Live Security Platinum - Wie Entfernen ?

uli_lu · 05.08.2012, 15:39

Hi Arne,

habe OTL im normalen Modus ohne WLAN gestartet.
F_Secure Scan ausgeschaltet.

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Folder C:\ProgramData\6C82D128000117EA0055131AF875F020\ not found.
C:\ProgramData\FullRemove.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Uli
->Temp folder emptied: 1444695193 bytes
->Temporary Internet Files folder emptied: 498397118 bytes
->Java cache emptied: 88298 bytes
->FireFox cache emptied: 100348299 bytes
->Flash cache emptied: 51280 bytes
 
User: Uli_Normal
->Temp folder emptied: 44376 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 141030455 bytes
RecycleBin emptied: 6826547719 bytes
 
Total Files Cleaned = 8.594,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Uli
->Flash cache emptied: 0 bytes
 
User: Uli_Normal
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.56.0 log created on 08052012_161557

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\LMutilps.log scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012.08.05 16:20:20 | 001,545,392 | ---- | M] () C:\Windows\temp\LMutilps.log : Unable to obtain MD5

Registry entries deleted on Reboot...

viele grüsse
uli

cosinus · 05.08.2012, 16:42

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

uli_lu · 05.08.2012, 17:45

Hallo Arne,

Code:

ATTFilter

18:39:15.0448 5156	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:39:16.0758 5156	============================================================
18:39:16.0758 5156	Current date / time: 2012/08/05 18:39:16.0758
18:39:16.0758 5156	SystemInfo:
18:39:16.0758 5156	
18:39:16.0758 5156	OS Version: 6.1.7601 ServicePack: 1.0
18:39:16.0758 5156	Product type: Workstation
18:39:16.0758 5156	ComputerName: ULI-PC
18:39:16.0758 5156	UserName: Uli
18:39:16.0758 5156	Windows directory: C:\Windows
18:39:16.0758 5156	System windows directory: C:\Windows
18:39:16.0758 5156	Processor architecture: Intel x86
18:39:16.0758 5156	Number of processors: 4
18:39:16.0758 5156	Page size: 0x1000
18:39:16.0758 5156	Boot type: Normal boot
18:39:16.0758 5156	============================================================
18:39:35.0088 5156	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:39:35.0104 5156	============================================================
18:39:35.0104 5156	\Device\Harddisk0\DR0:
18:39:35.0104 5156	MBR partitions:
18:39:35.0104 5156	\Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x1A00800, BlocksNum 0x833800
18:39:35.0104 5156	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2234000, BlocksNum 0x32000
18:39:35.0151 5156	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2266800, BlocksNum 0x1AF5E800
18:39:35.0151 5156	============================================================
18:39:35.0229 5156	C: <-> \Device\Harddisk0\DR0\Partition2
18:39:35.0338 5156	D: <-> \Device\Harddisk0\DR0\Partition0
18:39:35.0416 5156	============================================================
18:39:35.0416 5156	Initialize success
18:39:35.0416 5156	============================================================
18:40:20.0749 5836	============================================================
18:40:20.0749 5836	Scan started
18:40:20.0749 5836	Mode: Manual; SigCheck; TDLFS; 
18:40:20.0749 5836	============================================================
18:40:28.0752 5836	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:40:29.0704 5836	1394ohci - ok
18:40:30.0359 5836	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:40:30.0468 5836	ACPI - ok
18:40:30.0593 5836	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:40:30.0983 5836	AcpiPmi - ok
18:40:31.0420 5836	AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:40:31.0513 5836	AdobeFlashPlayerUpdateSvc - ok
18:40:32.0574 5836	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
18:40:32.0652 5836	adp94xx - ok
18:40:33.0385 5836	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
18:40:33.0432 5836	adpahci - ok
18:40:33.0588 5836	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
18:40:33.0635 5836	adpu320 - ok
18:40:33.0853 5836	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:40:34.0446 5836	AeLookupSvc - ok
18:40:34.0945 5836	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:40:35.0070 5836	AFD - ok
18:40:35.0179 5836	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:40:35.0273 5836	agp440 - ok
18:40:35.0382 5836	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
18:40:35.0476 5836	aic78xx - ok
18:40:35.0632 5836	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:40:35.0725 5836	ALG - ok
18:40:35.0850 5836	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:40:35.0897 5836	aliide - ok
18:40:35.0975 5836	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:40:36.0053 5836	amdagp - ok
18:40:36.0084 5836	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:40:36.0115 5836	amdide - ok
18:40:36.0225 5836	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
18:40:36.0334 5836	AmdK8 - ok
18:40:36.0396 5836	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
18:40:36.0583 5836	AmdPPM - ok
18:40:36.0849 5836	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:40:36.0895 5836	amdsata - ok
18:40:37.0270 5836	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
18:40:37.0348 5836	amdsbs - ok
18:40:37.0395 5836	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:40:37.0426 5836	amdxata - ok
18:40:37.0535 5836	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:40:37.0722 5836	AppID - ok
18:40:37.0909 5836	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:40:38.0050 5836	AppIDSvc - ok
18:40:38.0315 5836	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
18:40:38.0440 5836	Appinfo - ok
18:40:38.0596 5836	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
18:40:38.0643 5836	arc - ok
18:40:38.0814 5836	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
18:40:38.0877 5836	arcsas - ok
18:40:38.0908 5836	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:40:39.0360 5836	AsyncMac - ok
18:40:39.0423 5836	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:40:39.0485 5836	atapi - ok
18:40:41.0310 5836	athr            (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
18:40:41.0451 5836	athr - ok
18:40:42.0480 5836	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:40:42.0636 5836	AudioEndpointBuilder - ok
18:40:42.0652 5836	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:40:42.0730 5836	Audiosrv - ok
18:40:43.0260 5836	avmaudio        (728c4a6c722535c16d1025f51aa31e22) C:\Windows\system32\DRIVERS\avmaudio.sys
18:40:43.0572 5836	avmaudio - ok
18:40:43.0744 5836	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
18:40:43.0978 5836	AxInstSV - ok
18:40:44.0524 5836	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
18:40:44.0680 5836	b06bdrv - ok
18:40:44.0976 5836	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:40:45.0101 5836	b57nd60x - ok
18:40:45.0413 5836	BBSvc           (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
18:40:45.0491 5836	BBSvc - ok
18:40:45.0585 5836	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:40:45.0709 5836	BDESVC - ok
18:40:45.0787 5836	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:40:45.0912 5836	Beep - ok
18:40:46.0505 5836	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
18:40:46.0817 5836	BITS - ok
18:40:47.0004 5836	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\drivers\blbdrive.sys
18:40:47.0129 5836	blbdrive - ok
18:40:47.0301 5836	BMLoad          (d002033c1a37f6af51b5f0ba6d0211bc) C:\Windows\system32\drivers\BMLoad.sys
18:40:47.0347 5836	BMLoad ( UnsignedFile.Multi.Generic ) - warning
18:40:47.0347 5836	BMLoad - detected UnsignedFile.Multi.Generic (1)
18:40:47.0581 5836	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:40:47.0737 5836	bowser - ok
18:40:47.0815 5836	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
18:40:47.0940 5836	BrFiltLo - ok
18:40:47.0971 5836	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
18:40:48.0018 5836	BrFiltUp - ok
18:40:48.0252 5836	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
18:40:48.0517 5836	Browser - ok
18:40:48.0954 5836	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:40:49.0141 5836	Brserid - ok
18:40:49.0251 5836	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:40:49.0375 5836	BrSerWdm - ok
18:40:49.0391 5836	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:40:49.0485 5836	BrUsbMdm - ok
18:40:49.0500 5836	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:40:49.0594 5836	BrUsbSer - ok
18:40:49.0719 5836	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
18:40:49.0812 5836	BTHMODEM - ok
18:40:50.0031 5836	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:40:50.0171 5836	bthserv - ok
18:40:50.0374 5836	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:40:50.0483 5836	cdfs - ok
18:40:50.0670 5836	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
18:40:50.0779 5836	cdrom - ok
18:40:50.0904 5836	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:40:50.0998 5836	CertPropSvc - ok
18:40:51.0060 5836	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
18:40:51.0123 5836	circlass - ok
18:40:51.0169 5836	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:40:51.0247 5836	CLFS - ok
18:40:51.0357 5836	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:40:51.0419 5836	clr_optimization_v2.0.50727_32 - ok
18:40:51.0513 5836	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:40:51.0622 5836	clr_optimization_v4.0.30319_32 - ok
18:40:51.0653 5836	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:40:51.0700 5836	CmBatt - ok
18:40:51.0731 5836	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:40:51.0778 5836	cmdide - ok
18:40:52.0168 5836	CNG             (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
18:40:52.0324 5836	CNG - ok
18:40:52.0386 5836	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
18:40:52.0417 5836	Compbatt - ok
18:40:52.0511 5836	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:40:52.0651 5836	CompositeBus - ok
18:40:52.0698 5836	COMSysApp - ok
18:40:52.0745 5836	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
18:40:52.0776 5836	crcdisk - ok
18:40:53.0104 5836	CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
18:40:53.0260 5836	CryptSvc - ok
18:40:54.0804 5836	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:40:54.0945 5836	cvhsvc - ok
18:40:55.0896 5836	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:40:56.0099 5836	DcomLaunch - ok
18:40:56.0458 5836	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:40:56.0629 5836	defragsvc - ok
18:40:57.0253 5836	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:40:57.0441 5836	DfsC - ok
18:40:57.0799 5836	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
18:40:57.0924 5836	Dhcp - ok
18:40:58.0002 5836	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:40:58.0127 5836	discache - ok
18:40:58.0299 5836	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
18:40:58.0345 5836	Disk - ok
18:40:58.0689 5836	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
18:40:58.0782 5836	Dnscache - ok
18:40:59.0422 5836	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
18:40:59.0562 5836	dot3svc - ok
18:40:59.0999 5836	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
18:41:00.0217 5836	DPS - ok
18:41:00.0311 5836	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:41:00.0389 5836	drmkaud - ok
18:41:01.0715 5836	DsiWMIService   (4ab2a58816cc6be771f1d8c768b804c5) C:\Program Files\Launch Manager\dsiwmis.exe
18:41:01.0840 5836	DsiWMIService - ok
18:41:02.0979 5836	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:41:03.0135 5836	DXGKrnl - ok
18:41:03.0852 5836	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:41:03.0977 5836	EapHost - ok
18:41:11.0528 5836	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
18:41:11.0996 5836	ebdrv - ok
18:41:13.0836 5836	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
18:41:13.0992 5836	EFS - ok
18:41:14.0398 5836	EgisTec Ticket Service (03e6888da1a85acf14ac2a3c328a9e62) C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe
18:41:14.0476 5836	EgisTec Ticket Service - ok
18:41:15.0708 5836	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
18:41:15.0864 5836	elxstor - ok
18:41:17.0814 5836	ePowerSvc       (884efd5c5586af9233b76132ede51905) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
18:41:17.0955 5836	ePowerSvc - ok
18:41:18.0126 5836	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:41:18.0204 5836	ErrDev - ok
18:41:18.0782 5836	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:41:18.0953 5836	EventSystem - ok
18:41:19.0530 5836	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:41:19.0640 5836	exfat - ok
18:41:20.0201 5836	F-Secure Gatekeeper (66422dc3faa1de433371816056d28270) C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys
18:41:20.0248 5836	F-Secure Gatekeeper - ok
18:41:21.0184 5836	F-Secure Gatekeeper Handler Starter (2346842f07e2ab64d1dc83a67fccdfa1) C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe
18:41:21.0231 5836	F-Secure Gatekeeper Handler Starter - ok
18:41:21.0668 5836	F-Secure HIPS   (dc0720248dc4d1f303df94ccc3adff96) C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys
18:41:21.0746 5836	F-Secure HIPS - ok
18:41:22.0214 5836	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:41:22.0385 5836	fastfat - ok
18:41:23.0774 5836	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
18:41:23.0992 5836	Fax - ok
18:41:24.0086 5836	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
18:41:24.0210 5836	fdc - ok
18:41:24.0257 5836	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:41:24.0351 5836	fdPHost - ok
18:41:24.0413 5836	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:41:24.0569 5836	FDResPub - ok
18:41:24.0647 5836	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:41:24.0710 5836	FileInfo - ok
18:41:24.0803 5836	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:41:24.0897 5836	Filetrace - ok
18:41:25.0131 5836	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
18:41:25.0224 5836	flpydisk - ok
18:41:25.0911 5836	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:41:26.0004 5836	FltMgr - ok
18:41:28.0157 5836	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
18:41:28.0313 5836	FontCache - ok
18:41:28.0610 5836	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:41:28.0641 5836	FontCache3.0.0.0 - ok
18:41:28.0859 5836	fsbts           (1d2de58a837e6909f98ca35103d10739) C:\Windows\system32\Drivers\fsbts.sys
18:41:28.0937 5836	fsbts - ok
18:41:29.0514 5836	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:41:29.0561 5836	FsDepends - ok
18:41:30.0825 5836	FSDFWD          (7cd27e80dfd22f02fbda47b706aba0f2) C:\Program Files\M-net\Sicherheitspaket\FWES\Program\fsdfwd.exe
18:41:30.0918 5836	FSDFWD - ok
18:41:31.0090 5836	FSES            (45d83eb65fc09acfffa5d27053eb9ff3) C:\Windows\system32\drivers\fses.sys
18:41:31.0184 5836	FSES - ok
18:41:31.0636 5836	FSFW            (4873e90a180e1585f9b6c6d52aebf52c) C:\Windows\system32\drivers\fsdfw.sys
18:41:31.0698 5836	FSFW - ok
18:41:32.0276 5836	FSMA            (8a556a81e9ff95bd9eb7207783e8fcf4) C:\Program Files\M-net\Sicherheitspaket\Common\FSMA32.EXE
18:41:32.0354 5836	FSMA - ok
18:41:32.0510 5836	FSORSPClient    (42aef6a385354aca65fc210ce7ce4d7c) C:\Program Files\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe
18:41:32.0588 5836	FSORSPClient - ok
18:41:32.0790 5836	fsvista         (d8b300c1c744460dae837db72bc2ccbd) C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys
18:41:32.0837 5836	fsvista - ok
18:41:32.0962 5836	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
18:41:33.0009 5836	Fs_Rec - ok
18:41:33.0836 5836	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:41:33.0929 5836	fvevol - ok
18:41:34.0116 5836	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
18:41:34.0148 5836	gagp30kx - ok
18:41:35.0333 5836	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
18:41:36.0144 5836	gpsvc - ok
18:41:36.0347 5836	GREGService     (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files\Acer\Registration\GREGsvc.exe
18:41:36.0378 5836	GREGService - ok
18:41:36.0456 5836	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:41:36.0628 5836	hcw85cir - ok
18:41:37.0704 5836	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:41:37.0985 5836	HdAudAddService - ok
18:41:38.0048 5836	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:41:38.0110 5836	HDAudBus - ok
18:41:38.0141 5836	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
18:41:38.0235 5836	HidBatt - ok
18:41:38.0282 5836	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
18:41:38.0391 5836	HidBth - ok
18:41:38.0406 5836	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
18:41:38.0484 5836	HidIr - ok
18:41:38.0656 5836	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
18:41:38.0781 5836	hidserv - ok
18:41:38.0859 5836	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:41:38.0906 5836	HidUsb - ok
18:41:39.0358 5836	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
18:41:39.0576 5836	hkmsvc - ok
18:41:39.0951 5836	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
18:41:40.0076 5836	HomeGroupListener - ok
18:41:40.0310 5836	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
18:41:40.0403 5836	HomeGroupProvider - ok
18:41:40.0544 5836	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:41:40.0637 5836	HpSAMD - ok
18:41:42.0150 5836	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:41:42.0275 5836	HTTP - ok
18:41:42.0291 5836	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:41:42.0322 5836	hwpolicy - ok
18:41:42.0431 5836	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:41:42.0525 5836	i8042prt - ok
18:41:43.0461 5836	iaStor          (f4037a3fedb92dd97c95f320766ea5c9) C:\Windows\system32\drivers\iaStor.sys
18:41:43.0742 5836	iaStor - ok
18:41:44.0194 5836	IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:41:44.0241 5836	IAStorDataMgrSvc - ok
18:41:45.0208 5836	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:41:45.0302 5836	iaStorV - ok
18:41:45.0816 5836	IconMan_R       (0dffba5ae3d2e1c076bd8e6f52c4fdfb) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
18:41:45.0941 5836	IconMan_R ( UnsignedFile.Multi.Generic ) - warning
18:41:45.0941 5836	IconMan_R - detected UnsignedFile.Multi.Generic (1)
18:41:46.0160 5836	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:41:46.0253 5836	idsvc - ok
18:41:47.0579 5836	igfx            (ba41e1bba410212ce6d30e0dac47972b) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:41:47.0860 5836	igfx - ok
18:41:48.0063 5836	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
18:41:48.0110 5836	iirsp - ok
18:41:48.0297 5836	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
18:41:48.0437 5836	IKEEXT - ok
18:41:52.0712 5836	IntcAzAudAddService (feaae1c549d14b9759b88c569f33cd4e) C:\Windows\system32\drivers\RTKVHDA.sys
18:41:52.0961 5836	IntcAzAudAddService - ok
18:41:54.0131 5836	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:41:54.0178 5836	intelide - ok
18:41:54.0256 5836	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:41:54.0350 5836	intelppm - ok
18:41:54.0490 5836	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:41:54.0615 5836	IPBusEnum - ok
18:41:54.0755 5836	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:41:54.0911 5836	IpFilterDriver - ok
18:41:55.0005 5836	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:41:55.0161 5836	IPMIDRV - ok
18:41:55.0317 5836	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:41:55.0520 5836	IPNAT - ok
18:41:55.0582 5836	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:41:55.0832 5836	IRENUM - ok
18:41:55.0910 5836	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:41:55.0972 5836	isapnp - ok
18:41:56.0222 5836	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:41:56.0284 5836	iScsiPrt - ok
18:41:56.0424 5836	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:41:56.0487 5836	kbdclass - ok
18:41:56.0534 5836	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:41:56.0596 5836	kbdhid - ok
18:41:56.0658 5836	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:41:56.0768 5836	KeyIso - ok
18:41:57.0158 5836	KSecDD          (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
18:41:57.0204 5836	KSecDD - ok
18:41:57.0516 5836	KSecPkg         (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
18:41:57.0594 5836	KSecPkg - ok
18:41:57.0844 5836	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:41:58.0016 5836	KtmRm - ok
18:41:58.0109 5836	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
18:41:58.0328 5836	LanmanServer - ok
18:41:58.0499 5836	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
18:41:58.0733 5836	LanmanWorkstation - ok
18:41:59.0529 5836	Live Updater Service (6bcee9c766815bfff89de7d81af34ce1) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
18:41:59.0763 5836	Live Updater Service - ok
18:41:59.0841 5836	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:41:59.0950 5836	lltdio - ok
18:42:00.0106 5836	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:42:00.0231 5836	lltdsvc - ok
18:42:00.0309 5836	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:42:00.0402 5836	lmhosts - ok
18:42:00.0558 5836	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
18:42:00.0621 5836	LSI_FC - ok
18:42:00.0730 5836	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
18:42:00.0808 5836	LSI_SAS - ok
18:42:00.0870 5836	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
18:42:00.0933 5836	LSI_SAS2 - ok
18:42:01.0292 5836	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
18:42:01.0370 5836	LSI_SCSI - ok
18:42:01.0494 5836	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:42:01.0635 5836	luafv - ok
18:42:01.0775 5836	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
18:42:01.0806 5836	megasas - ok
18:42:02.0056 5836	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
18:42:02.0118 5836	MegaSR - ok
18:42:02.0228 5836	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:42:02.0352 5836	MMCSS - ok
18:42:02.0415 5836	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:42:02.0555 5836	Modem - ok
18:42:02.0664 5836	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:42:02.0758 5836	monitor - ok
18:42:02.0945 5836	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
18:42:02.0992 5836	mouclass - ok
18:42:03.0086 5836	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\drivers\mouhid.sys
18:42:03.0179 5836	mouhid - ok
18:42:03.0382 5836	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:42:03.0429 5836	mountmgr - ok
18:42:03.0725 5836	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:42:03.0788 5836	MozillaMaintenance - ok
18:42:04.0084 5836	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:42:04.0115 5836	mpio - ok
18:42:04.0162 5836	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:42:04.0271 5836	mpsdrv - ok
18:42:04.0568 5836	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:42:04.0661 5836	MRxDAV - ok
18:42:05.0036 5836	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:42:05.0316 5836	mrxsmb - ok
18:42:05.0831 5836	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:42:05.0956 5836	mrxsmb10 - ok
18:42:06.0143 5836	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:42:06.0206 5836	mrxsmb20 - ok
18:42:06.0315 5836	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:42:06.0377 5836	msahci - ok
18:42:06.0424 5836	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:42:06.0486 5836	msdsm - ok
18:42:06.0845 5836	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:42:07.0173 5836	MSDTC - ok
18:42:07.0313 5836	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:42:07.0407 5836	Msfs - ok
18:42:07.0454 5836	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:42:07.0547 5836	mshidkmdf - ok
18:42:07.0578 5836	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:42:07.0625 5836	msisadrv - ok
18:42:07.0688 5836	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:42:07.0781 5836	MSiSCSI - ok
18:42:07.0797 5836	msiserver - ok
18:42:07.0859 5836	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:42:07.0937 5836	MSKSSRV - ok
18:42:07.0984 5836	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:42:08.0078 5836	MSPCLOCK - ok
18:42:08.0093 5836	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:42:08.0202 5836	MSPQM - ok
18:42:08.0546 5836	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:42:08.0639 5836	MsRPC - ok
18:42:08.0702 5836	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:42:08.0748 5836	mssmbios - ok
18:42:08.0842 5836	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:42:08.0982 5836	MSTEE - ok
18:42:09.0014 5836	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
18:42:09.0092 5836	MTConfig - ok
18:42:09.0185 5836	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:42:09.0279 5836	Mup - ok
18:42:09.0357 5836	mwlPSDFilter    (247f867957f2750e32e0ffff60223b14) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
18:42:09.0404 5836	mwlPSDFilter - ok
18:42:09.0435 5836	mwlPSDNServ     (f409d176dd75714d927f0a7264d08e51) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
18:42:09.0466 5836	mwlPSDNServ - ok
18:42:09.0606 5836	mwlPSDVDisk     (604f49aad2c890e56040b87e88823ddf) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
18:42:09.0653 5836	mwlPSDVDisk - ok
18:42:10.0418 5836	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
18:42:10.0558 5836	napagent - ok
18:42:11.0213 5836	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:42:11.0354 5836	NativeWifiP - ok
18:42:12.0945 5836	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:42:13.0054 5836	NDIS - ok
18:42:13.0210 5836	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:42:13.0366 5836	NdisCap - ok
18:42:13.0428 5836	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:42:13.0553 5836	NdisTapi - ok
18:42:13.0616 5836	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:42:13.0725 5836	Ndisuio - ok
18:42:13.0865 5836	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:42:13.0990 5836	NdisWan - ok
18:42:14.0130 5836	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:42:14.0240 5836	NDProxy - ok
18:42:14.0302 5836	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:42:14.0427 5836	NetBIOS - ok
18:42:14.0630 5836	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:42:14.0770 5836	NetBT - ok
18:42:14.0910 5836	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:42:14.0973 5836	Netlogon - ok
18:42:15.0612 5836	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:42:15.0753 5836	Netman - ok
18:42:15.0971 5836	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:42:16.0127 5836	netprofm - ok
18:42:16.0517 5836	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:42:16.0564 5836	NetTcpPortSharing - ok
18:42:25.0596 5836	NETwNs32        (f819b9a17cd5bf7668124d6ebacd1d5e) C:\Windows\system32\DRIVERS\NETwNs32.sys
18:42:26.0064 5836	NETwNs32 - ok
18:42:26.0314 5836	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
18:42:26.0345 5836	nfrd960 - ok
18:42:26.0408 5836	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
18:42:26.0517 5836	NlaSvc - ok
18:42:26.0907 5836	NOBU            (a634584c506f2c82680039371aa1772c) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
18:42:27.0110 5836	NOBU - ok
18:42:27.0344 5836	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:42:27.0437 5836	Npfs - ok
18:42:27.0500 5836	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:42:27.0578 5836	nsi - ok
18:42:27.0593 5836	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:42:27.0702 5836	nsiproxy - ok
18:42:27.0921 5836	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:42:28.0061 5836	Ntfs - ok
18:42:28.0155 5836	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:42:28.0233 5836	Null - ok
18:42:28.0280 5836	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:42:28.0326 5836	nvraid - ok
18:42:28.0389 5836	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:42:28.0451 5836	nvstor - ok
18:42:28.0482 5836	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:42:28.0514 5836	nv_agp - ok
18:42:28.0545 5836	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:42:28.0592 5836	ohci1394 - ok
18:42:28.0716 5836	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:42:28.0763 5836	ose - ok
18:42:29.0465 5836	osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:42:29.0762 5836	osppsvc - ok
18:42:29.0980 5836	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:42:30.0089 5836	p2pimsvc - ok
18:42:30.0183 5836	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:42:30.0308 5836	p2psvc - ok
18:42:30.0354 5836	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
18:42:30.0432 5836	Parport - ok
18:42:30.0495 5836	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
18:42:32.0164 5836	partmgr - ok
18:42:32.0211 5836	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
18:42:32.0258 5836	Parvdm - ok
18:42:32.0320 5836	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:42:32.0398 5836	PcaSvc - ok
18:42:32.0429 5836	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:42:32.0492 5836	pci - ok
18:42:32.0523 5836	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:42:32.0570 5836	pciide - ok
18:42:32.0616 5836	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
18:42:32.0679 5836	pcmcia - ok
18:42:32.0710 5836	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:42:32.0741 5836	pcw - ok
18:42:32.0850 5836	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:42:32.0975 5836	PEAUTH - ok
18:42:33.0240 5836	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
18:42:33.0443 5836	pla - ok
18:42:33.0646 5836	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
18:42:33.0740 5836	PlugPlay - ok
18:42:33.0771 5836	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:42:33.0833 5836	PNRPAutoReg - ok
18:42:33.0911 5836	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:42:33.0974 5836	PNRPsvc - ok
18:42:34.0036 5836	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
18:42:34.0176 5836	PolicyAgent - ok
18:42:34.0239 5836	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
18:42:34.0348 5836	Power - ok
18:42:34.0457 5836	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:42:34.0582 5836	PptpMiniport - ok
18:42:34.0613 5836	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
18:42:34.0676 5836	Processor - ok
18:42:34.0769 5836	ProfSvc         (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
18:42:34.0878 5836	ProfSvc - ok
18:42:34.0910 5836	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:42:34.0956 5836	ProtectedStorage - ok
18:42:35.0003 5836	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:42:35.0144 5836	Psched - ok
18:42:35.0424 5836	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
18:42:35.0534 5836	ql2300 - ok
18:42:35.0690 5836	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
18:42:35.0721 5836	ql40xx - ok
18:42:35.0783 5836	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:42:35.0861 5836	QWAVE - ok
18:42:35.0892 5836	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:42:35.0955 5836	QWAVEdrv - ok
18:42:35.0970 5836	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:42:36.0064 5836	RasAcd - ok
18:42:36.0111 5836	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:42:36.0189 5836	RasAgileVpn - ok
18:42:36.0236 5836	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:42:36.0345 5836	RasAuto - ok
18:42:36.0376 5836	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:42:36.0501 5836	Rasl2tp - ok
18:42:36.0704 5836	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
18:42:36.0782 5836	RasMan - ok
18:42:36.0828 5836	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:42:36.0906 5836	RasPppoe - ok
18:42:36.0938 5836	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:42:37.0016 5836	RasSstp - ok
18:42:37.0078 5836	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:42:37.0172 5836	rdbss - ok
18:42:37.0187 5836	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
18:42:37.0234 5836	rdpbus - ok
18:42:37.0281 5836	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:42:37.0359 5836	RDPCDD - ok
18:42:37.0421 5836	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:42:37.0499 5836	RDPENCDD - ok
18:42:37.0515 5836	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:42:37.0608 5836	RDPREFMP - ok
18:42:37.0671 5836	RDPWD           (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
18:42:37.0764 5836	RDPWD - ok
18:42:38.0061 5836	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:42:38.0170 5836	rdyboost - ok
18:42:38.0310 5836	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:42:38.0451 5836	RemoteAccess - ok
18:42:38.0654 5836	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:42:38.0778 5836	RemoteRegistry - ok
18:42:38.0888 5836	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:42:39.0012 5836	RpcEptMapper - ok
18:42:39.0106 5836	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:42:39.0153 5836	RpcLocator - ok
18:42:40.0089 5836	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:42:40.0292 5836	RpcSs - ok
18:42:40.0713 5836	RSPCIESTOR      (5aff9074165f855b790d3a576b6b453b) C:\Windows\system32\DRIVERS\RtsPStor.sys
18:42:40.0791 5836	RSPCIESTOR - ok
18:42:40.0962 5836	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:42:41.0103 5836	rspndr - ok
18:42:41.0742 5836	RS_Service      (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files\Acer\Acer VCM\RS_Service.exe
18:42:41.0852 5836	RS_Service - ok
18:42:42.0179 5836	RTL8167         (f83feaf4c5a3a559a6cc98e112b62744) C:\Windows\system32\DRIVERS\Rt86win7.sys
18:42:42.0288 5836	RTL8167 - ok
18:42:42.0335 5836	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:42:42.0382 5836	SamSs - ok
18:42:42.0538 5836	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:42:42.0600 5836	sbp2port - ok
18:42:42.0866 5836	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:42:42.0990 5836	SCardSvr - ok
18:42:43.0100 5836	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:42:43.0256 5836	scfilter - ok
18:42:43.0614 5836	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
18:42:43.0739 5836	Schedule - ok
18:42:43.0802 5836	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:42:43.0864 5836	SCPolicySvc - ok
18:42:44.0082 5836	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
18:42:44.0176 5836	SDRSVC - ok
18:42:44.0504 5836	SeaPort         (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
18:42:44.0566 5836	SeaPort - ok
18:42:44.0862 5836	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:42:44.0972 5836	secdrv - ok
18:42:45.0050 5836	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:42:45.0159 5836	seclogon - ok
18:42:45.0190 5836	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
18:42:45.0284 5836	SENS - ok
18:42:45.0330 5836	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
18:42:45.0362 5836	Serenum - ok
18:42:45.0408 5836	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
18:42:45.0455 5836	Serial - ok
18:42:45.0471 5836	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
18:42:45.0518 5836	sermouse - ok
18:42:45.0580 5836	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
18:42:45.0689 5836	SessionEnv - ok
18:42:45.0705 5836	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:42:45.0752 5836	sffdisk - ok
18:42:45.0752 5836	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:42:45.0798 5836	sffp_mmc - ok
18:42:45.0814 5836	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:42:45.0923 5836	sffp_sd - ok
18:42:45.0923 5836	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
18:42:45.0986 5836	sfloppy - ok
18:42:46.0204 5836	Sftfs           (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys
18:42:46.0298 5836	Sftfs - ok
18:42:46.0984 5836	sftlist         (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
18:42:47.0078 5836	sftlist - ok
18:42:47.0499 5836	Sftplay         (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:42:47.0561 5836	Sftplay - ok
18:42:47.0717 5836	Sftredir        (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:42:47.0764 5836	Sftredir - ok
18:42:47.0889 5836	Sftvol          (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys
18:42:47.0951 5836	Sftvol - ok
18:42:48.0419 5836	sftvsa          (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
18:42:48.0466 5836	sftvsa - ok
18:42:48.0981 5836	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
18:42:49.0215 5836	ShellHWDetection - ok
18:42:49.0371 5836	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:42:49.0433 5836	sisagp - ok
18:42:49.0511 5836	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
18:42:49.0558 5836	SiSRaid2 - ok
18:42:49.0714 5836	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
18:42:49.0776 5836	SiSRaid4 - ok
18:42:50.0244 5836	SkypeUpdate     (f07af60b152221472fbdb2fecec4896d) C:\Program Files\Skype\Updater\Updater.exe
18:42:50.0307 5836	SkypeUpdate - ok
18:42:50.0478 5836	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:42:50.0650 5836	Smb - ok
18:42:50.0744 5836	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:42:50.0822 5836	SNMPTRAP - ok
18:42:50.0853 5836	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:42:50.0900 5836	spldr - ok
18:42:51.0570 5836	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
18:42:51.0742 5836	Spooler - ok
18:42:56.0251 5836	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
18:42:56.0719 5836	sppsvc - ok
18:42:57.0998 5836	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
18:42:58.0138 5836	sppuinotify - ok
18:42:58.0965 5836	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:42:59.0105 5836	srv - ok
18:42:59.0683 5836	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:42:59.0761 5836	srv2 - ok
18:42:59.0932 5836	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:43:00.0057 5836	srvnet - ok
18:43:00.0478 5836	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:43:00.0619 5836	SSDPSRV - ok
18:43:00.0821 5836	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:43:01.0009 5836	SstpSvc - ok
18:43:01.0133 5836	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
18:43:01.0180 5836	stexstor - ok
18:43:02.0007 5836	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
18:43:02.0116 5836	StiSvc - ok
18:43:02.0163 5836	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:43:02.0210 5836	swenum - ok
18:43:02.0397 5836	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:43:02.0522 5836	swprv - ok
18:43:02.0849 5836	SynTP           (31b6b2d25fcff1b71ae225000d656cd0) C:\Windows\system32\DRIVERS\SynTP.sys
18:43:02.0943 5836	SynTP - ok
18:43:04.0519 5836	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
18:43:04.0706 5836	SysMain - ok
18:43:04.0862 5836	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
18:43:04.0971 5836	TabletInputService - ok
18:43:05.0595 5836	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
18:43:05.0704 5836	TapiSrv - ok
18:43:05.0798 5836	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:43:05.0985 5836	TBS - ok
18:43:08.0387 5836	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
18:43:08.0559 5836	Tcpip - ok
18:43:08.0653 5836	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
18:43:08.0746 5836	TCPIP6 - ok
18:43:08.0918 5836	tcpipBM         (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys
18:43:08.0965 5836	tcpipBM ( UnsignedFile.Multi.Generic ) - warning
18:43:08.0965 5836	tcpipBM - detected UnsignedFile.Multi.Generic (1)
18:43:09.0058 5836	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:43:09.0214 5836	tcpipreg - ok
18:43:09.0261 5836	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:43:09.0355 5836	TDPIPE - ok
18:43:09.0448 5836	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
18:43:09.0511 5836	TDTCP - ok
18:43:09.0745 5836	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:43:09.0885 5836	tdx - ok
18:43:09.0932 5836	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:43:10.0041 5836	TermDD - ok
18:43:11.0024 5836	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
18:43:11.0164 5836	TermService - ok
18:43:11.0258 5836	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:43:11.0383 5836	Themes - ok
18:43:11.0492 5836	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:43:11.0601 5836	THREADORDER - ok
18:43:11.0851 5836	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:43:11.0991 5836	TrkWks - ok
18:43:12.0412 5836	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
18:43:12.0615 5836	TrustedInstaller - ok
18:43:12.0693 5836	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:43:12.0818 5836	tssecsrv - ok
18:43:12.0943 5836	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:43:13.0161 5836	TsUsbFlt - ok
18:43:13.0223 5836	TsUsbGD         (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
18:43:13.0333 5836	TsUsbGD - ok
18:43:13.0567 5836	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:43:13.0707 5836	tunnel - ok
18:43:13.0863 5836	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
18:43:13.0941 5836	uagp35 - ok
18:43:14.0331 5836	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:43:14.0487 5836	udfs - ok
18:43:14.0549 5836	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:43:14.0627 5836	UI0Detect - ok
18:43:14.0768 5836	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:43:14.0861 5836	uliagpkx - ok
18:43:15.0017 5836	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
18:43:15.0080 5836	umbus - ok
18:43:15.0142 5836	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
18:43:15.0283 5836	UmPass - ok
18:43:15.0751 5836	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:43:15.0907 5836	upnphost - ok
18:43:16.0094 5836	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:43:16.0203 5836	usbccgp - ok
18:43:16.0421 5836	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:43:16.0484 5836	usbcir - ok
18:43:16.0577 5836	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
18:43:16.0655 5836	usbehci - ok
18:43:17.0077 5836	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:43:17.0170 5836	usbhub - ok
18:43:17.0217 5836	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:43:17.0326 5836	usbohci - ok
18:43:17.0420 5836	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:43:17.0529 5836	usbprint - ok
18:43:17.0654 5836	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:43:17.0810 5836	usbscan - ok
18:43:18.0059 5836	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:43:18.0200 5836	USBSTOR - ok
18:43:18.0293 5836	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
18:43:18.0371 5836	usbuhci - ok
18:43:18.0637 5836	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
18:43:18.0730 5836	usbvideo - ok
18:43:18.0808 5836	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:43:18.0964 5836	UxSms - ok
18:43:19.0370 5836	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:43:19.0463 5836	VaultSvc - ok
18:43:19.0557 5836	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:43:19.0604 5836	vdrvroot - ok
18:43:20.0540 5836	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
18:43:20.0789 5836	vds - ok
18:43:20.0945 5836	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:43:21.0055 5836	vga - ok
18:43:21.0101 5836	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:43:21.0195 5836	VgaSave - ok
18:43:21.0413 5836	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:43:21.0491 5836	vhdmp - ok
18:43:21.0663 5836	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:43:21.0710 5836	viaagp - ok
18:43:21.0835 5836	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
18:43:21.0913 5836	ViaC7 - ok
18:43:21.0959 5836	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:43:21.0991 5836	viaide - ok
18:43:22.0318 5836	VMCService      (c6e18c3b43378ae3fcecdff0f0bb7be7) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
18:43:22.0349 5836	VMCService ( UnsignedFile.Multi.Generic ) - warning
18:43:22.0349 5836	VMCService - detected UnsignedFile.Multi.Generic (1)
18:43:22.0474 5836	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:43:22.0537 5836	volmgr - ok
18:43:22.0927 5836	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:43:23.0005 5836	volmgrx - ok
18:43:23.0176 5836	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:43:23.0239 5836	volsnap - ok
18:43:23.0441 5836	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
18:43:23.0535 5836	vsmraid - ok
18:43:24.0424 5836	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
18:43:24.0611 5836	VSS - ok
18:43:24.0658 5836	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
18:43:24.0736 5836	vwifibus - ok
18:43:24.0799 5836	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
18:43:24.0877 5836	vwififlt - ok
18:43:24.0923 5836	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
18:43:24.0986 5836	vwifimp - ok
18:43:25.0469 5836	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:43:25.0610 5836	W32Time - ok
18:43:25.0672 5836	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
18:43:25.0735 5836	WacomPen - ok
18:43:25.0875 5836	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:43:25.0984 5836	WANARP - ok
18:43:26.0000 5836	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:43:26.0062 5836	Wanarpv6 - ok
18:43:27.0419 5836	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
18:43:27.0622 5836	wbengine - ok
18:43:27.0965 5836	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:43:28.0059 5836	WbioSrvc - ok
18:43:28.0231 5836	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
18:43:28.0355 5836	wcncsvc - ok
18:43:28.0402 5836	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:43:28.0496 5836	WcsPlugInService - ok
18:43:28.0589 5836	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
18:43:28.0636 5836	Wd - ok
18:43:28.0761 5836	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:43:28.0839 5836	Wdf01000 - ok
18:43:28.0917 5836	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:43:29.0089 5836	WdiServiceHost - ok
18:43:29.0089 5836	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:43:29.0151 5836	WdiSystemHost - ok
18:43:29.0198 5836	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
18:43:29.0338 5836	WebClient - ok
18:43:29.0416 5836	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:43:29.0541 5836	Wecsvc - ok
18:43:29.0603 5836	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:43:29.0697 5836	wercplsupport - ok
18:43:29.0759 5836	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:43:29.0869 5836	WerSvc - ok
18:43:29.0915 5836	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:43:29.0993 5836	WfpLwf - ok
18:43:30.0040 5836	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:43:30.0087 5836	WIMMount - ok
18:43:30.0103 5836	WinHttpAutoProxySvc - ok
18:43:30.0181 5836	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:43:30.0274 5836	Winmgmt - ok
18:43:30.0524 5836	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
18:43:30.0695 5836	WinRM - ok
18:43:30.0836 5836	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:43:30.0945 5836	Wlansvc - ok
18:43:31.0023 5836	wlcrasvc        (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:43:31.0085 5836	wlcrasvc - ok
18:43:31.0382 5836	wlidsvc         (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:43:31.0522 5836	wlidsvc - ok
18:43:31.0709 5836	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:43:31.0772 5836	WmiAcpi - ok
18:43:31.0850 5836	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:43:31.0912 5836	wmiApSrv - ok
18:43:32.0115 5836	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:43:32.0240 5836	WMPNetworkSvc - ok
18:43:32.0271 5836	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:43:32.0365 5836	WPCSvc - ok
18:43:32.0396 5836	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
18:43:32.0505 5836	WPDBusEnum - ok
18:43:32.0583 5836	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:43:32.0692 5836	ws2ifsl - ok
18:43:32.0708 5836	WSearch - ok
18:43:33.0035 5836	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
18:43:33.0223 5836	wuauserv - ok
18:43:33.0410 5836	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:43:33.0535 5836	WudfPf - ok
18:43:33.0644 5836	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:43:33.0769 5836	WUDFRd - ok
18:43:33.0815 5836	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
18:43:33.0893 5836	wudfsvc - ok
18:43:33.0940 5836	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:43:34.0018 5836	WwanSvc - ok
18:43:34.0065 5836	ZTEusbmdm6k     (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
18:43:34.0174 5836	ZTEusbmdm6k - ok
18:43:34.0205 5836	ZTEusbnet       (9862f9d2ff50ae748ed42c022e6aac15) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
18:43:34.0283 5836	ZTEusbnet - ok
18:43:34.0346 5836	ZTEusbnmea      (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
18:43:34.0424 5836	ZTEusbnmea - ok
18:43:34.0455 5836	ZTEusbser6k     (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
18:43:34.0486 5836	ZTEusbser6k - ok
18:43:34.0533 5836	ZTEusbvoice     (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
18:43:34.0580 5836	ZTEusbvoice - ok
18:43:34.0642 5836	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:43:35.0375 5836	\Device\Harddisk0\DR0 - ok
18:43:35.0422 5836	Boot (0x1200)   (4cd22799a923ffefc3d7c95ae08ecdf4) \Device\Harddisk0\DR0\Partition0
18:43:35.0438 5836	\Device\Harddisk0\DR0\Partition0 - ok
18:43:35.0438 5836	Boot (0x1200)   (1e485afa70749bcc56f5f144e122ba25) \Device\Harddisk0\DR0\Partition1
18:43:35.0453 5836	\Device\Harddisk0\DR0\Partition1 - ok
18:43:35.0485 5836	Boot (0x1200)   (3625be68ae0e0ef438b340bf7618191b) \Device\Harddisk0\DR0\Partition2
18:43:35.0485 5836	\Device\Harddisk0\DR0\Partition2 - ok
18:43:35.0485 5836	============================================================
18:43:35.0485 5836	Scan finished
18:43:35.0485 5836	============================================================
18:43:35.0516 2752	Detected object count: 4
18:43:35.0516 2752	Actual detected object count: 4
18:44:37.0495 2752	BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:37.0495 2752	BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:44:37.0495 2752	IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:37.0495 2752	IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:44:37.0510 2752	tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:37.0510 2752	tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:44:37.0510 2752	VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
18:44:37.0510 2752	VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip

viele grüsse
uli

cosinus · 05.08.2012, 18:27

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

uli_lu · 05.08.2012, 19:58

Hallo Arne,

leider habe ich es nicht geschafft die F-Secure Prozesse zu stoppen.
Anscheinend ist CF trotzdem gut durchgelaufen. Aber auch erfolgreich ?

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 12-08-05.02 - Uli 05.08.2012  20:17:11.1.4 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1012.441 [GMT 2:00]
ausgeführt von:: c:\users\Uli\Downloads\ComboFix.exe
AV: M-net Sicherheitspaket 9.12 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: M-net Sicherheitspaket 9.12 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: M-net Sicherheitspaket 9.12 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Uli\1031.MST
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-05 bis 2012-08-05  ))))))))))))))))))))))))))))))
.
.
2012-08-05 18:30 . 2012-08-05 18:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-05 14:15 . 2012-08-05 14:15	--------	d-----w-	C:\_OTL
2012-08-02 19:40 . 2012-08-02 19:40	--------	d-----w-	c:\users\Uli_Normal
2012-07-31 19:19 . 2012-07-31 19:19	--------	d-----w-	c:\program files\ESET
2012-07-29 09:33 . 2012-07-29 09:33	--------	d-----w-	c:\users\Uli\AppData\Local\Power2Go
2012-07-29 09:31 . 2012-07-29 09:31	--------	d-----w-	c:\users\Public\CyberLink
2012-07-29 09:22 . 2012-07-29 09:23	--------	d-----w-	c:\program files\Cyberlink
2012-07-26 20:16 . 2012-07-26 20:16	--------	d-----w-	c:\users\Uli\AppData\Roaming\Malwarebytes
2012-07-26 20:15 . 2012-07-26 20:15	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-26 20:15 . 2012-07-26 20:15	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-07-26 20:15 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-26 19:47 . 2012-07-26 19:47	--------	d-----w-	c:\program files\7-Zip
2012-07-25 20:03 . 2012-07-25 20:05	--------	d-----w-	c:\programdata\6C82D128000117EA0055131AF875F020
2012-07-24 18:22 . 2012-06-29 08:44	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A46DFE73-31EA-4E73-91EF-5F58496A8EF3}\mpengine.dll
2012-07-19 20:52 . 2012-07-19 20:52	--------	d-----w-	c:\users\Uli\AppData\Local\webkit
2012-07-14 21:18 . 2012-08-03 18:33	--------	d--h--w-	c:\users\Uli\.gimp-2.6
2012-07-14 21:18 . 2012-07-14 21:18	--------	d-----w-	c:\users\Uli\AppData\Local\gegl-0.1
2012-07-14 21:12 . 2012-07-14 21:17	--------	d-----w-	c:\program files\GIMP 2
2012-07-14 08:02 . 2012-06-12 02:40	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-07-13 21:02 . 2012-07-13 21:02	--------	d-----w-	c:\users\Uli\AppData\Roaming\Nvu
2012-07-13 21:01 . 2012-07-13 21:02	--------	d-----w-	c:\program files\Nvu
2012-07-11 17:20 . 2012-06-02 04:45	134000	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 17:20 . 2012-06-02 04:40	369336	----a-w-	c:\windows\system32\drivers\cng.sys
2012-07-11 17:20 . 2012-06-02 04:39	219136	----a-w-	c:\windows\system32\ncrypt.dll
2012-07-11 17:20 . 2012-06-02 04:40	225280	----a-w-	c:\windows\system32\schannel.dll
2012-07-11 17:20 . 2012-06-02 04:45	67440	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-11 17:20 . 2012-06-06 05:05	1390080	----a-w-	c:\windows\system32\msxml6.dll
2012-07-11 17:20 . 2012-06-06 05:05	1236992	----a-w-	c:\windows\system32\msxml3.dll
2012-07-11 17:20 . 2010-06-26 03:24	2048	----a-w-	c:\windows\system32\msxml3r.dll
2012-07-11 17:19 . 2012-06-06 05:05	1019904	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 17:19 . 2012-06-06 05:03	805376	----a-w-	c:\windows\system32\cdosys.dll
2012-07-11 17:19 . 2012-06-06 05:05	352256	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 17:19 . 2012-06-06 05:05	57344	----a-w-	c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 17:19 . 2012-06-06 05:05	212992	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 17:19 . 2012-06-06 05:05	143360	----a-w-	c:\program files\Common Files\System\ado\msjro.dll
2012-07-11 17:19 . 2012-06-06 05:05	372736	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 10:50 . 2012-04-15 14:46	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-08-04 10:50 . 2011-09-10 09:03	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-22 17:59	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 17:59	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 17:59	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 17:59	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 17:59	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 17:59	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 17:59	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 17:58	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 17:58	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2011-09-09 19:41	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-05-09 12:13 . 2011-11-02 12:38	44184	----a-w-	c:\windows\system32\drivers\fsbts.sys
2012-07-20 20:53 . 2012-07-04 20:24	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMUSBFernanschluss"="c:\users\Uli\AppData\Local\Apps\2.0\CVTD8EZQ.5NJ\7265Z7MK.03Y\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2012-02-22 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-11 10025576]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 966488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 150552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2011-03-14 1081424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-22 715368]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2011-05-10 408128]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2011-05-10 508992]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2011-05-10 492096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"F-Secure Manager"="c:\program files\M-net\Sicherheitspaket\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="c:\program files\M-net\Sicherheitspaket\FSGUI\TNBUtil.exe" [2011-11-02 1655464]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-04-20 2327552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"CLMLServer"="c:\program files\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
c:\users\Uli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2011-5-12 704104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys [x]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys [x]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe [x]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 10:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
LSP: c:\program files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL
LSP: bmnet.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Uli\AppData\Roaming\Mozilla\Firefox\Profiles\v45njmym.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Power2GoExpress - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\bmnet.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Launch Manager\LMutilps32.exe
c:\program files\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe
c:\program files\M-net\Sicherheitspaket\Common\FSMA32.EXE
c:\program files\M-net\Sicherheitspaket\Anti-Virus\FSGK32.EXE
c:\program files\M-net\Sicherheitspaket\Common\FSHDLL32.EXE
c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\M-net\Sicherheitspaket\FWES\Program\fsdfwd.exe
c:\program files\M-net\Sicherheitspaket\Anti-Virus\fssm32.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\igfxext.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
c:\program files\M-net\Sicherheitspaket\Anti-Virus\fsav32.exe
c:\program files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-05  20:40:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-05 18:40
.
Vor Suchlauf: 7 Verzeichnis(se), 190.155.829.248 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 189.827.768.320 Bytes frei
.
- - End Of File - - AD86A8C49AAA0866E55D4FA526C5BA95
         
 --- --- ---

Viele Grüsse
Uli

cosinus · 06.08.2012, 09:47

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

uli_lu · 06.08.2012, 11:11

Hallo Arne,

vielen Dank für die prompten Antworten.
Kann ich das ganze im abgesicherten Modus laufen lassen ?
Da startet der Virenscanner nämlich nicht; ich weiss nämlich nicht wie
ich den F-Secure komplett deaktivieren kann; habe das gestern schon vergeblich versucht.
Oder ist F-Secure ein Dienst, den ich in Verwaltung suchen und dort stoppen muss?

viele grüsse
Uli

cosinus · 06.08.2012, 12:42

Mienetwegen kannst es auch im abgesicherten Modus mit Netzwerktreibern machen

uli_lu · 06.08.2012, 21:37

Hallo Arne,

anbei die Logfiles von GMER, OSAM und aswMBR:

Code:

ATTFilter

GMER Logfile:

	Code: 

 ATTFilter

  
	GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-06 14:46:47
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST250LT0 rev.0001
Running: bc9mbgbk.exe; Driver: C:\Users\Uli\AppData\Local\Temp\kfldapow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D  81E8D3C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2    81EC6D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0   Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1   Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000053         halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
 --- --- ---

Code:

ATTFilter

OSAM Logfile:

	Code: 

 ATTFilter

  
	Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:58:15 on 06.08.2012

OS: Windows 7 Starter Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys
"Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys
"catchme" (catchme) - ? - C:\Users\Uli\AppData\Local\Temp\catchme.sys  (File not found)
"F-Secure Email Scanning Driver" (FSES) - "F-Secure Corporation" - C:\Windows\System32\drivers\fses.sys
"F-Secure Firewall Driver" (FSFW) - "F-Secure Corporation" - C:\Windows\System32\drivers\fsdfw.sys
"F-Secure Gatekeeper" (F-Secure Gatekeeper) - "F-Secure Corporation" - C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys
"F-Secure HIPS Driver" (F-Secure HIPS) - "F-Secure Corporation" - C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys
"F-Secure Vista Support Driver" (fsvista) - "F-Secure Corporation" - C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys
"fsbts" (fsbts) - "F-Secure Corporation" - C:\Windows\System32\Drivers\fsbts.sys
"kfldapow" (kfldapow) - ? - C:\Users\Uli\AppData\Local\Temp\kfldapow.sys  (Hidden registry entry, rootkit activity | File not found)
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
{265EEE8E-3228-44D3-AEA5-F7FDF5860049} "Browsing Protection Toolbar" - "F-Secure Corporation" - C:\Program Files\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
{C6867EB7-8350-4856-877F-93CF8AE3DC9C} "Browsing Protection Class" - "F-Secure Corporation" - C:\Program Files\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{27B4851A-3207-45A2-B947-BE8AFE6163AB} "McAfee Phishing Filter" - ? - c:\progra~1\mcafee\msk\mskapbho.dll  (File not found)
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Uli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Acer VCM.lnk" - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\AcerVCM.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AVMUSBFernanschluss" - "AVM Berlin" - "C:\Users\Uli\AppData\Local\Apps\2.0\CVTD8EZQ.5NJ\7265Z7MK.03Y\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AndroidManager" - ? - C:\Program Files\Acer\Android Manager\AML.exe
"CLMLServer" - "CyberLink" - "C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe"
"EgisTecPMMUpdate" - "Egis Technology Inc." - "C:\Program Files\EgisTec IPS\PmmUpdate.exe"
"EgisUpdate" - "Egis Technology Inc." - "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d
"F-Secure Manager" - "F-Secure Corporation" - "C:\Program Files\M-net\Sicherheitspaket\Common\FSM32.EXE" /splash
"F-Secure TNB" - "F-Secure Corporation" - "C:\Program Files\M-net\Sicherheitspaket\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
"IAStorIcon" - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"iPatchData" - "Insyde Software Corp." - C:\Program Files\Acer\Updater\iUpdate.exe
"iSyncData" - "Insyde Software Corp." - C:\Program Files\Acer\Android Manager\iSync.exe
"LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe
"MobileConnect" - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
"Norton Online Backup" - "Symantec Corporation" - C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
"Power Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
"SuiteTray" - "Egis Technology Inc." - "C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"UpdateP2GoShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"Dritek WMI Service" (DsiWMIService) - "Dritek System Inc." - C:\Program Files\Launch Manager\dsiwmis.exe
"EgisTec Ticket Service" (EgisTec Ticket Service) - "Egis Technology Inc. " - C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe
"F-Secure Anti-Virus Firewall Daemon" (FSDFWD) - "F-Secure Corporation" - C:\Program Files\M-net\Sicherheitspaket\FWES\Program\fsdfwd.exe
"F-Secure Management Agent" (FSMA) - "F-Secure Corporation" - C:\Program Files\M-net\Sicherheitspaket\Common\FSMA32.EXE
"F-Secure ORSP Client" (FSORSPClient) - "F-Secure Corporation" - C:\Program Files\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe
"FSGKHS" (F-Secure Gatekeeper Handler Starter) - "F-Secure Corporation" - C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe
"GREGService" (GREGService) - "Acer Incorporated" - C:\Program Files\Acer\Registration\GREGsvc.exe
"IconMan_R" (IconMan_R) - "Realsil Microelectronics Inc." - C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"Live Updater Service" (Live Updater Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Norton Online Backup" (NOBU) - "Symantec Corporation" - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\RS_Service.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\Windows\System32\Acer.scr

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"BMI over [MSAFD-Tcpip [RAW/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll
"BMI over [MSAFD-Tcpip [TCP/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll
"BMI over [MSAFD-Tcpip [UDP/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll
"F-Secure Protocol Scanner" - "F-Secure Corporation" - C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
         
 --- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-06 14:59:46
-----------------------------
14:59:46.335    OS Version: Windows 6.1.7601 Service Pack 1
14:59:46.335    Number of processors: 4 586 0x1C0A
14:59:46.335    ComputerName: ULI-PC  UserName: Uli
14:59:48.036    Initialize success
15:01:49.872    AVAST engine defs: 12080600
15:02:01.650    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:02:01.650    Disk 0 Vendor: ST250LT0 0001 Size: 238475MB BusType: 3
15:02:01.821    Disk 0 MBR read successfully
15:02:01.821    Disk 0 MBR scan
15:02:01.946    Disk 0 Windows 7 default MBR code
15:02:02.024    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13312 MB offset 2048
15:02:02.102    Disk 0 Partition 2 00     0C    FAT32 LBA MSDOS5.0     4199 MB offset 27265024
15:02:02.180    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 35864576
15:02:02.211    Disk 0 Partition - 00     0F Extended LBA            220862 MB offset 36069376
15:02:02.274    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       220861 MB offset 36071424
15:02:02.321    Disk 0 scanning sectors +488394752
15:02:02.835    Disk 0 scanning C:\Windows\system32\drivers
15:03:16.904    Service scanning
15:03:53.300    Modules scanning
15:05:01.847    Disk 0 trace - called modules:
15:05:01.940    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 
15:05:01.956    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84b9dac8]
15:05:01.987    3 CLASSPNP.SYS[86dcb59e] -> nt!IofCallDriver -> [0x84447e90]
15:05:02.018    5 ACPI.sys[866913d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8444a028]
15:05:03.766    AVAST engine scan C:\Windows
15:05:59.723    Disk 0 MBR has been saved successfully to "C:\Users\Uli\Desktop\MBR.dat"
15:05:59.770    The log file has been saved successfully to "C:\Users\Uli\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-06 14:59:46
-----------------------------
14:59:46.335    OS Version: Windows 6.1.7601 Service Pack 1
14:59:46.335    Number of processors: 4 586 0x1C0A
14:59:46.335    ComputerName: ULI-PC  UserName: Uli
14:59:48.036    Initialize success
15:01:49.872    AVAST engine defs: 12080600
15:02:01.650    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:02:01.650    Disk 0 Vendor: ST250LT0 0001 Size: 238475MB BusType: 3
15:02:01.821    Disk 0 MBR read successfully
15:02:01.821    Disk 0 MBR scan
15:02:01.946    Disk 0 Windows 7 default MBR code
15:02:02.024    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13312 MB offset 2048
15:02:02.102    Disk 0 Partition 2 00     0C    FAT32 LBA MSDOS5.0     4199 MB offset 27265024
15:02:02.180    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 35864576
15:02:02.211    Disk 0 Partition - 00     0F Extended LBA            220862 MB offset 36069376
15:02:02.274    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       220861 MB offset 36071424
15:02:02.321    Disk 0 scanning sectors +488394752
15:02:02.835    Disk 0 scanning C:\Windows\system32\drivers
15:03:16.904    Service scanning
15:03:53.300    Modules scanning
15:05:01.847    Disk 0 trace - called modules:
15:05:01.940    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 
15:05:01.956    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84b9dac8]
15:05:01.987    3 CLASSPNP.SYS[86dcb59e] -> nt!IofCallDriver -> [0x84447e90]
15:05:02.018    5 ACPI.sys[866913d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8444a028]
15:05:03.766    AVAST engine scan C:\Windows
15:05:59.723    Disk 0 MBR has been saved successfully to "C:\Users\Uli\Desktop\MBR.dat"
15:05:59.770    The log file has been saved successfully to "C:\Users\Uli\Desktop\aswMBR.txt"
15:06:16.789    AVAST engine scan C:\Windows\system32
15:28:02.778    AVAST engine scan C:\Windows\system32\drivers
15:31:56.404    AVAST engine scan C:\Users\Uli
15:50:23.547    AVAST engine scan C:\ProgramData
15:59:59.143    Scan finished successfully
19:18:57.621    Disk 0 MBR has been saved successfully to "C:\Users\Uli\Desktop\MBR.dat"
19:18:57.652    The log file has been saved successfully to "C:\Users\Uli\Desktop\aswMBR.txt"

Viele Grüsse
Uli

cosinus · 07.08.2012, 20:58

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

uli_lu · 09.08.2012, 00:25

Hi

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.08.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Uli :: ULI-PC [Administrator]

08.08.2012 20:04:48
mbam-log-2012-08-08 (20-04-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 313200
Laufzeit: 1 Stunde(n), 28 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/09/2012 at 01:17 AM

Application Version : 5.5.1012

Core Rules Database Version : 9030
Trace Rules Database Version: 6842

Scan type       : Complete Scan
Total Scan Time : 02:05:00

Operating System Information
Windows 7 Starter 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 894
Memory threats detected   : 0
Registry items scanned    : 34514
Registry threats detected : 0
File items scanned        : 107630
File threats detected     : 1

Adware.Tracking Cookie
	C:\USERS\ULI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ULI@CONTENT.YIELDMANAGER[3].TXT [ /CONTENT.YIELDMANAGER ]

Viele Grüsse
Uli

cosinus · 10.08.2012, 08:42

Sieht ok aus, da nur ein Cookie gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

uli_lu · 10.08.2012, 18:03

Hallo Arne,
vielen Dank für die nützlichen Hinweise zu den Cookies.
Mein System schaut jetzt gut aus, viele vielen Dank !
Machs gut und hoffentlich muß ich nicht bald wieder um Hilfe fragen!
Viele Grüße
Uli

cosinus · 11.08.2012, 16:03

Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

uli_lu · 12.08.2012, 12:48

Hi Arne,
ich bin total glücklich !!!! Vielen vielen Dank !
Ich werde versuchen, mein System sauber zu halten, danke für die Tipps.

viele grüsse
Uli

06.08.2012, 12:42	#23
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Live Security Platinum - Wie Entfernen ? Mienetwegen kannst es auch im abgesicherten Modus mit Netzwerktreibern machen __________________ Logfiles bitte immer in CODE-Tags posten

07.08.2012, 20:58	#25
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Live Security Platinum - Wie Entfernen ? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Live Security Platinum - Wie Entfernen ?

Plagegeister aller Art und deren Bekämpfung: Live Security Platinum - Wie Entfernen ?