
27.06.2012, 13:42
| #44 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BundesTrojaner? PC startet nicht mehr im abgesicherten Modus Boote mal deinen Rechner von einer Xubuntu-CD, siehe Link in meiner Signatur Da wird beschrieben wir du diese CD erstellst und wie du davon bootest Navigiere dann mal mit Ubuntu zu diesem Pfad und versuch diese Datei ausfindig zu machen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.06.2012, 09:47
| #45 |
| | BundesTrojaner? PC startet nicht mehr im abgesicherten Modus Hallo, auch hiermit ist unter diesem Pfad die Datei nicht auffindbar. Habe auch darauf geachtet, dass alle Dateien auch die versteckten mir angezeigt werden. MfG Michael |
|
| Themen zu BundesTrojaner? PC startet nicht mehr im abgesicherten Modus |
| abgesicherten, abgesicherten modus, abgesicherten modus funktioniert, bios, boards, bundestrojaner, erstellt, funktioniert, hallo zusammen, hinweis, hochfahren, keine taskleiste, modus, neu, nicht mehr, nichts, offline, pc startet nicht mehr, programm, start, startet, startet nicht, taskleiste, tipps, trojaner, verschiedene, windows, windows xp |
Linear-Darstellung
