Live Security Trojaner

SebastianEF · 30.08.2012, 21:41

Und hier die Log nach dem Fix.

Code:

ATTFilter

22:11:30.0664 3908  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:11:32.0676 3908  ============================================================
22:11:32.0676 3908  Current date / time: 2012/08/30 22:11:32.0676
22:11:32.0676 3908  SystemInfo:
22:11:32.0676 3908  
22:11:32.0676 3908  OS Version: 6.1.7601 ServicePack: 1.0
22:11:32.0676 3908  Product type: Workstation
22:11:32.0676 3908  ComputerName: SEPP-PC
22:11:32.0676 3908  UserName: Sepp
22:11:32.0676 3908  Windows directory: C:\Windows
22:11:32.0676 3908  System windows directory: C:\Windows
22:11:32.0676 3908  Running under WOW64
22:11:32.0676 3908  Processor architecture: Intel x64
22:11:32.0676 3908  Number of processors: 6
22:11:32.0676 3908  Page size: 0x1000
22:11:32.0676 3908  Boot type: Normal boot
22:11:32.0676 3908  ============================================================
22:11:32.0676 3908  BG loaded
22:11:32.0910 3908  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:11:32.0910 3908  ============================================================
22:11:32.0910 3908  \Device\Harddisk0\DR0:
22:11:32.0988 3908  MBR partitions:
22:11:32.0988 3908  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:11:32.0988 3908  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
22:11:32.0988 3908  ============================================================
22:11:33.0269 3908  C: <-> \Device\Harddisk0\DR0\Partition2
22:11:33.0269 3908  ============================================================
22:11:33.0269 3908  Initialize success
22:11:33.0269 3908  ============================================================
22:11:45.0016 1680  ============================================================
22:11:45.0016 1680  Scan started
22:11:45.0016 1680  Mode: Manual; SigCheck; TDLFS; 
22:11:45.0016 1680  ============================================================
22:11:50.0288 1680  ================ Scan system memory ========================
22:11:50.0288 1680  System memory - ok
22:11:50.0288 1680  ================ Scan services =============================
22:11:52.0394 1680  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
22:11:52.0550 1680  1394ohci - ok
22:11:52.0597 1680  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:11:52.0613 1680  ACPI - ok
22:11:52.0675 1680  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:11:53.0237 1680  AcpiPmi - ok
22:11:53.0908 1680  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:11:53.0908 1680  AdobeARMservice - ok
22:11:55.0218 1680  [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:11:55.0374 1680  AdobeFlashPlayerUpdateSvc - ok
22:11:55.0608 1680  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:11:55.0670 1680  adp94xx - ok
22:11:55.0764 1680  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:11:55.0795 1680  adpahci - ok
22:11:55.0858 1680  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:11:55.0889 1680  adpu320 - ok
22:11:55.0951 1680  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:11:57.0012 1680  AeLookupSvc - ok
22:11:57.0199 1680  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:11:57.0262 1680  AFD - ok
22:11:57.0511 1680  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:11:57.0667 1680  agp440 - ok
22:11:57.0698 1680  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:11:57.0886 1680  ALG - ok
22:11:57.0979 1680  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:11:58.0042 1680  aliide - ok
22:11:58.0166 1680  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:11:58.0182 1680  amdide - ok
22:11:58.0291 1680  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:11:58.0354 1680  AmdK8 - ok
22:11:58.0494 1680  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:11:58.0588 1680  AmdPPM - ok
22:11:58.0634 1680  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:11:58.0650 1680  amdsata - ok
22:11:58.0744 1680  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:11:58.0744 1680  amdsbs - ok
22:11:58.0837 1680  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:11:58.0837 1680  amdxata - ok
22:11:59.0009 1680  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:12:01.0162 1680  AppID - ok
22:12:01.0224 1680  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:12:01.0349 1680  AppIDSvc - ok
22:12:01.0442 1680  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
22:12:01.0552 1680  Appinfo - ok
22:12:01.0879 1680  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:12:01.0895 1680  Apple Mobile Device - ok
22:12:01.0988 1680  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
22:12:02.0020 1680  arc - ok
22:12:02.0082 1680  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:12:02.0160 1680  arcsas - ok
22:12:02.0347 1680  [ 6FE3237C1177E66437E7AD0E8AC1A6E5 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
22:12:02.0488 1680  asmthub3 - ok
22:12:02.0706 1680  [ C4043E39A2ABBC56581CA25DF161E9F7 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
22:12:02.0831 1680  asmtxhci - ok
22:12:02.0971 1680  [ E1AFEE1584C74050DE0DD16DE2A54BF3 ] AsrAppCharger   C:\Windows\system32\DRIVERS\AsrAppCharger.sys
22:12:02.0987 1680  AsrAppCharger - ok
22:12:03.0096 1680  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:12:03.0158 1680  AsyncMac - ok
22:12:03.0236 1680  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:12:03.0252 1680  atapi - ok
22:12:03.0392 1680  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:12:03.0470 1680  AudioEndpointBuilder - ok
22:12:03.0548 1680  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:12:03.0564 1680  AudioSrv - ok
22:12:03.0704 1680  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:12:03.0751 1680  AxInstSV - ok
22:12:03.0798 1680  AxtuDrv - ok
22:12:03.0892 1680  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:12:03.0938 1680  b06bdrv - ok
22:12:04.0016 1680  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:12:04.0079 1680  b57nd60a - ok
22:12:04.0157 1680  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:12:04.0204 1680  BDESVC - ok
22:12:04.0266 1680  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:12:04.0297 1680  Beep - ok
22:12:04.0360 1680  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:12:04.0375 1680  blbdrive - ok
22:12:04.0640 1680  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:12:04.0656 1680  Bonjour Service - ok
22:12:04.0718 1680  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:12:04.0781 1680  bowser - ok
22:12:04.0859 1680  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:12:04.0937 1680  BrFiltLo - ok
22:12:04.0952 1680  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:12:05.0046 1680  BrFiltUp - ok
22:12:05.0108 1680  [ 8EF0D5C41EC907751B8429162B1239ED ] Browser         C:\Windows\System32\browser.dll
22:12:05.0233 1680  Browser - ok
22:12:05.0405 1680  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:12:05.0576 1680  Brserid - ok
22:12:05.0654 1680  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:12:06.0622 1680  BrSerWdm - ok
22:12:06.0637 1680  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:12:06.0700 1680  BrUsbMdm - ok
22:12:06.0809 1680  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:12:06.0902 1680  BrUsbSer - ok
22:12:06.0949 1680  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:12:07.0137 1680  BTHMODEM - ok
22:12:07.0183 1680  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:12:07.0277 1680  bthserv - ok
22:12:07.0371 1680  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:12:07.0495 1680  cdfs - ok
22:12:07.0698 1680  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:12:07.0714 1680  cdrom - ok
22:12:07.0776 1680  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:12:07.0885 1680  CertPropSvc - ok
22:12:07.0948 1680  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
22:12:08.0026 1680  circlass - ok
22:12:08.0182 1680  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:12:08.0197 1680  CLFS - ok
22:12:08.0478 1680  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:12:08.0494 1680  clr_optimization_v2.0.50727_32 - ok
22:12:08.0650 1680  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:12:08.0759 1680  clr_optimization_v2.0.50727_64 - ok
22:12:08.0915 1680  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:12:09.0399 1680  clr_optimization_v4.0.30319_32 - ok
22:12:09.0945 1680  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:12:09.0960 1680  clr_optimization_v4.0.30319_64 - ok
22:12:10.0007 1680  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
22:12:10.0194 1680  CmBatt - ok
22:12:10.0210 1680  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:12:10.0397 1680  cmdide - ok
22:12:10.0537 1680  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
22:12:10.0553 1680  CNG - ok
22:12:10.0709 1680  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:12:10.0725 1680  Compbatt - ok
22:12:10.0834 1680  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:12:10.0849 1680  CompositeBus - ok
22:12:10.0881 1680  COMSysApp - ok
22:12:11.0099 1680  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:12:11.0115 1680  crcdisk - ok
22:12:11.0208 1680  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:12:11.0302 1680  CryptSvc - ok
22:12:11.0520 1680  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:12:11.0645 1680  DcomLaunch - ok
22:12:11.0863 1680  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:12:12.0019 1680  defragsvc - ok
22:12:12.0160 1680  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:12:12.0253 1680  DfsC - ok
22:12:12.0409 1680  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:12:12.0534 1680  Dhcp - ok
22:12:12.0643 1680  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:12:13.0657 1680  discache - ok
22:12:13.0782 1680  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
22:12:13.0782 1680  Disk - ok
22:12:13.0938 1680  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:12:14.0079 1680  Dnscache - ok
22:12:14.0172 1680  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:12:14.0266 1680  dot3svc - ok
22:12:14.0344 1680  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:12:14.0406 1680  DPS - ok
22:12:14.0515 1680  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:12:14.0547 1680  drmkaud - ok
22:12:14.0718 1680  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:12:14.0734 1680  DXGKrnl - ok
22:12:14.0749 1680  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:12:14.0796 1680  EapHost - ok
22:12:15.0358 1680  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:12:15.0483 1680  ebdrv - ok
22:12:15.0545 1680  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:12:15.0607 1680  EFS - ok
22:12:15.0826 1680  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:12:15.0888 1680  ehRecvr - ok
22:12:15.0919 1680  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:12:15.0966 1680  ehSched - ok
22:12:16.0231 1680  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:12:16.0309 1680  elxstor - ok
22:12:16.0341 1680  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:12:16.0403 1680  ErrDev - ok
22:12:16.0465 1680  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:12:16.0512 1680  EventSystem - ok
22:12:16.0559 1680  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:12:16.0590 1680  exfat - ok
22:12:16.0949 1680  [ C42B0105E09B1ECE2DD75141CF64AFD6 ] F-Secure Filter C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\Win2K\FSfilter.sys
22:12:16.0996 1680  F-Secure Filter - ok
22:12:17.0230 1680  [ 169897DE484A79120AF8C201883EFDC4 ] F-Secure Gatekeeper C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys
22:12:17.0245 1680  F-Secure Gatekeeper - ok
22:12:17.0448 1680  [ 2346842F07E2AB64D1DC83A67FCCDFA1 ] F-Secure Gatekeeper Handler Starter C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\fsgk32st.exe
22:12:17.0464 1680  F-Secure Gatekeeper Handler Starter - ok
22:12:17.0760 1680  [ 0923C7370D08AA0E167F24FDEE24A333 ] F-Secure HIPS   C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\HIPS\drivers\fshs.sys
22:12:17.0760 1680  F-Secure HIPS - ok
22:12:17.0838 1680  [ 17B22D1BB6770D8A86573387345C1738 ] F-Secure Recognizer C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\Win2K\FSrec.sys
22:12:17.0932 1680  F-Secure Recognizer - ok
22:12:18.0041 1680  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:12:18.0228 1680  fastfat - ok
22:12:18.0571 1680  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:12:18.0618 1680  Fax - ok
22:12:18.0712 1680  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
22:12:18.0837 1680  fdc - ok
22:12:19.0008 1680  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:12:19.0102 1680  fdPHost - ok
22:12:19.0149 1680  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:12:19.0258 1680  FDResPub - ok
22:12:19.0351 1680  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:12:19.0351 1680  FileInfo - ok
22:12:19.0383 1680  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:12:19.0492 1680  Filetrace - ok
22:12:19.0648 1680  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:12:19.0679 1680  flpydisk - ok
22:12:19.0835 1680  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:12:19.0835 1680  FltMgr - ok
22:12:20.0100 1680  [ FE95AE537B41A7E2F4CFE353064DC4AF ] FNETTBOH_305    C:\Windows\system32\drivers\FNETTBOH_305.SYS
22:12:20.0194 1680  FNETTBOH_305 - ok
22:12:20.0381 1680  [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX        C:\Windows\system32\drivers\FNETURPX.SYS
22:12:20.0381 1680  FNETURPX - ok
22:12:20.0740 1680  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
22:12:20.0802 1680  FontCache - ok
22:12:20.0958 1680  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:12:21.0067 1680  FontCache3.0.0.0 - ok
22:12:21.0379 1680  [ F59F2C574AA5D84477EB89F87C938F16 ] fsbts           C:\Windows\system32\Drivers\fsbts.sys
22:12:21.0691 1680  fsbts - ok
22:12:21.0754 1680  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:12:21.0925 1680  FsDepends - ok
22:12:22.0425 1680  [ D40A0EE11B934E0472AB8A4BBF46D6D8 ] FSDFWD          C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FWES\Program\fsdfwd.exe
22:12:22.0518 1680  FSDFWD - ok
22:12:22.0565 1680  [ 06C487127857CA7DD0BB6051D454DD90 ] FSES            C:\Windows\system32\drivers\fses.sys
22:12:22.0612 1680  FSES - ok
22:12:22.0799 1680  [ F68D7041A3A6F4707237891D476DD412 ] FSFW            C:\Windows\system32\drivers\fsdfw.sys
22:12:22.0799 1680  FSFW - ok
22:12:23.0111 1680  [ 8A556A81E9FF95BD9EB7207783E8FCF4 ] FSMA            C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSMA32.EXE
22:12:23.0127 1680  FSMA - ok
22:12:23.0220 1680  [ 42AEF6A385354ACA65FC210CE7CE4D7C ] FSORSPClient    C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\ORSP Client\fsorsp.exe
22:12:23.0220 1680  FSORSPClient - ok
22:12:23.0251 1680  [ CA7903A77FE92A11045DAB462574009F ] fsvista         C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys
22:12:23.0267 1680  fsvista - ok
22:12:23.0314 1680  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:12:23.0329 1680  Fs_Rec - ok
22:12:23.0376 1680  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:12:23.0392 1680  fvevol - ok
22:12:23.0439 1680  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:12:23.0470 1680  gagp30kx - ok
22:12:23.0610 1680  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:12:23.0829 1680  GEARAspiWDM - ok
22:12:24.0078 1680  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:12:24.0094 1680  gpsvc - ok
22:12:24.0219 1680  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:12:24.0219 1680  gupdate - ok
22:12:24.0437 1680  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:12:24.0437 1680  gupdatem - ok
22:12:24.0515 1680  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:12:24.0562 1680  hcw85cir - ok
22:12:24.0749 1680  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:12:24.0827 1680  HdAudAddService - ok
22:12:24.0889 1680  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:12:24.0967 1680  HDAudBus - ok
22:12:24.0983 1680  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:12:25.0045 1680  HidBatt - ok
22:12:25.0077 1680  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:12:25.0123 1680  HidBth - ok
22:12:25.0186 1680  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:12:25.0201 1680  HidIr - ok
22:12:25.0264 1680  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
22:12:25.0311 1680  hidserv - ok
22:12:25.0529 1680  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:12:25.0545 1680  HidUsb - ok
22:12:25.0685 1680  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:12:25.0903 1680  hkmsvc - ok
22:12:25.0981 1680  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:12:26.0059 1680  HomeGroupListener - ok
22:12:26.0153 1680  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:12:26.0247 1680  HomeGroupProvider - ok
22:12:26.0340 1680  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:12:26.0356 1680  HpSAMD - ok
22:12:26.0621 1680  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:12:26.0652 1680  HTTP - ok
22:12:26.0668 1680  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:12:26.0683 1680  hwpolicy - ok
22:12:26.0808 1680  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:12:26.0855 1680  i8042prt - ok
22:12:26.0949 1680  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:12:27.0058 1680  iaStorV - ok
22:12:27.0292 1680  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:12:27.0385 1680  idsvc - ok
22:12:27.0495 1680  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:12:27.0526 1680  iirsp - ok
22:12:27.0807 1680  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:12:27.0869 1680  IKEEXT - ok
22:12:28.0680 1680  [ C7124DA48E557D8F88D0D7F1254557F4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:12:28.0711 1680  IntcAzAudAddService - ok
22:12:28.0774 1680  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:12:28.0789 1680  intelide - ok
22:12:28.0899 1680  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
22:12:29.0023 1680  intelppm - ok
22:12:29.0101 1680  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:12:29.0148 1680  IPBusEnum - ok
22:12:29.0179 1680  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:12:29.0211 1680  IpFilterDriver - ok
22:12:29.0351 1680  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:12:29.0398 1680  IPMIDRV - ok
22:12:29.0491 1680  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:12:29.0554 1680  IPNAT - ok
22:12:29.0866 1680  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:12:29.0881 1680  iPod Service - ok
22:12:29.0928 1680  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:12:29.0975 1680  IRENUM - ok
22:12:29.0991 1680  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:12:30.0022 1680  isapnp - ok
22:12:30.0084 1680  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:12:30.0100 1680  iScsiPrt - ok
22:12:30.0131 1680  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:12:30.0147 1680  kbdclass - ok
22:12:30.0256 1680  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:12:30.0287 1680  kbdhid - ok
22:12:30.0349 1680  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:12:30.0349 1680  KeyIso - ok
22:12:30.0552 1680  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:12:30.0552 1680  KSecDD - ok
22:12:30.0677 1680  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:12:30.0693 1680  KSecPkg - ok
22:12:30.0724 1680  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:12:30.0895 1680  ksthunk - ok
22:12:30.0989 1680  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:12:31.0051 1680  KtmRm - ok
22:12:31.0145 1680  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:12:31.0192 1680  LanmanServer - ok
22:12:31.0239 1680  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:12:31.0301 1680  LanmanWorkstation - ok
22:12:31.0504 1680  [ 19EFF704CD16DD0429E128431F1DD631 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
22:12:31.0535 1680  LBTServ - ok
22:12:31.0597 1680  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
22:12:31.0597 1680  LGBusEnum - ok
22:12:31.0629 1680  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
22:12:31.0644 1680  LGVirHid - ok
22:12:31.0675 1680  [ 1074C77A47835E03C15BF92452F9A750 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
22:12:31.0691 1680  LHidFilt - ok
22:12:31.0738 1680  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:12:31.0847 1680  lltdio - ok
22:12:32.0003 1680  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:12:32.0128 1680  lltdsvc - ok
22:12:32.0175 1680  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:12:32.0253 1680  lmhosts - ok
22:12:32.0315 1680  [ 96999C364C649E2866A268F7420A304A ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
22:12:32.0331 1680  LMouFilt - ok
22:12:32.0487 1680  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:12:32.0502 1680  LSI_FC - ok
22:12:32.0658 1680  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:12:32.0674 1680  LSI_SAS - ok
22:12:32.0705 1680  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:12:32.0721 1680  LSI_SAS2 - ok
22:12:32.0752 1680  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:12:32.0892 1680  LSI_SCSI - ok
22:12:32.0923 1680  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:12:32.0970 1680  luafv - ok
22:12:33.0033 1680  [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
22:12:33.0033 1680  MBAMProtector - ok
22:12:33.0282 1680  [ 43683E970F008C93C9429EF428147A54 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:12:33.0298 1680  MBAMService - ok
22:12:33.0407 1680  [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt          C:\Windows\system32\drivers\MBfilt64.sys
22:12:33.0407 1680  MBfilt - ok
22:12:33.0547 1680  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:12:33.0594 1680  Mcx2Svc - ok
22:12:34.0156 1680  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:12:34.0156 1680  MDM - ok
22:12:34.0187 1680  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:12:34.0203 1680  megasas - ok
22:12:34.0359 1680  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:12:34.0437 1680  MegaSR - ok
22:12:34.0577 1680  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:12:34.0624 1680  MMCSS - ok
22:12:34.0624 1680  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:12:34.0780 1680  Modem - ok
22:12:34.0873 1680  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:12:35.0076 1680  monitor - ok
22:12:35.0123 1680  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:12:35.0123 1680  mouclass - ok
22:12:35.0170 1680  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:12:35.0295 1680  mouhid - ok
22:12:35.0341 1680  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:12:35.0341 1680  mountmgr - ok
22:12:35.0716 1680  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:12:38.0867 1680  MozillaMaintenance - ok
22:12:39.0039 1680  [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
22:12:39.0054 1680  MpFilter - ok
22:12:39.0241 1680  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:12:39.0351 1680  mpio - ok
22:12:39.0444 1680  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:12:39.0475 1680  mpsdrv - ok
22:12:39.0585 1680  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:12:39.0741 1680  MRxDAV - ok
22:12:39.0834 1680  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:12:39.0943 1680  mrxsmb - ok
22:12:40.0177 1680  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:12:40.0177 1680  mrxsmb10 - ok
22:12:40.0333 1680  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:12:40.0333 1680  mrxsmb20 - ok
22:12:40.0489 1680  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:12:40.0505 1680  msahci - ok
22:12:40.0661 1680  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:12:40.0692 1680  msdsm - ok
22:12:40.0895 1680  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:12:41.0082 1680  MSDTC - ok
22:12:41.0394 1680  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:12:41.0441 1680  Msfs - ok
22:12:41.0488 1680  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:12:41.0566 1680  mshidkmdf - ok
22:12:41.0628 1680  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:12:41.0628 1680  msisadrv - ok
22:12:41.0753 1680  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:12:41.0878 1680  MSiSCSI - ok
22:12:41.0893 1680  msiserver - ok
22:12:42.0003 1680  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:12:42.0127 1680  MSKSSRV - ok
22:12:42.0205 1680  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:12:42.0252 1680  MSPCLOCK - ok
22:12:42.0346 1680  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:12:42.0424 1680  MSPQM - ok
22:12:42.0533 1680  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:12:42.0549 1680  MsRPC - ok
22:12:42.0611 1680  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:12:42.0627 1680  mssmbios - ok
22:12:42.0736 1680  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:12:42.0829 1680  MSTEE - ok
22:12:42.0876 1680  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:12:42.0970 1680  MTConfig - ok
22:12:42.0985 1680  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:12:42.0985 1680  Mup - ok
22:12:43.0173 1680  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:12:43.0313 1680  napagent - ok
22:12:43.0407 1680  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:12:43.0563 1680  NativeWifiP - ok
22:12:43.0890 1680  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:12:44.0218 1680  NDIS - ok
22:12:44.0327 1680  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:12:44.0452 1680  NdisCap - ok
22:12:44.0514 1680  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:12:44.0530 1680  NdisTapi - ok
22:12:44.0623 1680  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:12:44.0764 1680  Ndisuio - ok
22:12:44.0873 1680  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:12:44.0920 1680  NdisWan - ok
22:12:45.0091 1680  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:12:45.0107 1680  NDProxy - ok
22:12:45.0216 1680  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:12:45.0466 1680  NetBIOS - ok
22:12:45.0591 1680  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:12:45.0606 1680  NetBT - ok
22:12:45.0747 1680  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:12:45.0747 1680  Netlogon - ok
22:12:45.0871 1680  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:12:45.0981 1680  Netman - ok
22:12:46.0074 1680  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:12:46.0105 1680  netprofm - ok
22:12:46.0215 1680  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:12:46.0293 1680  NetTcpPortSharing - ok
22:12:46.0464 1680  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:12:46.0495 1680  nfrd960 - ok
22:12:46.0745 1680  [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:12:46.0776 1680  NisDrv - ok
22:12:47.0073 1680  [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
22:12:47.0166 1680  NisSrv - ok
22:12:47.0260 1680  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:12:47.0369 1680  NlaSvc - ok
22:12:47.0431 1680  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:12:47.0447 1680  Npfs - ok
22:12:47.0509 1680  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:12:47.0541 1680  nsi - ok
22:12:47.0619 1680  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:12:47.0697 1680  nsiproxy - ok
22:12:48.0102 1680  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:12:48.0133 1680  Ntfs - ok
22:12:48.0227 1680  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:12:48.0258 1680  Null - ok
22:12:48.0352 1680  [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
22:12:48.0367 1680  NVHDA - ok
22:12:51.0207 1680  [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:12:51.0347 1680  nvlddmkm - ok
22:12:51.0425 1680  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:12:51.0550 1680  nvraid - ok
22:12:51.0675 1680  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:12:51.0768 1680  nvstor - ok
22:12:52.0065 1680  [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc           C:\Windows\system32\nvvsvc.exe
22:12:52.0080 1680  nvsvc - ok
22:12:52.0564 1680  [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:12:52.0657 1680  nvUpdatusService - ok
22:12:52.0782 1680  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:12:52.0876 1680  nv_agp - ok
22:12:52.0938 1680  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:12:52.0969 1680  ohci1394 - ok
22:12:53.0188 1680  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:12:53.0219 1680  ose - ok
22:12:53.0406 1680  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:12:53.0484 1680  p2pimsvc - ok
22:12:53.0687 1680  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:12:53.0765 1680  p2psvc - ok
22:12:53.0812 1680  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
22:12:53.0968 1680  Parport - ok
22:12:54.0093 1680  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:12:54.0093 1680  partmgr - ok
22:12:54.0217 1680  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:12:54.0233 1680  PcaSvc - ok
22:12:54.0389 1680  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:12:54.0405 1680  pci - ok
22:12:54.0483 1680  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:12:54.0498 1680  pciide - ok
22:12:54.0576 1680  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:12:54.0732 1680  pcmcia - ok
22:12:54.0779 1680  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:12:54.0795 1680  pcw - ok
22:12:54.0951 1680  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:12:55.0122 1680  PEAUTH - ok
22:12:57.0244 1680  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:12:57.0353 1680  PerfHost - ok
22:12:57.0790 1680  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:12:57.0946 1680  pla - ok
22:12:58.0133 1680  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:12:58.0242 1680  PlugPlay - ok
22:12:58.0383 1680  PnkBstrA - ok
22:12:58.0523 1680  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:12:58.0617 1680  PNRPAutoReg - ok
22:12:58.0788 1680  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:12:58.0804 1680  PNRPsvc - ok
22:12:58.0944 1680  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:12:59.0131 1680  PolicyAgent - ok
22:12:59.0334 1680  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:12:59.0428 1680  Power - ok
22:12:59.0568 1680  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:12:59.0615 1680  PptpMiniport - ok
22:12:59.0631 1680  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
22:12:59.0677 1680  Processor - ok
22:12:59.0724 1680  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:12:59.0740 1680  ProfSvc - ok
22:12:59.0771 1680  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:12:59.0771 1680  ProtectedStorage - ok
22:12:59.0849 1680  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:12:59.0880 1680  Psched - ok
22:13:00.0145 1680  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:13:00.0192 1680  ql2300 - ok
22:13:00.0223 1680  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:13:00.0239 1680  ql40xx - ok
22:13:00.0301 1680  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:13:00.0317 1680  QWAVE - ok
22:13:00.0395 1680  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:13:00.0442 1680  QWAVEdrv - ok
22:13:00.0457 1680  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:13:00.0473 1680  RasAcd - ok
22:13:00.0520 1680  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:13:00.0535 1680  RasAgileVpn - ok
22:13:00.0613 1680  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:13:00.0691 1680  RasAuto - ok
22:13:00.0723 1680  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:13:00.0738 1680  Rasl2tp - ok
22:13:00.0847 1680  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:13:00.0894 1680  RasMan - ok
22:13:00.0941 1680  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:13:00.0988 1680  RasPppoe - ok
22:13:01.0035 1680  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:13:01.0066 1680  RasSstp - ok
22:13:01.0128 1680  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:13:01.0159 1680  rdbss - ok
22:13:01.0191 1680  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
22:13:01.0253 1680  rdpbus - ok
22:13:01.0269 1680  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:13:01.0300 1680  RDPCDD - ok
22:13:01.0315 1680  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:13:01.0378 1680  RDPENCDD - ok
22:13:01.0393 1680  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:13:01.0409 1680  RDPREFMP - ok
22:13:01.0487 1680  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:13:01.0534 1680  RDPWD - ok
22:13:01.0596 1680  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:13:01.0612 1680  rdyboost - ok
22:13:01.0721 1680  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:13:01.0768 1680  RemoteAccess - ok
22:13:01.0861 1680  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:13:01.0955 1680  RemoteRegistry - ok
22:13:01.0971 1680  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:13:02.0002 1680  RpcEptMapper - ok
22:13:02.0049 1680  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:13:02.0080 1680  RpcLocator - ok
22:13:02.0220 1680  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:13:02.0236 1680  RpcSs - ok
22:13:02.0298 1680  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:13:02.0329 1680  rspndr - ok
22:13:02.0517 1680  [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:13:02.0517 1680  RTL8167 - ok
22:13:02.0704 1680  [ 68F717BC57B0FE12011EB9517C97F78D ] s1029bus        C:\Windows\system32\DRIVERS\s1029bus.sys
22:13:02.0735 1680  s1029bus - ok
22:13:03.0000 1680  [ FCFAFA529F4FA27B02FCE1E52A84922E ] s1029mdfl       C:\Windows\system32\DRIVERS\s1029mdfl.sys
22:13:03.0094 1680  s1029mdfl - ok
22:13:03.0125 1680  [ 35BD0866EB422AB2D7C8F0DDCC67BF7C ] s1029mdm        C:\Windows\system32\DRIVERS\s1029mdm.sys
22:13:03.0156 1680  s1029mdm - ok
22:13:03.0297 1680  [ E0FD4F4F42B76E910CC4295C97AA30BA ] s1029mgmt       C:\Windows\system32\DRIVERS\s1029mgmt.sys
22:13:03.0343 1680  s1029mgmt - ok
22:13:03.0406 1680  [ 90276F1D842EB96F82510E73FDB792AD ] s1029nd5        C:\Windows\system32\DRIVERS\s1029nd5.sys
22:13:03.0437 1680  s1029nd5 - ok
22:13:03.0499 1680  [ 128ED45223FAB846E8436A2F2BAEBB55 ] s1029obex       C:\Windows\system32\DRIVERS\s1029obex.sys
22:13:03.0515 1680  s1029obex - ok
22:13:03.0593 1680  [ 400FC5591586A1DFECF7A0CFAA6B0D68 ] s1029unic       C:\Windows\system32\DRIVERS\s1029unic.sys
22:13:03.0609 1680  s1029unic - ok
22:13:03.0640 1680  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:13:03.0640 1680  SamSs - ok
22:13:03.0671 1680  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:13:03.0702 1680  sbp2port - ok
22:13:03.0733 1680  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:13:03.0780 1680  SCardSvr - ok
22:13:03.0843 1680  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:13:03.0874 1680  scfilter - ok
22:13:04.0077 1680  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:13:04.0108 1680  Schedule - ok
22:13:04.0139 1680  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:13:04.0170 1680  SCPolicySvc - ok
22:13:04.0264 1680  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:13:04.0295 1680  SDRSVC - ok
22:13:04.0326 1680  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:13:04.0373 1680  secdrv - ok
22:13:04.0451 1680  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:13:04.0482 1680  seclogon - ok
22:13:04.0529 1680  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:13:04.0607 1680  SENS - ok
22:13:04.0685 1680  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:13:04.0716 1680  SensrSvc - ok
22:13:04.0794 1680  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:13:04.0825 1680  Serenum - ok
22:13:04.0872 1680  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:13:04.0903 1680  Serial - ok
22:13:04.0950 1680  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:13:04.0997 1680  sermouse - ok
22:13:05.0044 1680  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:13:05.0091 1680  SessionEnv - ok
22:13:05.0106 1680  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:13:05.0153 1680  sffdisk - ok
22:13:05.0215 1680  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:13:05.0309 1680  sffp_mmc - ok
22:13:05.0340 1680  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:13:05.0418 1680  sffp_sd - ok
22:13:05.0496 1680  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:13:05.0559 1680  sfloppy - ok
22:13:05.0637 1680  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:13:05.0683 1680  ShellHWDetection - ok
22:13:05.0730 1680  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:13:05.0730 1680  SiSRaid2 - ok
22:13:05.0777 1680  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:13:05.0824 1680  SiSRaid4 - ok
22:13:06.0105 1680  [ C70AEBD3608ED9FCEA2A1BAE83567FFC ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:13:06.0105 1680  SkypeUpdate - ok
22:13:06.0167 1680  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:13:06.0214 1680  Smb - ok
22:13:06.0261 1680  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:13:06.0276 1680  SNMPTRAP - ok
22:13:06.0339 1680  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:13:06.0354 1680  spldr - ok
22:13:06.0448 1680  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
22:13:06.0463 1680  Spooler - ok
22:13:07.0056 1680  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:13:07.0134 1680  sppsvc - ok
22:13:07.0165 1680  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:13:07.0197 1680  sppuinotify - ok
22:13:07.0524 1680  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\System32\Drivers\sptd.sys
22:13:07.0618 1680  sptd - ok
22:13:07.0789 1680  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:13:07.0852 1680  srv - ok
22:13:07.0899 1680  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:13:07.0914 1680  srv2 - ok
22:13:07.0961 1680  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:13:07.0961 1680  srvnet - ok
22:13:08.0008 1680  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:13:08.0023 1680  SSDPSRV - ok
22:13:08.0070 1680  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:13:08.0101 1680  SstpSvc - ok
22:13:08.0367 1680  [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:13:08.0382 1680  Stereo Service - ok
22:13:08.0413 1680  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:13:08.0445 1680  stexstor - ok
22:13:08.0647 1680  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:13:08.0679 1680  stisvc - ok
22:13:08.0725 1680  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:13:08.0741 1680  swenum - ok
22:13:08.0959 1680  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:13:08.0991 1680  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
22:13:08.0991 1680  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
22:13:09.0084 1680  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:13:09.0162 1680  swprv - ok
22:13:09.0599 1680  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:13:09.0646 1680  SysMain - ok
22:13:09.0693 1680  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:13:09.0724 1680  TabletInputService - ok
22:13:09.0880 1680  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:13:09.0942 1680  TapiSrv - ok
22:13:09.0989 1680  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:13:10.0020 1680  TBS - ok
22:13:10.0519 1680  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:13:10.0566 1680  Tcpip - ok
22:13:10.0972 1680  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:13:11.0003 1680  TCPIP6 - ok
22:13:11.0019 1680  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:13:11.0065 1680  tcpipreg - ok
22:13:11.0097 1680  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:13:11.0159 1680  TDPIPE - ok
22:13:11.0190 1680  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:13:11.0221 1680  TDTCP - ok
22:13:11.0253 1680  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:13:11.0284 1680  tdx - ok
22:13:11.0299 1680  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:13:11.0315 1680  TermDD - ok
22:13:11.0471 1680  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:13:11.0502 1680  TermService - ok
22:13:11.0565 1680  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:13:11.0580 1680  Themes - ok
22:13:11.0596 1680  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:13:11.0627 1680  THREADORDER - ok
22:13:11.0643 1680  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:13:11.0674 1680  TrkWks - ok
22:13:11.0830 1680  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:13:11.0892 1680  TrustedInstaller - ok
22:13:11.0939 1680  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:13:12.0017 1680  tssecsrv - ok
22:13:12.0064 1680  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:13:12.0111 1680  TsUsbFlt - ok
22:13:12.0142 1680  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:13:12.0189 1680  TsUsbGD - ok
22:13:12.0235 1680  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:13:12.0282 1680  tunnel - ok
22:13:12.0828 1680  [ 06BCCB3BF0D06ADCCC4EBC8EF682DD59 ] TVersityMediaServer C:\ProgramData\TVersity\Media Server\MediaServer.exe
22:13:12.0844 1680  TVersityMediaServer - ok
22:13:12.0906 1680  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:13:12.0922 1680  uagp35 - ok
22:13:12.0984 1680  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:13:13.0047 1680  udfs - ok
22:13:13.0125 1680  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:13:13.0171 1680  UI0Detect - ok
22:13:13.0296 1680  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:13:13.0390 1680  uliagpkx - ok
22:13:13.0468 1680  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:13:13.0499 1680  umbus - ok
22:13:13.0546 1680  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:13:13.0655 1680  UmPass - ok
22:13:13.0733 1680  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:13:13.0764 1680  upnphost - ok
22:13:13.0873 1680  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
22:13:13.0998 1680  USBAAPL64 - ok
22:13:14.0139 1680  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:13:14.0201 1680  usbaudio - ok
22:13:14.0263 1680  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:13:14.0263 1680  usbccgp - ok
22:13:14.0341 1680  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:13:14.0435 1680  usbcir - ok
22:13:14.0482 1680  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:13:14.0513 1680  usbehci - ok
22:13:14.0607 1680  [ 858BE9C0E498C8E505E198E17EECE0D9 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
22:13:14.0622 1680  usbfilter - ok
22:13:14.0716 1680  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:13:14.0763 1680  usbhub - ok
22:13:14.0809 1680  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:13:14.0856 1680  usbohci - ok
22:13:14.0934 1680  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:13:15.0043 1680  usbprint - ok
22:13:15.0075 1680  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:13:15.0153 1680  USBSTOR - ok
22:13:15.0199 1680  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:13:15.0262 1680  usbuhci - ok
22:13:15.0324 1680  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:13:15.0371 1680  UxSms - ok
22:13:15.0402 1680  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:13:15.0402 1680  VaultSvc - ok
22:13:15.0496 1680  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:13:15.0496 1680  vdrvroot - ok
22:13:15.0574 1680  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:13:15.0636 1680  vds - ok
22:13:15.0745 1680  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:13:15.0761 1680  vga - ok
22:13:15.0761 1680  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:13:15.0823 1680  VgaSave - ok
22:13:15.0886 1680  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:13:15.0917 1680  vhdmp - ok
22:13:15.0948 1680  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:13:15.0964 1680  viaide - ok
22:13:16.0011 1680  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:13:16.0026 1680  volmgr - ok
22:13:16.0182 1680  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:13:16.0198 1680  volmgrx - ok
22:13:16.0291 1680  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:13:16.0291 1680  volsnap - ok
22:13:16.0416 1680  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:13:16.0432 1680  vsmraid - ok
22:13:16.0791 1680  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:13:16.0884 1680  VSS - ok
22:13:16.0915 1680  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:13:16.0962 1680  vwifibus - ok
22:13:17.0025 1680  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:13:17.0056 1680  W32Time - ok
22:13:17.0103 1680  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:13:17.0149 1680  WacomPen - ok
22:13:17.0305 1680  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:13:17.0352 1680  WANARP - ok
22:13:17.0399 1680  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:13:17.0415 1680  Wanarpv6 - ok
22:13:17.0836 1680  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:13:17.0945 1680  wbengine - ok
22:13:18.0007 1680  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:13:18.0023 1680  WbioSrvc - ok
22:13:18.0179 1680  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:13:18.0241 1680  wcncsvc - ok
22:13:18.0288 1680  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:13:18.0366 1680  WcsPlugInService - ok
22:13:18.0429 1680  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
22:13:18.0444 1680  Wd - ok
22:13:18.0616 1680  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:13:18.0631 1680  Wdf01000 - ok
22:13:18.0647 1680  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:13:19.0037 1680  WdiServiceHost - ok
22:13:19.0053 1680  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:13:19.0068 1680  WdiSystemHost - ok
22:13:19.0131 1680  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:13:19.0177 1680  WebClient - ok
22:13:19.0240 1680  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:13:19.0318 1680  Wecsvc - ok
22:13:19.0333 1680  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:13:19.0365 1680  wercplsupport - ok
22:13:19.0411 1680  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:13:19.0427 1680  WerSvc - ok
22:13:19.0489 1680  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:13:19.0505 1680  WfpLwf - ok
22:13:19.0567 1680  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:13:19.0583 1680  WIMMount - ok
22:13:19.0583 1680  WinHttpAutoProxySvc - ok
22:13:19.0755 1680  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:13:19.0786 1680  Winmgmt - ok
22:13:20.0176 1680  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:13:20.0254 1680  WinRM - ok
22:13:20.0425 1680  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:13:20.0457 1680  WinUsb - ok
22:13:20.0613 1680  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:13:20.0675 1680  Wlansvc - ok
22:13:20.0737 1680  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:13:20.0769 1680  WmiAcpi - ok
22:13:20.0862 1680  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:13:20.0925 1680  wmiApSrv - ok
22:13:21.0003 1680  WMPNetworkSvc - ok
22:13:21.0112 1680  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:13:21.0112 1680  WPCSvc - ok
22:13:21.0143 1680  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:13:21.0143 1680  WPDBusEnum - ok
22:13:21.0190 1680  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:13:21.0221 1680  ws2ifsl - ok
22:13:21.0221 1680  WSearch - ok
22:13:21.0252 1680  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:13:21.0330 1680  WudfPf - ok
22:13:21.0424 1680  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:13:21.0455 1680  WUDFRd - ok
22:13:21.0517 1680  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:13:21.0549 1680  wudfsvc - ok
22:13:21.0627 1680  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:13:21.0658 1680  WwanSvc - ok
22:13:21.0673 1680  ================ Scan global ===============================
22:13:21.0798 1680  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:13:21.0876 1680  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:13:21.0892 1680  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:13:21.0939 1680  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:13:22.0032 1680  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:13:22.0032 1680  [Global] - ok
22:13:22.0032 1680  ================ Scan MBR ==================================
22:13:22.0048 1680  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:13:33.0108 1680  \Device\Harddisk0\DR0 - ok
22:13:33.0108 1680  ================ Scan VBR ==================================
22:13:33.0124 1680  [ 22ACA03FF652B70034A23C3440666972 ] \Device\Harddisk0\DR0\Partition1
22:13:33.0202 1680  \Device\Harddisk0\DR0\Partition1 - ok
22:13:33.0233 1680  [ 25682047E08BEA70999909B28C9F2461 ] \Device\Harddisk0\DR0\Partition2
22:13:33.0249 1680  \Device\Harddisk0\DR0\Partition2 - ok
22:13:33.0249 1680  ============================================================
22:13:33.0249 1680  Scan finished
22:13:33.0249 1680  ============================================================
22:13:33.0264 3976  Detected object count: 1
22:13:33.0264 3976  Actual detected object count: 1
22:14:11.0406 3976  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
22:14:11.0406 3976  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:27:17.0598 1224  Deinitialize success

cosinus · 30.08.2012, 21:58

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

SebastianEF · 30.08.2012, 22:23

hier die CF Log. Habe aber den Usernamen ge"x"t

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-08-30.05 - XXXXXX 30.08.2012  23:05:16.1.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.16380.13939 [GMT 2:00]
ausgeführt von:: c:\users\XXXXXX\Desktop\ComboFix.exe
AV: Kabel Sicherheitspaket 9.12 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: Kabel Sicherheitspaket 9.12 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Kabel Sicherheitspaket 9.12 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-28 bis 2012-08-30  ))))))))))))))))))))))))))))))
.
.
2012-08-30 20:05 . 2012-08-30 20:05	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-08-30 15:40 . 2012-08-30 15:40	--------	d-----w-	C:\_OTL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 20:06 . 2009-07-13 23:19	328704	----a-w-	c:\windows\system32\services.exe
2012-08-19 17:37 . 2012-04-03 18:29	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-19 17:37 . 2011-08-11 22:05	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-19 16:01 . 2012-05-27 20:55	56016	----a-w-	c:\windows\system32\drivers\fsbts.sys
2012-07-11 04:18 . 2011-08-18 16:54	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-07-03 11:46 . 2012-07-31 18:19	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-29 10:04 . 2012-07-30 19:07	9133488	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBD7E538-99D3-41BD-A53B-E1BBEBE98215}\mpengine.dll
2012-06-29 10:04 . 2012-07-29 09:02	9133488	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-12 03:08 . 2012-07-11 04:20	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 03:39	14172672	----a-w-	c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 03:39	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 03:39	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 03:39	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 03:39	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 03:39	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 03:39	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 14:31	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 14:41	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 14:41	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 14:41	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 14:31	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 14:41	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 14:31	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 14:20	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 14:20	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 03:39	458704	----a-w-	c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 03:39	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 03:39	151920	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 03:39	340992	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 03:39	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 03:39	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 03:39	225280	----a-w-	c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 03:39	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 03:39	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-08-11 4942336]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"F-Secure Manager"="c:\program files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="c:\program files (x86)\Kabel Deutschland\Sicherheitspaket\FSGUI\TNBUtil.exe" [2012-05-27 1655464]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2012-05-27 50384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-26 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 250056]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2011-08-18 31808]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-26 136176]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-08-13 16008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [2009-05-25 116264]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [2009-05-25 19496]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [2009-05-25 158760]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [2009-05-25 139304]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [2009-05-25 34856]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [2009-05-25 135208]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [2009-05-25 151592]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\Win2K\FSfilter.sys [2009-11-18 41640]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\Win2K\FSrec.sys [2009-11-18 27048]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-11-15 834544]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-08-19 56016]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Kabel Deutschland\Sicherheitspaket\HIPS\drivers\fshs.sys [2009-11-18 59784]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-08-11 15936]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-11-18 94024]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys [2009-11-18 16768]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
S3 AxtuDrv;AxtuDrv;c:\windows\SysWOW64\Drivers\AxtuDrv.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys [2012-06-01 199848]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Kabel Deutschland\Sicherheitspaket\ORSP Client\fsorsp.exe [2012-05-27 61088]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-08-13 22408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AXTUDRV
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 17:37]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-26 07:45]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-26 07:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-18 11855976]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-06-14 110360]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
LSP: c:\program files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\wud1xmf8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-17839075.sys
SafeBoot-MsMpSvc
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*m,*]
"7040110900063D11C8EF10054038389C"="C?\\Windows\\SysWOW64\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\fsgk32st.exe
c:\program files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\FSGK32.EXE
c:\program files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSMA32.EXE
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSHDLL32.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
c:\program files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
c:\program files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\fssm32.exe
c:\program files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\fsav32.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-30  23:18:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-30 21:17
.
Vor Suchlauf: 11 Verzeichnis(se), 771.988.946.944 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 771.533.299.712 Bytes frei
.
- - End Of File - - 29A10FEF5D16B938D418E496345A82B6

--- --- ---

cosinus · 31.08.2012, 10:34

Zitat:

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: Kabel Sicherheitspaket 9.12 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

Sind tatsächlich noch beide Virenscanner installiert?

SebastianEF · 31.08.2012, 11:06

Das habe ich jetzt auch erst durch den Scan gesehen. Essential deinstalliere ich heute noch.

Ist das jetzt schlecht für den Scan gewesen? Das ist Kdg sicherheitspaket (f-Secure) kann man leider nicht beenden, nur deaktivieren. Dann läuft es ohne einzugreifen.

Wie soll ich weiter verfahren?

cosinus · 31.08.2012, 11:28

Zwei solcher Virenscanner sind prinzipiell schlecht für das System! Beeinträchtigen sich gegenseitig und gefährden die Systemstabilität! Stell dir vor du hast beim Fußball zwei Keeper im Tor, das kann auch nicht gutgehen!

Deinstalliere umgehend einen der beiden, ich würde das Kabel Sicherheitspaket deinstallieren und kündigen, die 5 EUR im Monat sollte man sich echt sparen. Sind 60 EUR im Jahr! Ich bin auch bei KD und hab das schriftlich gekündigt!

SebastianEF · 31.08.2012, 11:42

Danke fur den tipp. :-) Ich werde essential deinstallieren, da ich für das Paket nix zahle.

Was muss ich noch machen damit ich meinen PC wieder nutzen kann? Kann ich meine externe Festplatte wieder einschalten?

cosinus · 31.08.2012, 13:47

Zitat:

Ich werde essential deinstallieren, da ich für das Paket nix zahle.

Wo ist da die Logik in der Begründung?

SebastianEF · 31.08.2012, 14:23

:-D haste mich kalt erwischt ;-) ich gehe davon aus das f-Secure qualitativ besser ist als die Freeware von MS :-) bei f-Secure werden stündlich neue Virenupdates geladen. Habe aber ehrlich gesagt nie nach Testberichten oder ähnliches recherchiert.

Muss jetzt noch was gemacht werden? Soll ich die externe Festplatte mal
Scannen oder so?

cosinus · 31.08.2012, 14:51

MSE reicht völlig aus, es gibt eh wichtigere Dinge als einen Virenscanner für 60 EUR im Jahr nur weil der stündlich nach Updates sucht

Deinstalliere jetzt einen Virenscanner und gib mir dann Bescheid, dann gehts weiter

SebastianEF · 31.08.2012, 15:33

Ich habe jetzt MSE deinstalliert. Können weiter machen

Ich werde mir später noch mal ein paar Testberichte suchen was besser ist. Wie gesagt, ich zahle für das F-Secure nix.

cosinus · 31.08.2012, 16:11

Zitat:

Wie gesagt, ich zahle für das F-Secure nix.

Sry das ist Quatsch. Das hab ich dir doch vorhin erklärt.
KD-Kunden bezahlen dafür um die 4 oder 5 EUR im Monat. Ich hab das extra schriftlich gekündigt

SebastianEF · 31.08.2012, 16:50

Jepp kostet es auch. Ich habe es aus beruflichen gründen kostenfrei weil unsere Firma nen Rahmenvertrag mit f-Secure hat.

Wie geht's jetzt weiter?

cosinus · 31.08.2012, 19:50

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

SebastianEF · 31.08.2012, 22:30

GMER lief ohne Probleme. Hat nix gefunden und auch keinen Log ausgegeben.

OSAM Log:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:53:29 on 31.08.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AsrAppCharger" (AsrAppCharger) - "Windows (R) Win 7 DDK provider" - C:\Windows\System32\DRIVERS\AsrAppCharger.sys
"AxtuDrv" (AxtuDrv) - ? - C:\Windows\SysWOW64\Drivers\AxtuDrv.sys  (File not found)
"F-Secure Email Scanning Driver" (FSES) - "F-Secure Corporation" - C:\Windows\System32\drivers\fses.sys
"F-Secure Firewall Driver" (FSFW) - "F-Secure Corporation" - C:\Windows\System32\drivers\fsdfw.sys
"F-Secure Gatekeeper" (F-Secure Gatekeeper) - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys
"F-Secure HIPS Driver" (F-Secure HIPS) - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\HIPS\drivers\fshs.sys
"F-Secure Vista Support Driver" (fsvista) - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys
"FNETTBOH_305" (FNETTBOH_305) - "FNet Co., Ltd." - C:\Windows\System32\drivers\FNETTBOH_305.SYS
"FNETURPX" (FNETURPX) - "FNet Co., Ltd." - C:\Windows\System32\drivers\FNETURPX.SYS
"fsbts" (fsbts) - "F-Secure Corporation" - C:\Windows\System32\Drivers\fsbts.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\OFFICE11\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\OFFICE11\OLKFSTUB.DLL
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_271.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.6" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.6\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{265EEE8E-3228-44D3-AEA5-F7FDF5860049} "Browsing Protection Toolbar" - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\NRS\iescript\baselitmus.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{C6867EB7-8350-4856-877F-93CF8AE3DC9C} "Browsing Protection Class" - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\NRS\iescript\baselitmus.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\XXXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeCS5.5ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"AdobeCS5ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"F-Secure Manager" - "F-Secure Corporation" - "C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSM32.EXE" /splash
"F-Secure TNB" - "F-Secure Corporation" - "C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
"iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"SwitchBoard" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"THX TruStudio NB Settings" - "Creative Technology Ltd" - "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
"UpdReg" - "Creative Technology Ltd." - C:\Windows\UpdReg.EXE
"XFastUsb" - "FNet Co., Ltd." - C:\Program Files (x86)\XFastUsb\XFastUsb.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"F-Secure Anti-Virus Firewall Daemon" (FSDFWD) - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FWES\Program\fsdfwd.exe
"F-Secure Management Agent" (FSMA) - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSMA32.EXE
"F-Secure ORSP Client" (FSORSPClient) - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\ORSP Client\fsorsp.exe
"FSGKHS" (F-Secure Gatekeeper Handler Starter) - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\fsgk32st.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File not found)
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"TVersity Media Server" (TVersityMediaServer) - ? - C:\ProgramData\TVersity\Media Server\MediaServer.exe  (File found, but it contains no detailed information)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"F-Secure Protocol Scanner" - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR Log:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:53:29 on 31.08.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AsrAppCharger" (AsrAppCharger) - "Windows (R) Win 7 DDK provider" - C:\Windows\System32\DRIVERS\AsrAppCharger.sys
"AxtuDrv" (AxtuDrv) - ? - C:\Windows\SysWOW64\Drivers\AxtuDrv.sys  (File not found)
"F-Secure Email Scanning Driver" (FSES) - "F-Secure Corporation" - C:\Windows\System32\drivers\fses.sys
"F-Secure Firewall Driver" (FSFW) - "F-Secure Corporation" - C:\Windows\System32\drivers\fsdfw.sys
"F-Secure Gatekeeper" (F-Secure Gatekeeper) - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys
"F-Secure HIPS Driver" (F-Secure HIPS) - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\HIPS\drivers\fshs.sys
"F-Secure Vista Support Driver" (fsvista) - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys
"FNETTBOH_305" (FNETTBOH_305) - "FNet Co., Ltd." - C:\Windows\System32\drivers\FNETTBOH_305.SYS
"FNETURPX" (FNETURPX) - "FNet Co., Ltd." - C:\Windows\System32\drivers\FNETURPX.SYS
"fsbts" (fsbts) - "F-Secure Corporation" - C:\Windows\System32\Drivers\fsbts.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\OFFICE11\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\OFFICE11\OLKFSTUB.DLL
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_271.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.6" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.6\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{265EEE8E-3228-44D3-AEA5-F7FDF5860049} "Browsing Protection Toolbar" - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\NRS\iescript\baselitmus.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{C6867EB7-8350-4856-877F-93CF8AE3DC9C} "Browsing Protection Class" - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\NRS\iescript\baselitmus.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\XXXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeCS5.5ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"AdobeCS5ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"F-Secure Manager" - "F-Secure Corporation" - "C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSM32.EXE" /splash
"F-Secure TNB" - "F-Secure Corporation" - "C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
"iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"SwitchBoard" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"THX TruStudio NB Settings" - "Creative Technology Ltd" - "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
"UpdReg" - "Creative Technology Ltd." - C:\Windows\UpdReg.EXE
"XFastUsb" - "FNet Co., Ltd." - C:\Program Files (x86)\XFastUsb\XFastUsb.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"F-Secure Anti-Virus Firewall Daemon" (FSDFWD) - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FWES\Program\fsdfwd.exe
"F-Secure Management Agent" (FSMA) - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSMA32.EXE
"F-Secure ORSP Client" (FSORSPClient) - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\ORSP Client\fsorsp.exe
"FSGKHS" (F-Secure Gatekeeper Handler Starter) - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\fsgk32st.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File not found)
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"TVersity Media Server" (TVersityMediaServer) - ? - C:\ProgramData\TVersity\Media Server\MediaServer.exe  (File found, but it contains no detailed information)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"F-Secure Protocol Scanner" - "F-Secure Corporation" - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Usernamen sind ausge"x"t

31.08.2012, 14:51	#25
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Live Security Trojaner MSE reicht völlig aus, es gibt eh wichtigere Dinge als einen Virenscanner für 60 EUR im Jahr nur weil der stündlich nach Updates sucht Deinstalliere jetzt einen Virenscanner und gib mir dann Bescheid, dann gehts weiter __________________ Logfiles bitte immer in CODE-Tags posten

Live Security Trojaner

Plagegeister aller Art und deren Bekämpfung: Live Security Trojaner