Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win7 Firewall ist immer wieder aus (https://www.trojaner-board.de/113448-win7-firewall-immer.html)

reinhawi 11.04.2012 12:29
Win7 Firewall ist immer wieder aus
 
Hallo zusammen, ichh habe Win7 Home Premium SP1. Sein einiger Zeit ist immer wieder ein Problem aufgetreten, dass immer wieder meine Firewall vom Win deaktiviert ist, wenn ich den Rechner einschalte. Ich hoffe man kann mir hier weiterhelfen. Ich habe OTL gemacht und die Datein hein bei gelegt.

Vielen Dank schon mal.:taenzer:

Hallo, wie ich gerade beim stöbern auch ferstgestellt hatte, hatte ich am Samstag abend auch die Meldung 50 Euro - PC gespert. Konnte nur den Rechner ausschalten und dann wieder einschalten. Des Weiteren musste ich feststellen, dass alle Symbole vom Desktop weg sind und auch ein rechtsklick nicht mehr ging. Habe mir ein zweites BN-Konto angelegt, wo ich wieder alles habe nur das Problem mit der Firewall ist immer noch da. Vieleicht hilft das auch noch weiter.

Vielen Dank im Voraus.:abklatsch:

reinhawi 12.04.2012 10:08
Zitat:
Zitat von reinhawi (Beitrag 812413)
Hallo zusammen, ichh habe Win7 Home Premium SP1. Sein einiger Zeit ist immer wieder ein Problem aufgetreten, dass immer wieder meine Firewall vom Win deaktiviert ist, wenn ich den Rechner einschalte. Ich hoffe man kann mir hier weiterhelfen. Ich habe OTL gemacht und die Datein hein bei gelegt.

Vielen Dank schon mal.:taenzer:

Hallo, wie ich gerade beim stöbern auch ferstgestellt hatte, hatte ich am Samstag abend auch die Meldung 50 Euro - PC gespert. Konnte nur den Rechner ausschalten und dann wieder einschalten. Des Weiteren musste ich feststellen, dass alle Symbole vom Desktop weg sind und auch ein rechtsklick nicht mehr ging. Habe mir ein zweites BN-Konto angelegt, wo ich wieder alles habe nur das Problem mit der Firewall ist immer noch da. Vieleicht hilft das auch noch weiter.

Vielen Dank im Voraus.:abklatsch:


Hallo, habe noch einmal OTL ausgeführt mit den BN-Konto wo die Meldung kam und was nicht mehr richtig läuft. Die angehängten *.txt sind mit dem neuen BN-Konto

Vielen Dank schon mal. Gruß:abklatsch:

Code:
OTL Extras logfile created on: 12.04.2012 10:43:36 - Run 2
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Jens und Thomas\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 57,78% Memory free
7,49 Gb Paging File | 5,44 Gb Available in Paging File | 72,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 402,24 Gb Free Space | 88,86% Space Free | Partition Type: NTFS
 
Computer Name: REINHAWI-2 | User Name: Jens und Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-2341144251-2960417618-3555077595-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{16D8AAE0-EA5A-F5AC-D9B7-4B802EC1CB46}" = ccc-utility64
"{21958FA9-A346-4745-E831-98013FA0C203}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{191348A7-13EC-2650-6ABC-1C1D2423A40C}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23D5D3E2-26F4-556E-B798-09B7CC796BD1}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3653CD74-6658-CEBB-CD6D-C0307AD95C42}" = CCC Help Dutch
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{4460DD07-4171-C90E-1D90-B77AC15A1091}" = CCC Help Danish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B0E901E-F7E0-E568-85C8-2EA65A1BDAF5}" = CCC Help Turkish
"{4D20ABBF-B73C-A373-5BAB-D4B0339B6A0A}" = CCC Help Japanese
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3D0EE7-72E0-B579-425A-098B091709A8}" = CCC Help Chinese Standard
"{5FB9AC96-BC36-7EED-7DCF-8B2FF4437A59}" = ccc-core-static
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65E556A8-6CA0-22A4-6818-6CD068DA0AFD}" = Catalyst Control Center Graphics Full New
"{6F29746D-92E6-F783-A0F4-4F096E78D050}" = Catalyst Control Center Graphics Full Existing
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B96F0C0-BDD3-A367-11CC-45597C63ABEB}" = Catalyst Control Center Graphics Light
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.4.3
"{83299633-1261-47A3-84F3-6F02B4B8CDB1}" = Video Web Camera
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8595562C-577E-5EF2-D41B-ED9179C11148}" = CCC Help Thai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7F7E19-9019-D754-4BCF-48C6439F99C3}" = CCC Help English
"{8DB37F8B-12E1-E616-3D73-8D09FC012107}" = CCC Help Swedish
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90A10407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A23514CE-CE89-43D1-BAB2-685E49538766}" = CCC Help Hungarian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2F7D09B-E3AE-8BCA-A798-C8DA98D0A9AC}" = CCC Help Norwegian
"{B376DE99-5243-D03D-B51D-4BE193EA7985}" = CCC Help Greek
"{BDBAEB81-FACA-1CF6-9A74-8EB532F0012D}" = CCC Help Spanish
"{C2BE0404-9252-8657-6839-EA2B60EA3CE8}" = Catalyst Control Center Localization All
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB8D8129-4592-3EB9-4976-68515DC4D0C1}" = CCC Help French
"{CC757D67-711D-4459-AB6A-8835CA5BF699}" = CCC Help Chinese Traditional
"{CC9D85AF-30DB-55A0-1E00-976BFDAF04D0}" = CCC Help Russian
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DC8F6F65-558C-1C57-8F08-D367F6C19988}" = CCC Help Korean
"{DF57F301-0416-55BA-8287-5E929615D967}" = CCC Help Polish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{E3CA43BE-C574-1938-E60B-E7A4486A1DAD}" = CCC Help Finnish
"{E4CD072D-13E1-5EAB-A350-76E7F8A2DD51}" = Catalyst Control Center Graphics Previews Common
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EF48185C-1BE3-3EE0-22C5-EDE82A08C105}" = CCC Help Italian
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26A271D-5602-CA19-6456-AEB22BEFE1EA}" = Catalyst Control Center Core Implementation
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"{FDAEEEC4-E57E-D75A-E885-EE4E3BEE916B}" = CCC Help Czech
"{FF6BA6F7-67C8-5F93-89B7-F6679D51D869}" = Catalyst Control Center InstallProxy
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"FileZilla Client" = FileZilla Client 3.2.7.1
"F-Secure Product 444" = Unitymedia Sicherheitspaket
"Identity Card" = Identity Card
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"LManager" = Launch Manager
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Opera 11.60.1185" = Opera 11.60
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"TeamViewer 7" = TeamViewer 7
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT088292" = Zuma Deluxe
"WT088416" = FATE
"WT088531" = Zuma's Revenge
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.03.2012 19:50:43 | Computer Name = reinhawi-2 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.03.2012 19:51:20 | Computer Name = reinhawi-2 | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 29.03.2012 18:24:01 | Computer Name = reinhawi-2 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 29.03.2012 18:24:42 | Computer Name = reinhawi-2 | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 29.03.2012 19:29:58 | Computer Name = reinhawi-2 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 29.03.2012 19:30:03 | Computer Name = reinhawi-2 | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 02.04.2012 16:04:38 | Computer Name = reinhawi-2 | Source = Windows Backup | ID = 4103
Description =
 
Error - 03.04.2012 09:39:20 | Computer Name = reinhawi-2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 03.04.2012 09:39:20 | Computer Name = reinhawi-2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14820
 
Error - 03.04.2012 09:39:20 | Computer Name = reinhawi-2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14820
 
[ System Events ]
Error - 09.04.2012 15:30:11 | Computer Name = reinhawi-2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TeamViewer 6" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%193
 
Error - 10.04.2012 03:08:54 | Computer Name = reinhawi-2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TeamViewer 6" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%193
 
Error - 10.04.2012 04:46:51 | Computer Name = reinhawi-2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TeamViewer 6" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%193
 
Error - 10.04.2012 04:59:57 | Computer Name = reinhawi-2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TeamViewer 6" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%193
 
Error - 10.04.2012 05:30:49 | Computer Name = reinhawi-2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TeamViewer 6" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%193
 
Error - 10.04.2012 09:59:42 | Computer Name = reinhawi-2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TeamViewer 6" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%193
 
Error - 10.04.2012 10:44:39 | Computer Name = reinhawi-2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TeamViewer 6" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%193
 
Error - 10.04.2012 10:56:32 | Computer Name = reinhawi-2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TeamViewer 6" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%193
 
Error - 10.04.2012 11:28:15 | Computer Name = reinhawi-2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TeamViewer 6" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%193
 
Error - 11.04.2012 05:14:25 | Computer Name = reinhawi-2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TeamViewer 6" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%193
 
 
< End of report >
Code:
OTL logfile created on: 12.04.2012 10:43:36 - Run 2
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Jens und Thomas\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 57,78% Memory free
7,49 Gb Paging File | 5,44 Gb Available in Paging File | 72,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 402,24 Gb Free Space | 88,86% Space Free | Partition Type: NTFS
 
Computer Name: REINHAWI-2 | User Name: Jens und Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jens und Thomas\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll ()
MOD - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPC\fspcfsm.eng ()
MOD - \\?\c:\program files (x86)\unitymedia\sicherheitspaket\hips\fshook32.dll ()
MOD - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\strres.eng ()
MOD - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\gres.dll ()
MOD - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\flyerres.eng ()
MOD - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\fsavures.eng ()
MOD - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\about.dll ()
MOD - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\aboutres.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FSDFWD) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (FSORSPClient) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (TeamViewer6) -- C:\Users\Jens und Thomas\temp\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (FSMA) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (FSFW) -- C:\Windows\SysNative\drivers\fsdfw.sys (F-Secure Corporation)
DRV:64bit: - (FSES) -- C:\Windows\SysNative\drivers\fses.sys (F-Secure Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (F-Secure Gatekeeper) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys ()
DRV - (F-Secure HIPS) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (fsvista) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2341144251-2960417618-3555077595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKU\S-1-5-21-2341144251-2960417618-3555077595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2341144251-2960417618-3555077595-1000\..\SearchScopes,DefaultScope = {644B39B3-CFA0-4700-8CCB-994E3D66F3E1}
IE - HKU\S-1-5-21-2341144251-2960417618-3555077595-1000\..\SearchScopes\{644B39B3-CFA0-4700-8CCB-994E3D66F3E1}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2341144251-2960417618-3555077595-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2341144251-2960417618-3555077595-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-2341144251-2960417618-3555077595-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKU\S-1-5-21-2341144251-2960417618-3555077595-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2341144251-2960417618-3555077595-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2341144251-2960417618-3555077595-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\Unitymedia\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012.04.03 15:42:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.12 12:46:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.07.01 00:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jens und Thomas\AppData\Roaming\mozilla\Extensions
[2012.02.12 12:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.04.03 15:42:28 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES (X86)\UNITYMEDIA\SICHERHEITSPAKET\NRS\LITMUS-FF@F-SECURE.COM
[2012.02.12 12:46:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.12 12:46:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.12 12:46:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.12 12:46:14 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 12:46:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.12 12:46:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 12:46:14 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2341144251-2960417618-3555077595-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2341144251-2960417618-3555077595-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\S-1-5-21-2341144251-2960417618-3555077595-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-2341144251-2960417618-3555077595-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2341144251-2960417618-3555077595-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-2341144251-2960417618-3555077595-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2341144251-2960417618-3555077595-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2341144251-2960417618-3555077595-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DEA4EF0-C340-4248-B731-F6ABF898116D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE1E85E4-CED3-44F5-A80C-407EEA0DAC54}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (C:\Users\Jens und Thomas\AppData\Roaming\bstr55uhjzd.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\Users\Jens und Thomas\AppData\Roaming\bstr55uhjzd.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-2341144251-2960417618-3555077595-1000 Winlogon: Shell - (C:\Users\Jens und Thomas\AppData\Roaming\bstr55uhjzd.exe) -  File not found
O20 - HKU\S-1-5-21-2341144251-2960417618-3555077595-1000 Winlogon: UserInit - (C:\Users\Jens und Thomas\AppData\Roaming\bstr55uhjzd.exe) -  File not found
O20 - HKU\S-1-5-21-2341144251-2960417618-3555077595-1000 Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.12 10:42:52 | 000,000,000 | ---D | C] -- C:\Users\Jens und Thomas\OTL
[2012.04.11 16:52:01 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.11 16:52:01 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.11 16:52:00 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.04.11 16:52:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.11 16:51:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.04.11 16:51:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.11 16:51:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.11 16:51:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.11 16:51:58 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.04.11 16:51:58 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.04.11 16:51:58 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.04.11 16:51:41 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.04.11 16:51:40 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.04.11 16:51:40 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.04.11 16:47:34 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.11 16:47:34 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.11 16:47:33 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.04.10 10:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012.04.06 16:50:04 | 008,738,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.05 17:08:05 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.05 15:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.04.05 15:55:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2012.04.03 15:49:53 | 000,000,000 | ---D | C] -- C:\Users\Jens und Thomas\AppData\Roaming\SNS
[2012.04.03 15:49:39 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social Networks
[2012.04.03 15:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Social Networks
[2012.04.03 15:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.03.14 19:25:18 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.14 19:24:29 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.14 19:24:28 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.03.14 19:24:23 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.14 19:24:23 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.14 19:24:23 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.12 10:11:00 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.12 10:11:00 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.12 09:50:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.12 09:13:47 | 000,000,584 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2012.04.12 09:13:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.12 09:13:01 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.11 16:54:21 | 001,558,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.11 16:54:21 | 000,667,644 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.11 16:54:21 | 000,628,890 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.11 16:54:21 | 000,135,716 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.11 16:54:21 | 000,111,924 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.10 17:55:50 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.04.10 16:43:24 | 000,008,928 | ---- | M] () -- C:\Users\Jens und Thomas\Unitymedia Sicherheitspaket 9_01 - Scan-Bericht - Dienstag, 10_ April 2012 164139_HTM#errorinfo.mht
[2012.04.09 21:11:09 | 000,000,680 | RHS- | M] () -- C:\Users\Jens und Thomas\ntuser.pol
[2012.04.06 16:50:13 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.06 16:50:13 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.04.06 16:50:05 | 008,738,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.03.22 20:36:34 | 353,160,395 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.15 10:46:13 | 000,379,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.04.10 16:43:23 | 000,008,928 | ---- | C] () -- C:\Users\Jens und Thomas\Unitymedia Sicherheitspaket 9_01 - Scan-Bericht - Dienstag, 10_ April 2012 164139_HTM#errorinfo.mht
[2012.04.10 16:20:35 | 000,000,584 | ---- | C] () -- C:\Windows\tasks\Scheduled scanning task.job
[2012.04.09 21:11:09 | 000,000,680 | RHS- | C] () -- C:\Users\Jens und Thomas\ntuser.pol
[2012.04.05 17:08:09 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.03 15:48:37 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.01.21 19:56:22 | 000,000,017 | ---- | C] () -- C:\Users\Jens und Thomas\AppData\Local\resmon.resmoncfg
[2011.11.26 19:30:25 | 000,121,524 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.07.01 00:08:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.06.30 22:41:14 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.06.29 22:23:17 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2011.06.29 22:22:45 | 001,556,516 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.12 23:50:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.09.16 12:55:57 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2011.06.30 23:18:59 | 000,000,000 | ---D | M] -- C:\Users\Jens und Thomas\AppData\Roaming\Opera
[2012.04.03 15:49:53 | 000,000,000 | ---D | M] -- C:\Users\Jens und Thomas\AppData\Roaming\SNS
[2011.12.09 23:20:35 | 000,000,000 | ---D | M] -- C:\Users\Jens und Thomas\AppData\Roaming\TeamViewer
[2012.04.10 17:35:39 | 000,000,000 | ---D | M] -- C:\Users\Jens_Thomas\AppData\Roaming\SNS
[2012.04.10 17:27:05 | 000,000,000 | ---D | M] -- C:\Users\Jens_Thomas\AppData\Roaming\TeamViewer
[2012.02.28 08:42:32 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.04.12 09:13:47 | 000,000,584 | ---- | M] () -- C:\Windows\Tasks\Scheduled scanning task.job
 
========== Purity Check ==========
 
 

< End of report >
Vielen Dank schon mal. Gruß

markusg 12.04.2012 10:51
hi
neustarten, f8 drücken abgesicherter modus mit netzwerk wählen.
melde dich dort im betroffenen konto an.
und zwar mit dem konto, welches die sperrmeldung zeigt
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

reinhawi 12.04.2012 11:28
Hi, hier das log.

Code:
ComboFix 12-04-12.01 - Jens und Thomas 12.04.2012  13:09:13.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3835.3025 [GMT 2:00]
ausgeführt von:: c:\users\Jens und Thomas\COMBOFIX\Neu\ComboFix.exe
AV: Unitymedia Sicherheitspaket 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Unitymedia Sicherheitspaket 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Unitymedia Sicherheitspaket 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VideoWebCamera.exe.lnk
c:\users\Jens und Thomas\123
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-03-12 bis 2012-04-12  ))))))))))))))))))))))))))))))
.
.
2012-04-12 11:14 . 2012-04-12 11:14        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-04-12 09:59 . 2012-04-12 11:06        --------        d-----w-        c:\users\Jens und Thomas\COMBOFIX
2012-04-12 08:42 . 2012-04-12 08:48        --------        d-----w-        c:\users\Jens und Thomas\OTL
2012-04-11 14:52 . 2012-02-28 06:42        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-04-11 14:52 . 2012-02-28 01:03        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-04-11 14:52 . 2012-02-28 01:58        141112        ----a-w-        c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-04-11 14:52 . 2012-02-28 07:37        174392        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll
2012-04-11 14:52 . 2012-02-28 06:56        2311168        ----a-w-        c:\windows\system32\jscript9.dll
2012-04-11 14:52 . 2012-02-28 06:47        304640        ----a-w-        c:\program files\Internet Explorer\IEShims.dll
2012-04-11 14:52 . 2012-02-28 01:08        194048        ----a-w-        c:\program files (x86)\Internet Explorer\IEShims.dll
2012-04-11 14:47 . 2012-03-01 06:46        23408        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-04-11 14:47 . 2012-03-01 06:33        81408        ----a-w-        c:\windows\system32\imagehlp.dll
2012-04-11 14:47 . 2012-03-01 05:33        159232        ----a-w-        c:\windows\SysWow64\imagehlp.dll
2012-04-11 14:47 . 2012-03-01 06:38        220672        ----a-w-        c:\windows\system32\wintrust.dll
2012-04-11 14:47 . 2012-03-01 06:28        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-04-11 14:47 . 2012-03-01 05:37        172544        ----a-w-        c:\windows\SysWow64\wintrust.dll
2012-04-11 14:47 . 2012-03-01 05:29        5120        ----a-w-        c:\windows\SysWow64\wmi.dll
2012-04-10 15:50 . 2008-05-07 17:59        99840        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL
2012-04-10 14:57 . 2012-04-11 11:38        --------        d-----w-        c:\users\Jens_Thomas
2012-04-10 14:07 . 2012-03-14 03:27        8669240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{39B20A96-9B0F-408C-9CC6-A54737FC010A}\mpengine.dll
2012-04-10 08:55 . 2012-04-10 08:55        --------        d-----w-        c:\program files\Synaptics
2012-04-09 19:18 . 2012-04-10 09:33        --------        d-----w-        c:\users\ich
2012-04-06 14:50 . 2012-04-06 14:50        8738464        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-05 15:08 . 2012-04-06 14:50        418464        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-05 13:55 . 2012-04-05 13:57        --------        d-----w-        c:\program files (x86)\PDF24
2012-04-03 13:49 . 2012-04-03 13:49        --------        d-----w-        c:\users\Jens und Thomas\AppData\Roaming\SNS
2012-04-03 13:49 . 2012-04-10 15:38        --------        d-----w-        c:\program files (x86)\Social Networks
2012-04-03 13:48 . 2012-04-03 13:48        --------        d-----w-        c:\program files (x86)\TeamViewer
2012-03-14 17:25 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 17:25 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-14 17:25 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-03-14 17:24 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-14 17:24 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-14 17:24 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-14 17:24 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-14 17:24 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-14 17:24 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-14 17:24 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 14:50 . 2011-07-04 15:55        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2011-06-29 19:39        279656        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"F-Secure Manager"="c:\program files (x86)\Unitymedia\Sicherheitspaket\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files (x86)\Unitymedia\Sicherheitspaket\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-04-03 160840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Schnellstart.lnk - c:\program files (x86)\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Unitymedia\Sicherheitspaket\HIPS\drivers\fshs.sys [2009-08-05 57920]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]
R1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys [2009-08-05 14904]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
R2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]
R2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]
R2 TeamViewer6;TeamViewer 6;c:\users\Jens und Thomas\temp\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
R2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys [2011-09-09 198808]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Unitymedia\Sicherheitspaket\ORSP Client\fsorsp.exe [2011-07-02 61088]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - PXHLPA64
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 14:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jens und Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\eel80hi5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-12  13:18:20
ComboFix-quarantined-files.txt  2012-04-12 11:18
.
Vor Suchlauf: 8 Verzeichnis(se), 431.772.065.792 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 432.462.790.656 Bytes frei
.
- - End Of File - - A58EF67BE60D44A59BEFCA15FEDFF337

markusg 12.04.2012 14:34
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

reinhawi 12.04.2012 14:57
Hallo, hier das TDSS.log.
Hier noch eine kleine Anmerkung: Desktopsymbole sind wieder da und der Rechtsklick geht auch wieder - keine Ahnung warum. Muss da denn noch weiter was gemacht werden?

Gruß
Code:
15:51:28.0434 6012        TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
15:51:28.0834 6012        ============================================================
15:51:28.0834 6012        Current date / time: 2012/04/12 15:51:28.0834
15:51:28.0834 6012        SystemInfo:
15:51:28.0834 6012       
15:51:28.0834 6012        OS Version: 6.1.7601 ServicePack: 1.0
15:51:28.0834 6012        Product type: Workstation
15:51:28.0834 6012        ComputerName: REINHAWI-2
15:51:28.0834 6012        UserName: Jens_Thomas
15:51:28.0834 6012        Windows directory: C:\Windows
15:51:28.0834 6012        System windows directory: C:\Windows
15:51:28.0834 6012        Running under WOW64
15:51:28.0834 6012        Processor architecture: Intel x64
15:51:28.0834 6012        Number of processors: 2
15:51:28.0834 6012        Page size: 0x1000
15:51:28.0834 6012        Boot type: Normal boot
15:51:28.0834 6012        ============================================================
15:51:37.0947 6012        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:51:37.0994 6012        \Device\Harddisk0\DR0:
15:51:37.0994 6012        MBR used
15:51:37.0994 6012        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
15:51:37.0994 6012        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000
15:51:38.0134 6012        Initialize success
15:51:38.0134 6012        ============================================================
15:52:12.0501 5404        ============================================================
15:52:12.0501 5404        Scan started
15:52:12.0501 5404        Mode: Manual; SigCheck; TDLFS;
15:52:12.0501 5404        ============================================================
15:52:14.0311 5404        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:52:14.0405 5404        1394ohci - ok
15:52:14.0514 5404        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:52:14.0639 5404        ACPI - ok
15:52:14.0717 5404        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:52:14.0810 5404        AcpiPmi - ok
15:52:14.0997 5404        AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
15:52:15.0075 5404        AdobeActiveFileMonitor8.0 - ok
15:52:15.0200 5404        AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:52:15.0278 5404        AdobeFlashPlayerUpdateSvc - ok
15:52:15.0403 5404        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:52:15.0497 5404        adp94xx - ok
15:52:15.0575 5404        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:52:15.0621 5404        adpahci - ok
15:52:15.0668 5404        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:52:15.0699 5404        adpu320 - ok
15:52:15.0777 5404        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:52:15.0902 5404        AeLookupSvc - ok
15:52:16.0043 5404        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:52:16.0199 5404        AFD - ok
15:52:16.0292 5404        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:52:16.0323 5404        agp440 - ok
15:52:16.0386 5404        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:52:16.0511 5404        ALG - ok
15:52:16.0620 5404        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:52:16.0635 5404        aliide - ok
15:52:16.0682 5404        AMD External Events Utility (671d9dca48da807780d8409c18ed0ae0) C:\Windows\system32\atiesrxx.exe
15:52:16.0776 5404        AMD External Events Utility - ok
15:52:16.0885 5404        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:52:16.0901 5404        amdide - ok
15:52:16.0979 5404        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:52:17.0025 5404        AmdK8 - ok
15:52:17.0416 5404        amdkmdag        (d3e6b2e1394d93fe9db0ba24814b0d8f) C:\Windows\system32\DRIVERS\atipmdag.sys
15:52:17.0744 5404        amdkmdag - ok
15:52:17.0869 5404        amdkmdap        (cc4d915d786d3da973b2ea9b95d59a29) C:\Windows\system32\DRIVERS\atikmpag.sys
15:52:17.0916 5404        amdkmdap - ok
15:52:17.0978 5404        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:52:18.0025 5404        AmdPPM - ok
15:52:18.0150 5404        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:52:18.0196 5404        amdsata - ok
15:52:18.0274 5404        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:52:18.0306 5404        amdsbs - ok
15:52:18.0368 5404        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:52:18.0399 5404        amdxata - ok
15:52:18.0711 5404        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:52:19.0444 5404        AppID - ok
15:52:19.0632 5404        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:52:19.0803 5404        AppIDSvc - ok
15:52:19.0944 5404        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:52:20.0068 5404        Appinfo - ok
15:52:20.0256 5404        Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:52:20.0302 5404        Apple Mobile Device - ok
15:52:20.0599 5404        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:52:20.0646 5404        arc - ok
15:52:20.0864 5404        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:52:20.0942 5404        arcsas - ok
15:52:21.0082 5404        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:52:21.0176 5404        AsyncMac - ok
15:52:21.0301 5404        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:52:21.0363 5404        atapi - ok
15:52:21.0691 5404        athr            (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
15:52:21.0800 5404        athr - ok
15:52:22.0128 5404        AtiPcie        (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
15:52:22.0268 5404        AtiPcie - ok
15:52:22.0502 5404        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:52:22.0767 5404        AudioEndpointBuilder - ok
15:52:22.0892 5404        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:52:23.0095 5404        AudioSrv - ok
15:52:23.0266 5404        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:52:23.0516 5404        AxInstSV - ok
15:52:23.0703 5404        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:52:24.0031 5404        b06bdrv - ok
15:52:24.0234 5404        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:52:24.0343 5404        b57nd60a - ok
15:52:24.0562 5404        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:52:24.0718 5404        BDESVC - ok
15:52:25.0077 5404        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:52:25.0202 5404        Beep - ok
15:52:25.0639 5404        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:52:25.0857 5404        BFE - ok
15:52:26.0263 5404        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:52:26.0559 5404        BITS - ok
15:52:26.0715 5404        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:52:26.0809 5404        blbdrive - ok
15:52:27.0043 5404        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:52:27.0183 5404        Bonjour Service - ok
15:52:27.0370 5404        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:52:27.0479 5404        bowser - ok
15:52:27.0745 5404        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:52:27.0885 5404        BrFiltLo - ok
15:52:28.0010 5404        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:52:28.0088 5404        BrFiltUp - ok
15:52:28.0291 5404        BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:52:28.0400 5404        BridgeMP - ok
15:52:28.0540 5404        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:52:28.0649 5404        Browser - ok
15:52:28.0759 5404        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:52:28.0837 5404        Brserid - ok
15:52:28.0961 5404        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:52:31.0941 5404        BrSerWdm - ok
15:52:32.0066 5404        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:52:32.0159 5404        BrUsbMdm - ok
15:52:32.0362 5404        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:52:32.0425 5404        BrUsbSer - ok
15:52:32.0627 5404        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:52:32.0721 5404        BTHMODEM - ok
15:52:32.0924 5404        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:52:33.0017 5404        bthserv - ok
15:52:33.0111 5404        catchme - ok
15:52:33.0267 5404        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:52:33.0439 5404        cdfs - ok
15:52:33.0782 5404        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:52:33.0891 5404        cdrom - ok
15:52:34.0078 5404        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:52:34.0234 5404        CertPropSvc - ok
15:52:34.0484 5404        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:52:34.0546 5404        circlass - ok
15:52:34.0718 5404        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:52:34.0874 5404        CLFS - ok
15:52:35.0014 5404        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:52:35.0186 5404        clr_optimization_v2.0.50727_32 - ok
15:52:35.0326 5404        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:52:35.0389 5404        clr_optimization_v2.0.50727_64 - ok
15:52:35.0794 5404        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:52:35.0857 5404        clr_optimization_v4.0.30319_32 - ok
15:52:35.0997 5404        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:52:36.0059 5404        clr_optimization_v4.0.30319_64 - ok
15:52:36.0215 5404        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:52:36.0309 5404        CmBatt - ok
15:52:36.0465 5404        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:52:36.0496 5404        cmdide - ok
15:52:36.0715 5404        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:52:36.0824 5404        CNG - ok
15:52:37.0167 5404        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:52:37.0198 5404        Compbatt - ok
15:52:37.0354 5404        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:52:37.0432 5404        CompositeBus - ok
15:52:37.0666 5404        COMSysApp - ok
15:52:37.0853 5404        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:52:37.0900 5404        crcdisk - ok
15:52:38.0103 5404        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:52:38.0228 5404        CryptSvc - ok
15:52:38.0446 5404        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:52:38.0633 5404        DcomLaunch - ok
15:52:38.0805 5404        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:52:38.0914 5404        defragsvc - ok
15:52:39.0148 5404        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:52:39.0273 5404        DfsC - ok
15:52:39.0476 5404        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:52:39.0647 5404        Dhcp - ok
15:52:39.0835 5404        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:52:39.0928 5404        discache - ok
15:52:40.0225 5404        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:52:40.0271 5404        Disk - ok
15:52:40.0459 5404        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:52:40.0552 5404        Dnscache - ok
15:52:40.0708 5404        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:52:40.0867 5404        dot3svc - ok
15:52:40.0957 5404        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:52:41.0119 5404        DPS - ok
15:52:41.0229 5404        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:52:41.0299 5404        drmkaud - ok
15:52:41.0379 5404        DsiWMIService  (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
15:52:41.0549 5404        DsiWMIService - ok
15:52:41.0719 5404        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:52:41.0863 5404        DXGKrnl - ok
15:52:41.0957 5404        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:52:42.0066 5404        EapHost - ok
15:52:42.0440 5404        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:52:42.0596 5404        ebdrv - ok
15:52:42.0705 5404        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:52:42.0799 5404        EFS - ok
15:52:42.0986 5404        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:52:43.0205 5404        ehRecvr - ok
15:52:43.0267 5404        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:52:43.0361 5404        ehSched - ok
15:52:43.0563 5404        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:52:43.0751 5404        elxstor - ok
15:52:43.0907 5404        ePowerSvc      (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
15:52:43.0985 5404        ePowerSvc - ok
15:52:44.0094 5404        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:52:44.0187 5404        ErrDev - ok
15:52:44.0281 5404        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:52:44.0499 5404        EventSystem - ok
15:52:44.0624 5404        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:52:44.0718 5404        exfat - ok
15:52:44.0889 5404        F-Secure Gatekeeper (c898cf54315e594c33f915b053e2ec2b) C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys
15:52:44.0999 5404        F-Secure Gatekeeper - ok
15:52:45.0045 5404        F-Secure Gatekeeper Handler Starter (a9be66e05254b20df82e0f7cddeca7dd) C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\fsgk32st.exe
15:52:45.0108 5404        F-Secure Gatekeeper Handler Starter - ok
15:52:45.0217 5404        F-Secure HIPS  (564af68fbec406cbecd42bfcbe144ef3) C:\Program Files (x86)\Unitymedia\Sicherheitspaket\HIPS\drivers\fshs.sys
15:52:45.0279 5404        F-Secure HIPS - ok
15:52:45.0467 5404        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:52:45.0623 5404        fastfat - ok
15:52:45.0732 5404        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:52:45.0841 5404        Fax - ok
15:52:45.0935 5404        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:52:45.0997 5404        fdc - ok
15:52:46.0106 5404        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:52:46.0200 5404        fdPHost - ok
15:52:46.0278 5404        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:52:46.0371 5404        FDResPub - ok
15:52:46.0418 5404        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:52:46.0481 5404        FileInfo - ok
15:52:46.0496 5404        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:52:46.0574 5404        Filetrace - ok
15:52:46.0777 5404        FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:52:47.0105 5404        FLEXnet Licensing Service - ok
15:52:47.0292 5404        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:52:47.0370 5404        flpydisk - ok
15:52:47.0417 5404        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:52:47.0495 5404        FltMgr - ok
15:52:47.0557 5404        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:52:47.0682 5404        FontCache - ok
15:52:47.0791 5404        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:52:47.0838 5404        FontCache3.0.0.0 - ok
15:52:47.0916 5404        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:52:47.0963 5404        FsDepends - ok
15:52:48.0072 5404        FSDFWD          (153897703502463f810a365dbbc58b18) C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FWES\Program\fsdfwd.exe
15:52:48.0243 5404        FSDFWD - ok
15:52:48.0337 5404        FSES            (740cce07189f9833bf865844ac49c0b1) C:\Windows\system32\drivers\fses.sys
15:52:48.0399 5404        FSES - ok
15:52:48.0446 5404        FSFW            (deb4d284ebcd430c9f15c6624dc3382b) C:\Windows\system32\drivers\fsdfw.sys
15:52:48.0493 5404        FSFW - ok
15:52:48.0555 5404        FSMA            (392e85687a902239c01baddf212b1a36) C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSMA32.EXE
15:52:48.0633 5404        FSMA - ok
15:52:48.0727 5404        FSORSPClient    (42aef6a385354aca65fc210ce7ce4d7c) C:\Program Files (x86)\Unitymedia\Sicherheitspaket\ORSP Client\fsorsp.exe
15:52:48.0774 5404        FSORSPClient - ok
15:52:48.0821 5404        fsvista        (3fcbe4e9c764e05505d4e4b1d6f36786) C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys
15:52:48.0852 5404        fsvista - ok
15:52:48.0945 5404        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:52:49.0008 5404        Fs_Rec - ok
15:52:49.0086 5404        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:52:49.0164 5404        fvevol - ok
15:52:49.0211 5404        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:52:49.0242 5404        gagp30kx - ok
15:52:49.0273 5404        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:52:49.0304 5404        GEARAspiWDM - ok
15:52:49.0351 5404        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:52:49.0632 5404        gpsvc - ok
15:52:49.0710 5404        GREGService    (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
15:52:49.0757 5404        GREGService - ok
15:52:49.0929 5404        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:52:50.0023 5404        hcw85cir - ok
15:52:50.0116 5404        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:52:50.0226 5404        HdAudAddService - ok
15:52:50.0319 5404        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:52:50.0397 5404        HDAudBus - ok
15:52:50.0475 5404        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:52:50.0538 5404        HidBatt - ok
15:52:50.0553 5404        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:52:50.0600 5404        HidBth - ok
15:52:50.0662 5404        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:52:50.0756 5404        HidIr - ok
15:52:50.0834 5404        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:52:50.0928 5404        hidserv - ok
15:52:51.0037 5404        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:52:51.0099 5404        HidUsb - ok
15:52:51.0130 5404        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:52:51.0208 5404        hkmsvc - ok
15:52:51.0255 5404        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:52:51.0302 5404        HomeGroupListener - ok
15:52:51.0364 5404        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:52:51.0489 5404        HomeGroupProvider - ok
15:52:51.0645 5404        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:52:51.0754 5404        HpSAMD - ok
15:52:51.0817 5404        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:52:51.0973 5404        HTTP - ok
15:52:52.0051 5404        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:52:52.0098 5404        hwpolicy - ok
15:52:52.0176 5404        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:52:52.0254 5404        i8042prt - ok
15:52:52.0332 5404        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:52:52.0425 5404        iaStorV - ok
15:52:52.0628 5404        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:52:52.0768 5404        idsvc - ok
15:52:52.0924 5404        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:52:53.0002 5404        iirsp - ok
15:52:53.0080 5404        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:52:53.0252 5404        IKEEXT - ok
15:52:53.0408 5404        IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
15:52:53.0548 5404        IntcAzAudAddService - ok
15:52:53.0689 5404        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:52:53.0751 5404        intelide - ok
15:52:53.0923 5404        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:52:53.0985 5404        intelppm - ok
15:52:54.0063 5404        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:52:54.0157 5404        IPBusEnum - ok
15:52:54.0250 5404        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:52:54.0406 5404        IpFilterDriver - ok
15:52:54.0516 5404        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:52:54.0718 5404        iphlpsvc - ok
15:52:54.0812 5404        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:52:54.0859 5404        IPMIDRV - ok
15:52:54.0999 5404        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:52:55.0124 5404        IPNAT - ok
15:52:55.0202 5404        iPod Service    (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
15:52:55.0405 5404        iPod Service - ok
15:52:55.0530 5404        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:52:55.0608 5404        IRENUM - ok
15:52:55.0748 5404        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:52:55.0795 5404        isapnp - ok
15:52:55.0842 5404        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:52:55.0888 5404        iScsiPrt - ok
15:52:55.0935 5404        k57nd60a        (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
15:52:56.0013 5404        k57nd60a - ok
15:52:56.0060 5404        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:52:56.0107 5404        kbdclass - ok
15:52:56.0200 5404        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:52:56.0263 5404        kbdhid - ok
15:52:56.0325 5404        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:52:56.0388 5404        KeyIso - ok
15:52:56.0434 5404        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:52:56.0481 5404        KSecDD - ok
15:52:56.0512 5404        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:52:56.0559 5404        KSecPkg - ok
15:52:56.0575 5404        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:52:56.0731 5404        ksthunk - ok
15:52:56.0871 5404        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:52:57.0074 5404        KtmRm - ok
15:52:57.0136 5404        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:52:57.0246 5404        LanmanServer - ok
15:52:57.0324 5404        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:52:57.0386 5404        LanmanWorkstation - ok
15:52:57.0495 5404        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:52:57.0589 5404        lltdio - ok
15:52:57.0682 5404        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:52:57.0885 5404        lltdsvc - ok
15:52:57.0979 5404        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:52:58.0072 5404        lmhosts - ok
15:52:58.0135 5404        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:52:58.0182 5404        LSI_FC - ok
15:52:58.0275 5404        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:52:58.0322 5404        LSI_SAS - ok
15:52:58.0369 5404        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:52:58.0462 5404        LSI_SAS2 - ok
15:52:58.0618 5404        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:52:58.0665 5404        LSI_SCSI - ok
15:52:58.0681 5404        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:52:58.0774 5404        luafv - ok
15:52:58.0837 5404        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:52:58.0884 5404        Mcx2Svc - ok
15:52:59.0008 5404        MDM            (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:52:59.0164 5404        MDM - ok
15:52:59.0258 5404        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:52:59.0305 5404        megasas - ok
15:52:59.0414 5404        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:52:59.0461 5404        MegaSR - ok
15:52:59.0508 5404        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:52:59.0586 5404        MMCSS - ok
15:52:59.0617 5404        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:52:59.0695 5404        Modem - ok
15:52:59.0773 5404        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:52:59.0835 5404        monitor - ok
15:52:59.0913 5404        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:52:59.0976 5404        mouclass - ok
15:53:00.0100 5404        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:53:00.0178 5404        mouhid - ok
15:53:00.0272 5404        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:53:00.0381 5404        mountmgr - ok
15:53:00.0475 5404        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:53:00.0537 5404        mpio - ok
15:53:00.0600 5404        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:53:00.0693 5404        mpsdrv - ok
15:53:00.0740 5404        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:53:01.0021 5404        MpsSvc - ok
15:53:01.0114 5404        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:53:01.0208 5404        MRxDAV - ok
15:53:01.0348 5404        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:53:01.0458 5404        mrxsmb - ok
15:53:01.0582 5404        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:53:01.0707 5404        mrxsmb10 - ok
15:53:01.0785 5404        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:53:01.0848 5404        mrxsmb20 - ok
15:53:01.0879 5404        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:53:01.0910 5404        msahci - ok
15:53:01.0941 5404        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:53:01.0988 5404        msdsm - ok
15:53:02.0019 5404        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:53:02.0066 5404        MSDTC - ok
15:53:02.0144 5404        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:53:02.0238 5404        Msfs - ok
15:53:02.0269 5404        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:53:02.0331 5404        mshidkmdf - ok
15:53:02.0362 5404        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:53:02.0394 5404        msisadrv - ok
15:53:02.0440 5404        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:53:02.0518 5404        MSiSCSI - ok
15:53:02.0581 5404        msiserver - ok
15:53:02.0643 5404        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:53:02.0752 5404        MSKSSRV - ok
15:53:02.0846 5404        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:53:02.0940 5404        MSPCLOCK - ok
15:53:03.0049 5404        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:53:03.0158 5404        MSPQM - ok
15:53:03.0298 5404        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:53:03.0423 5404        MsRPC - ok
15:53:03.0579 5404        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:53:03.0610 5404        mssmbios - ok
15:53:03.0688 5404        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:53:03.0782 5404        MSTEE - ok
15:53:03.0860 5404        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:53:03.0922 5404        MTConfig - ok
15:53:04.0016 5404        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:53:04.0094 5404        Mup - ok
15:53:04.0234 5404        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:53:04.0422 5404        napagent - ok
15:53:04.0562 5404        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:53:04.0749 5404        NativeWifiP - ok
15:53:04.0905 5404        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:53:05.0108 5404        NDIS - ok
15:53:05.0311 5404        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:53:05.0436 5404        NdisCap - ok
15:53:05.0576 5404        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:53:05.0670 5404        NdisTapi - ok
15:53:05.0794 5404        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:53:05.0888 5404        Ndisuio - ok
15:53:05.0982 5404        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:53:06.0091 5404        NdisWan - ok
15:53:06.0216 5404        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:53:06.0340 5404        NDProxy - ok
15:53:06.0450 5404        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:53:06.0543 5404        NetBIOS - ok
15:53:06.0652 5404        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:53:06.0762 5404        NetBT - ok
15:53:06.0855 5404        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:53:06.0902 5404        Netlogon - ok
15:53:07.0027 5404        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:53:07.0261 5404        Netman - ok
15:53:07.0354 5404        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:53:07.0526 5404        netprofm - ok
15:53:07.0651 5404        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:53:07.0729 5404        NetTcpPortSharing - ok
15:53:07.0822 5404        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:53:07.0869 5404        nfrd960 - ok
15:53:08.0056 5404        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:53:08.0181 5404        NlaSvc - ok
15:53:08.0322 5404        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:53:08.0415 5404        Npfs - ok
15:53:08.0493 5404        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:53:08.0587 5404        nsi - ok
15:53:08.0758 5404        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:53:08.0821 5404        nsiproxy - ok
15:53:09.0039 5404        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:53:09.0273 5404        Ntfs - ok
15:53:09.0336 5404        NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
15:53:09.0414 5404        NTI IScheduleSvc - ok
15:53:09.0492 5404        NTIDrvr        (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
15:53:09.0554 5404        NTIDrvr - ok
15:53:09.0648 5404        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:53:09.0741 5404        Null - ok
15:53:09.0850 5404        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:53:09.0913 5404        nvraid - ok
15:53:09.0975 5404        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:53:10.0038 5404        nvstor - ok
15:53:10.0116 5404        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:53:10.0178 5404        nv_agp - ok
15:53:10.0209 5404        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:53:10.0272 5404        ohci1394 - ok
15:53:10.0334 5404        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:53:10.0537 5404        ose - ok
15:53:10.0646 5404        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:53:10.0755 5404        p2pimsvc - ok
15:53:10.0849 5404        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:53:10.0942 5404        p2psvc - ok
15:53:11.0036 5404        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:53:11.0114 5404        Parport - ok
15:53:11.0192 5404        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:53:11.0239 5404        partmgr - ok
15:53:11.0301 5404        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:53:11.0395 5404        PcaSvc - ok
15:53:11.0488 5404        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:53:11.0598 5404        pci - ok
15:53:11.0660 5404        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:53:11.0722 5404        pciide - ok
15:53:11.0847 5404        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:53:11.0910 5404        pcmcia - ok
15:53:11.0956 5404        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:53:12.0003 5404        pcw - ok
15:53:12.0050 5404        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:53:12.0284 5404        PEAUTH - ok
15:53:12.0346 5404        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:53:12.0424 5404        PerfHost - ok
15:53:12.0674 5404        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:53:12.0892 5404        pla - ok
15:53:13.0002 5404        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:53:13.0158 5404        PlugPlay - ok
15:53:13.0236 5404        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:53:13.0298 5404        PNRPAutoReg - ok
15:53:13.0360 5404        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:53:13.0548 5404        PNRPsvc - ok
15:53:13.0657 5404        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:53:13.0828 5404        PolicyAgent - ok
15:53:13.0906 5404        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:53:14.0047 5404        Power - ok
15:53:14.0172 5404        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:53:14.0234 5404        PptpMiniport - ok
15:53:14.0343 5404        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:53:14.0390 5404        Processor - ok
15:53:14.0499 5404        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:53:14.0608 5404        ProfSvc - ok
15:53:14.0733 5404        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:53:14.0780 5404        ProtectedStorage - ok
15:53:14.0858 5404        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:53:15.0030 5404        Psched - ok
15:53:15.0232 5404        PxHlpa64        (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
15:53:15.0279 5404        PxHlpa64 - ok
15:53:15.0482 5404        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:53:15.0638 5404        ql2300 - ok
15:53:15.0778 5404        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:53:15.0841 5404        ql40xx - ok
15:53:15.0888 5404        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:53:15.0981 5404        QWAVE - ok
15:53:16.0012 5404        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:53:16.0059 5404        QWAVEdrv - ok
15:53:16.0090 5404        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:53:16.0153 5404        RasAcd - ok
15:53:16.0215 5404        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:53:16.0293 5404        RasAgileVpn - ok
15:53:16.0340 5404        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:53:16.0434 5404        RasAuto - ok
15:53:16.0496 5404        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:53:16.0621 5404        Rasl2tp - ok
15:53:16.0824 5404        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:53:16.0933 5404        RasMan - ok
15:53:17.0011 5404        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:53:17.0120 5404        RasPppoe - ok
15:53:17.0214 5404        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:53:17.0307 5404        RasSstp - ok
15:53:17.0370 5404        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:53:17.0494 5404        rdbss - ok
15:53:17.0635 5404        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:53:17.0713 5404        rdpbus - ok
15:53:17.0775 5404        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:53:17.0869 5404        RDPCDD - ok
15:53:17.0916 5404        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:53:18.0056 5404        RDPENCDD - ok
15:53:18.0212 5404        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:53:18.0290 5404        RDPREFMP - ok
15:53:18.0368 5404        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:53:18.0446 5404        RDPWD - ok
15:53:18.0555 5404        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:53:18.0633 5404        rdyboost - ok
15:53:18.0664 5404        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:53:18.0774 5404        RemoteAccess - ok
15:53:18.0805 5404        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:53:18.0945 5404        RemoteRegistry - ok
15:53:18.0976 5404        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:53:19.0054 5404        RpcEptMapper - ok
15:53:19.0086 5404        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:53:19.0148 5404        RpcLocator - ok
15:53:19.0179 5404        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:53:19.0304 5404        RpcSs - ok
15:53:19.0366 5404        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:53:19.0460 5404        rspndr - ok
15:53:19.0585 5404        RSUSBSTOR      (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
15:53:19.0678 5404        RSUSBSTOR - ok
15:53:19.0803 5404        RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
15:53:19.0881 5404        RTHDMIAzAudService - ok
15:53:20.0084 5404        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:53:20.0131 5404        SamSs - ok
15:53:20.0287 5404        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:53:20.0349 5404        sbp2port - ok
15:53:20.0412 5404        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:53:20.0521 5404        SCardSvr - ok
15:53:20.0568 5404        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:53:20.0677 5404        scfilter - ok
15:53:20.0864 5404        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:53:21.0082 5404        Schedule - ok
15:53:21.0238 5404        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:53:21.0332 5404        SCPolicySvc - ok
15:53:21.0441 5404        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:53:21.0488 5404        SDRSVC - ok
15:53:21.0566 5404        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:53:21.0660 5404        secdrv - ok
15:53:21.0738 5404        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:53:21.0831 5404        seclogon - ok
15:53:21.0862 5404        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:53:21.0909 5404        SENS - ok
15:53:21.0940 5404        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:53:22.0018 5404        SensrSvc - ok
15:53:22.0050 5404        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:53:22.0112 5404        Serenum - ok
15:53:22.0128 5404        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:53:22.0206 5404        Serial - ok
15:53:22.0252 5404        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:53:22.0299 5404        sermouse - ok
15:53:22.0362 5404        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:53:22.0440 5404        SessionEnv - ok
15:53:22.0549 5404        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:53:22.0627 5404        sffdisk - ok
15:53:22.0752 5404        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:53:22.0814 5404        sffp_mmc - ok
15:53:22.0923 5404        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:53:23.0001 5404        sffp_sd - ok
15:53:23.0095 5404        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:53:23.0173 5404        sfloppy - ok
15:53:23.0266 5404        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:53:23.0438 5404        SharedAccess - ok
15:53:23.0532 5404        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:53:23.0703 5404        ShellHWDetection - ok
15:53:23.0781 5404        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:53:23.0844 5404        SiSRaid2 - ok
15:53:23.0859 5404        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:53:23.0890 5404        SiSRaid4 - ok
15:53:23.0922 5404        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:53:24.0000 5404        Smb - ok
15:53:24.0078 5404        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:53:24.0156 5404        SNMPTRAP - ok
15:53:24.0187 5404        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:53:24.0218 5404        spldr - ok
15:53:24.0249 5404        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:53:24.0343 5404        Spooler - ok
15:53:24.0624 5404        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:53:24.0842 5404        sppsvc - ok
15:53:24.0982 5404        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:53:25.0107 5404        sppuinotify - ok
15:53:25.0279 5404        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:53:25.0450 5404        srv - ok
15:53:25.0731 5404        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:53:25.0856 5404        srv2 - ok
15:53:25.0950 5404        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:53:26.0012 5404        srvnet - ok
15:53:26.0137 5404        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:53:26.0262 5404        SSDPSRV - ok
15:53:26.0340 5404        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:53:26.0433 5404        SstpSvc - ok
15:53:26.0496 5404        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:53:26.0558 5404        stexstor - ok
15:53:26.0698 5404        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:53:26.0839 5404        stisvc - ok
15:53:26.0932 5404        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:53:26.0979 5404        swenum - ok
15:53:27.0057 5404        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:53:27.0213 5404        swprv - ok
15:53:27.0338 5404        SynTP          (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
15:53:27.0400 5404        SynTP - ok
15:53:27.0650 5404        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:53:27.0915 5404        SysMain - ok
15:53:28.0009 5404        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:53:28.0071 5404        TabletInputService - ok
15:53:28.0118 5404        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:53:28.0227 5404        TapiSrv - ok
15:53:28.0321 5404        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:53:28.0461 5404        TBS - ok
15:53:28.0758 5404        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:53:29.0101 5404        Tcpip - ok
15:53:29.0335 5404        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:53:29.0631 5404        TCPIP6 - ok
15:53:29.0787 5404        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:53:29.0896 5404        tcpipreg - ok
15:53:29.0959 5404        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:53:30.0021 5404        TDPIPE - ok
15:53:30.0068 5404        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:53:30.0162 5404        TDTCP - ok
15:53:30.0240 5404        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:53:30.0333 5404        tdx - ok
15:53:30.0567 5404        TeamViewer6    (8a9828975a857e477efef5a61ba45ac0) C:\Users\Jens und Thomas\temp\TeamViewer\Version6\TeamViewer_Service.exe
15:53:31.0456 5404        TeamViewer6 - ok
15:53:31.0659 5404        TeamViewer7    (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
15:53:32.0205 5404        TeamViewer7 - ok
15:53:32.0377 5404        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:53:32.0439 5404        TermDD - ok
15:53:32.0626 5404        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:53:32.0860 5404        TermService - ok
15:53:32.0938 5404        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:53:33.0032 5404        Themes - ok
15:53:33.0110 5404        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:53:33.0172 5404        THREADORDER - ok
15:53:33.0344 5404        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:53:33.0438 5404        TrkWks - ok
15:53:33.0594 5404        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:53:33.0687 5404        TrustedInstaller - ok
15:53:33.0859 5404        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:53:33.0968 5404        tssecsrv - ok
15:53:34.0124 5404        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:53:34.0202 5404        TsUsbFlt - ok
15:53:34.0296 5404        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:53:34.0436 5404        tunnel - ok
15:53:34.0498 5404        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:53:34.0576 5404        uagp35 - ok
15:53:34.0623 5404        UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
15:53:34.0654 5404        UBHelper - ok
15:53:34.0686 5404        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:53:34.0873 5404        udfs - ok
15:53:35.0029 5404        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:53:35.0076 5404        UI0Detect - ok
15:53:35.0247 5404        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:53:35.0310 5404        uliagpkx - ok
15:53:35.0403 5404        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:53:35.0481 5404        umbus - ok
15:53:35.0528 5404        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:53:35.0590 5404        UmPass - ok
15:53:35.0731 5404        Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
15:53:35.0824 5404        Updater Service - ok
15:53:35.0934 5404        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:53:36.0199 5404        upnphost - ok
15:53:36.0308 5404        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:53:36.0386 5404        usbccgp - ok
15:53:36.0480 5404        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:53:36.0558 5404        usbcir - ok
15:53:36.0620 5404        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:53:36.0698 5404        usbehci - ok
15:53:36.0807 5404        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:53:36.0916 5404        usbhub - ok
15:53:36.0994 5404        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:53:37.0041 5404        usbohci - ok
15:53:37.0072 5404        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:53:37.0104 5404        usbprint - ok
15:53:37.0150 5404        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:53:37.0197 5404        USBSTOR - ok
15:53:37.0322 5404        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:53:37.0369 5404        usbuhci - ok
15:53:37.0478 5404        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:53:37.0556 5404        usbvideo - ok
15:53:37.0603 5404        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:53:37.0696 5404        UxSms - ok
15:53:37.0899 5404        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:53:37.0946 5404        VaultSvc - ok
15:53:38.0071 5404        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:53:38.0118 5404        vdrvroot - ok
15:53:38.0227 5404        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:53:38.0508 5404        vds - ok
15:53:38.0710 5404        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:53:38.0820 5404        vga - ok
15:53:38.0991 5404        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:53:39.0100 5404        VgaSave - ok
15:53:39.0272 5404        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:53:39.0350 5404        vhdmp - ok
15:53:39.0459 5404        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:53:39.0522 5404        viaide - ok
15:53:39.0584 5404        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:53:39.0647 5404        volmgr - ok
15:53:39.0771 5404        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:53:39.0912 5404        volmgrx - ok
15:53:40.0083 5404        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:53:40.0161 5404        volsnap - ok
15:53:40.0224 5404        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:53:40.0302 5404        vsmraid - ok
15:53:40.0473 5404        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:53:40.0739 5404        VSS - ok
15:53:40.0848 5404        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:53:40.0910 5404        vwifibus - ok
15:53:41.0019 5404        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:53:41.0097 5404        vwififlt - ok
15:53:41.0175 5404        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:53:41.0238 5404        vwifimp - ok
15:53:41.0363 5404        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:53:41.0519 5404        W32Time - ok
15:53:41.0768 5404        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:53:41.0831 5404        WacomPen - ok
15:53:41.0987 5404        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:53:42.0096 5404        WANARP - ok
15:53:42.0096 5404        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:53:42.0158 5404        Wanarpv6 - ok
15:53:42.0314 5404        WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:53:42.0548 5404        WatAdminSvc - ok
15:53:42.0813 5404        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:53:42.0938 5404        wbengine - ok
15:53:43.0032 5404        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:53:43.0110 5404        WbioSrvc - ok
15:53:43.0188 5404        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:53:43.0359 5404        wcncsvc - ok
15:53:43.0453 5404        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:53:43.0531 5404        WcsPlugInService - ok
15:53:43.0609 5404        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:53:43.0671 5404        Wd - ok
15:53:43.0703 5404        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:53:43.0812 5404        Wdf01000 - ok
15:53:43.0905 5404        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:53:44.0061 5404        WdiServiceHost - ok
15:53:44.0077 5404        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:53:44.0108 5404        WdiSystemHost - ok
15:53:44.0186 5404        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:53:44.0295 5404        WebClient - ok
15:53:44.0327 5404        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:53:44.0405 5404        Wecsvc - ok
15:53:44.0420 5404        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:53:44.0498 5404        wercplsupport - ok
15:53:44.0545 5404        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:53:44.0639 5404        WerSvc - ok
15:53:44.0732 5404        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:53:44.0810 5404        WfpLwf - ok
15:53:44.0841 5404        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:53:44.0904 5404        WIMMount - ok
15:53:44.0966 5404        WinDefend - ok
15:53:44.0982 5404        WinHttpAutoProxySvc - ok
15:53:45.0247 5404        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:53:45.0356 5404        Winmgmt - ok
15:53:45.0606 5404        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:53:45.0949 5404        WinRM - ok
15:53:46.0167 5404        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:53:46.0308 5404        Wlansvc - ok
15:53:46.0401 5404        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:53:46.0448 5404        WmiAcpi - ok
15:53:46.0542 5404        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:53:46.0651 5404        wmiApSrv - ok
15:53:46.0713 5404        WMPNetworkSvc - ok
15:53:46.0854 5404        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:53:46.0901 5404        WPCSvc - ok
15:53:46.0947 5404        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:53:47.0010 5404        WPDBusEnum - ok
15:53:47.0041 5404        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:53:47.0103 5404        ws2ifsl - ok
15:53:47.0135 5404        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:53:47.0181 5404        wscsvc - ok
15:53:47.0197 5404        WSearch - ok
15:53:47.0400 5404        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:53:47.0727 5404        wuauserv - ok
15:53:47.0915 5404        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:53:47.0993 5404        WudfPf - ok
15:53:48.0071 5404        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:53:48.0180 5404        WUDFRd - ok
15:53:48.0211 5404        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:53:48.0289 5404        wudfsvc - ok
15:53:48.0320 5404        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:53:48.0367 5404        WwanSvc - ok
15:53:48.0414 5404        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:53:48.0773 5404        \Device\Harddisk0\DR0 - ok
15:53:48.0819 5404        Boot (0x1200)  (47bf8300ee2c90b9fbb5e7e679ac6904) \Device\Harddisk0\DR0\Partition0
15:53:48.0819 5404        \Device\Harddisk0\DR0\Partition0 - ok
15:53:48.0851 5404        Boot (0x1200)  (552269969730c0455f3299a53504e38e) \Device\Harddisk0\DR0\Partition1
15:53:48.0851 5404        \Device\Harddisk0\DR0\Partition1 - ok
15:53:48.0866 5404        ============================================================
15:53:48.0866 5404        Scan finished
15:53:48.0866 5404        ============================================================
15:53:48.0882 5420        Detected object count: 0
15:53:48.0882 5420        Actual detected object count: 0

markusg 12.04.2012 18:09
ja, muss
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

reinhawi 12.04.2012 19:25
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo, hier die log-dateien. Leider konnte ich nichts finden was ich auswählen kann - hatte nichts mit "Ergebnisse anzeigen". Habe das Prog. für Screnshots noch offen. Ich hane noch die Ss angegangenin der nächsten antwort.
Gruß

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jens und Thomas :: REINHAWI-2 [Administrator]

Schutz: Aktiviert

12.04.2012 19:25:38
mbam-log-2012-04-12 (19-25-38).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 366332
Laufzeit: 47 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
2012/04/12 19:24:50 +0200        REINHAWI-2        Jens und Thomas        MESSAGE        Executing scheduled update:  Daily
2012/04/12 19:24:51 +0200        REINHAWI-2        Jens und Thomas        MESSAGE        Starting protection
2012/04/12 19:24:52 +0200        REINHAWI-2        Jens und Thomas        MESSAGE        Database already up-to-date
2012/04/12 19:24:54 +0200        REINHAWI-2        Jens und Thomas        MESSAGE        Protection started successfully
2012/04/12 19:24:57 +0200        REINHAWI-2        Jens und Thomas        MESSAGE        Starting IP protection
2012/04/12 19:25:01 +0200        REINHAWI-2        Jens und Thomas        MESSAGE        IP Protection started successfully

markusg 13.04.2012 15:23
lade den CCleaner standard:
CCleaner Download - CCleaner 3.17.1689
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

reinhawi 13.04.2012 16:48
Hallo, eigendlich brauche ich alles, weil ich den Rechner noch nicht lange habe. Ich habe aber 2 gefunden, die ich VORNE mit *unbekannt* gekennzeichnet habe. In der Autostart habe ich einen deaktivierten Vierus glaube ich gefunden - ganz oben.

Gruß

Code:
Acrobat.com        Adobe Systems Incorporated        15.09.2010        1,61MB        1.6.65
Adobe AIR        Adobe Systems Inc.        15.09.2010                1.5.0.7220
Adobe Flash Player 11 ActiveX 64-bit        Adobe Systems Incorporated        04.04.2012        6,00MB        11.2.202.228
Adobe Flash Player 11 Plugin 64-bit        Adobe Systems Incorporated        05.04.2012        6,00MB        11.2.202.228
Adobe Photoshop Elements 8.0        Adobe Systems Incorporated        12.11.2010        1.577MB        8.0
Adobe Reader 9.2 MUI        Adobe Systems Incorporated        12.04.2012        653MB        9.2.0
Apple Application Support        Apple Inc.        08.12.2011        61,2MB        2.1.6
Apple Mobile Device Support        Apple Inc.        08.12.2011        24,9MB        4.0.0.97
Apple Software Update        Apple Inc.        25.11.2011        2,38MB        2.1.3.127
ATI Catalyst Install Manager        ATI Technologies, Inc.        11.11.2010        22,1MB        3.0.765.0
Bonjour        Apple Inc.        08.12.2011        2,00MB        3.0.0.10
Broadcom Gigabit NetLink Controller        Broadcom Corporation        15.09.2010        0,44MB        14.0.2.3
CANON iMAGE GATEWAY MyCamera Download Plugin        Canon Inc.        04.07.2011                3.1.0.1
CANON iMAGE GATEWAY Task for ZoomBrowser EX        Canon Inc.        04.07.2011                1.8.0.1
Canon Internet Library for ZoomBrowser EX        Canon Inc.        04.07.2011                1.7.0.1
Canon MOV Decoder        Canon Inc.        04.07.2011                1.7.0.6
Canon MOV Encoder        Canon Inc.        04.07.2011                1.5.0.3
Canon MovieEdit Task for ZoomBrowser EX        Canon Inc.        04.07.2011                3.6.0.5
Canon Utilities ZoomBrowser EX        Canon Inc.        04.07.2011                6.6.0.23
Canon ZoomBrowser EX Memory Card Utility        Canon Inc.        04.07.2011                1.4.0.4
CCleaner        Piriform        12.04.2012                3.17
FileZilla Client 3.2.7.1                29.06.2011                3.2.7.1
iCloud        Apple Inc.        08.12.2011        31,2MB        1.0.2.17
*unbekannt*Identity Card        Packard Bell        11.11.2010                1.00.3003
iTunes        Apple Inc.        24.01.2012        170,5MB        10.5.3.3
Java(TM) 6 Update 30        Oracle        14.12.2011        95,2MB        6.0.300
Launch Manager        Packard Bell        11.11.2010                4.0.14
Malwarebytes Anti-Malware Version 1.61.0.1400        Malwarebytes Corporation        11.04.2012        18,0MB        1.61.0.1400
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        04.07.2011        38,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        04.07.2011        2,94MB        4.0.30319
Microsoft Office File Validation Add-In        Microsoft Corporation        17.03.2012        7,95MB        14.0.5130.5003
Microsoft Office FrontPage 2003        Microsoft Corporation        10.04.2012        683MB        11.0.8173.0
Microsoft Office OneNote 2003        Microsoft Corporation        10.04.2012        396MB        11.0.8173.0
Microsoft Office Professional Edition 2003        Microsoft Corporation        10.04.2012        1.047MB        11.0.8173.0
Microsoft Silverlight        Microsoft Corporation        15.02.2012        40,5MB        4.1.10111.0
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        05.04.2012        0,29MB        8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        15.09.2010        0,77MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        10.01.2012        0,77MB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        15.09.2010        0,58MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        15.09.2010        0,58MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        10.01.2012        0,59MB        9.0.30729.6161
Mozilla Firefox 10.0.1 (x86 de)        Mozilla        11.02.2012        35,5MB        10.0.1
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        30.06.2011        1,28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        30.06.2011        1,33MB        4.20.9876.0
Opera 11.60        Opera Software ASA        10.01.2012                11.60.1185
Packard Bell Games        WildTangent        11.11.2010                1.0.1.3
Packard Bell InfoCentre        Packard Bell        11.11.2010                3.02.3000
Packard Bell MyBackup        NewTech Infosystems        15.09.2010        33,3MB        2.0.0.68
Packard Bell Power Management        Packard Bell        11.11.2010                5.00.3005
Packard Bell Recovery Management        Packard Bell        15.09.2010                4.05.3013
Packard Bell Registration        Packard Bell        11.11.2010                1.03.3003
Packard Bell ScreenSaver        Packard Bell        11.11.2010                1.1.0806.2010
Packard Bell Social Networks        CyberLink Corp.        02.04.2012        26,3MB        2.0.3315
Packard Bell Updater        Packard Bell        15.09.2010                1.02.3001
PDF24 Creator 4.4.3        PDF24.org        04.04.2012        33,8MB       
QuickTime        Apple Inc.        08.12.2011        73,3MB        7.71.80.42
Realtek HDMI Audio Driver for ATI        Realtek Semiconductor Corp.        11.11.2010                6.0.1.6034
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        15.09.2010                6.0.1.6141
Realtek USB 2.0 Card Reader        Realtek Semiconductor Corp.        15.09.2010                6.1.7600.30122
Safari        Apple Inc.        08.12.2011        43,2MB        5.34.52.7
*unbekannt*Synaptics Pointing Device Driver        Synaptics Incorporated        09.04.2012                14.0.19.0
TeamViewer 7        TeamViewer        02.04.2012                7.0.12979
Unitymedia Sicherheitspaket                01.07.2011               
Video Web Camera        Liteon        11.11.2010        17,0MB        2.0.5.6
Welcome Center        Packard Bell        11.11.2010                1.02.3004
Windows Live Anmelde-Assistent        Microsoft Corporation        11.11.2010        1,94MB        5.000.818.5
Windows Live Essentials        Microsoft Corporation        12.11.2010                14.0.8117.0416
Windows Live Sync        Microsoft Corporation        11.11.2010        2,79MB        14.0.8117.416
Windows Live-Uploadtool        Microsoft Corporation        11.11.2010        0,22MB        14.0.8014.1029
Code:
Nein        HKCU:Run        lmfvMDBr3jNvGGM        C:\Users\Jens und Thomas\AppData\Roaming\bstr55uhjzd.exe
Ja        HKCU:Run        Sidebar        C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Ja        HKLM:Run        Acer ePower Management        C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
Ja        HKLM:Run        Adobe ARM        "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Ja        HKLM:Run        Adobe Reader Speed Launcher        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Ja        HKLM:Run        APSDaemon        "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Ja        HKLM:Run        BackupManagerTray        "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
Ja        HKLM:Run        F-Secure Manager        "C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSM32.EXE" /splash
Ja        HKLM:Run        F-Secure TNB        "C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
Ja        HKLM:Run        iTunesHelper        "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Ja        HKLM:Run        LManager        C:\Program Files (x86)\Launch Manager\LManager.exe
Ja        HKLM:Run        Malwarebytes' Anti-Malware        "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Ja        HKLM:Run        PDFPrint        C:\Program Files (x86)\PDF24\pdf24.exe
Ja        HKLM:Run        QuickTime Task        "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Ja        HKLM:Run        RtHDVCpl        C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Ja        HKLM:Run        StartCCC        "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Ja        HKLM:Run        SunJavaUpdateSched        "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Ja        HKLM:Run        SynTPEnh        %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Ja        HKLM:RunOnce        Malwarebytes Anti-Malware        C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
Ja        Startup Common        Microsoft Office OneNote 2003 Schnellstart.lnk        C:\Program Files (x86)\Microsoft Office\OFFICE11\ONENOTEM.EXE

markusg 13.04.2012 19:32
hi

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
 :Files
C:\Users\Jens und Thomas\AppData\Roaming\bstr55uhjzd.exe

:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

reinhawi 14.04.2012 15:43
Hi, hier das gewünschte Dokument.

Code:
All processes killed
========== OTL ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: ich
 
User: Jens und Thomas
->Flash cache emptied: 17742 bytes
 
User: Jens_Thomas
->Flash cache emptied: 831 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ich
->Temp folder emptied: 0 bytes
 
User: Jens und Thomas
->Temp folder emptied: 684983 bytes
->Temporary Internet Files folder emptied: 199352530 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 52264007 bytes
->Apple Safari cache emptied: 24293376 bytes
->Opera cache emptied: 13925282 bytes
->Flash cache emptied: 0 bytes
 
User: Jens_Thomas
->Temp folder emptied: 149163 bytes
->Temporary Internet Files folder emptied: 174695964 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9674 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 7151 bytes
 
Total Files Cleaned = 444,00 mb
 
 
OTL by OldTimer - Version 3.2.39.2 log created on 04142012_163623

Files\Folders moved on Reboot...
C:\Users\Jens und Thomas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

markusg 14.04.2012 19:05
öffne ccleaner analysieren, ccleaner starten.
öffne otl, bereinigen, pc startet neu, testen wie das system läuft

reinhawi 14.04.2012 19:50
Liste der Anhänge anzeigen (Anzahl: 1)
hi, habe es gemacht. Habe aber noch es in der autostart.
Code:
Nein        HKCU:Run        lmfvMDBr3jNvGGM        C:\Users\Jens und Thomas\AppData\Roaming\bstr55uhjzd.exe
Ja        HKCU:Run        Sidebar        C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Ja        HKLM:Run        Acer ePower Management        C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
Ja        HKLM:Run        Adobe ARM        "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Ja        HKLM:Run        Adobe Reader Speed Launcher        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Ja        HKLM:Run        APSDaemon        "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Ja        HKLM:Run        BackupManagerTray        "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
Ja        HKLM:Run        F-Secure Manager        "C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSM32.EXE" /splash
Ja        HKLM:Run        F-Secure TNB        "C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
Ja        HKLM:Run        iTunesHelper        "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Ja        HKLM:Run        LManager        C:\Program Files (x86)\Launch Manager\LManager.exe
Ja        HKLM:Run        Malwarebytes' Anti-Malware        "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Ja        HKLM:Run        PDFPrint        C:\Program Files (x86)\PDF24\pdf24.exe
Ja        HKLM:Run        QuickTime Task        "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Ja        HKLM:Run        RtHDVCpl        C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Ja        HKLM:Run        StartCCC        "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Ja        HKLM:Run        SunJavaUpdateSched        "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Ja        HKLM:Run        SynTPEnh        %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Ja        HKLM:RunOnce        Malwarebytes Anti-Malware        C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
Ja        Startup Common        Microsoft Office OneNote 2003 Schnellstart.lnk        C:\Program Files (x86)\Microsoft Office\OFFICE11\ONENOTEM.EXE

markusg 15.04.2012 16:47
jo, und was soll ich damit?
oben steht ja eig was zu tun ist :-)

reinhawi 15.04.2012 18:13
hi, soweit läuft alles wieder, muss ich noch was nachen - wenn nicht danke ich dir rechgr herzlich.

gruss


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:50 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131