BKA-Malware

opteryx · 16.10.2011, 14:39

So, da hab ich den Salat...
wollte besonders schlau sein, habe beim Hochfahren des Laptops mit Taskmanager die Jashla.exe gekillt und dann mit aktualisiertem Malwarebytes einen kompletten Check laufen lassen. Problem: beim Neustart danach kam plötzlich Bluescreen, Registry Error. Zeitpunkt: Windows-Benutzeroberfläche mit allen Icons auf dem Desktop soeben erschienen. Hier mal das mbam-log:

Zitat:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7957

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.10.2011 14:56:30
mbam-log-2011-10-16 (14-56-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|I:\|)
Durchsuchte Objekte: 408178
Laufzeit: 1 Stunde(n), 46 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avupdate (Trojan.Agent) -> Value: avupdate -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\der stutz\AppData\Roaming\jashla.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Bei jedem Neustart kommt der Bluescreen wieder, zum genau selben Zeitpunkt.

cosinus · 16.10.2011, 16:29

Ist Windows jetzt bedienbar oder nicht?
Wenn nicht wie gesagt ein neues OTLPE-Log machen

opteryx · 16.10.2011, 19:16

Windows ist nicht bedienbar. Hier die Logfile des aktuellen Scans:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10/16/2011 9:08:26 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
985.00 Mb Total Physical Memory | 727.00 Mb Available Physical Memory | 74.00% Memory free
876.00 Mb Paging File | 787.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\windows | %ProgramFiles% = F:\Program Files
Drive C: | 200.00 Mb Total Space | 171.82 Mb Free Space | 85.91% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 398.03 Gb Free Space | 85.46% Space Free | Partition Type: NTFS
Drive E: | 30.25 Gb Total Space | 29.54 Gb Free Space | 97.66% Space Free | Partition Type: NTFS
Drive F: | 187.69 Gb Total Space | 106.20 Gb Free Space | 56.58% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/08/31 11:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto] -- F:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/01 08:43:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- F:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 13:31:13 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- F:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/25 09:03:38 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/22 14:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand] -- F:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009/08/14 10:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand] -- F:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009/07/14 10:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto] -- F:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto] -- F:\windows\System32\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\windows\System32\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009/06/04 15:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/16 05:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (USBCCID)
DRV - File not found [Kernel | On_Demand] --  -- (RtsUIR)
DRV - File not found [Kernel | On_Demand] --  -- (RSUSBSTOR)
DRV - [2011/08/31 11:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- F:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/01 08:44:03 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- F:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/01 08:44:03 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- F:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 10:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- F:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/09 05:20:27 | 000,054,800 | ---- | M] () [Kernel | System] -- F:\windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2009/09/14 14:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/07/28 17:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand] -- F:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
DRV - [2009/07/21 17:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand] -- F:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/16 08:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- F:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009/06/19 12:18:26 | 000,168,704 | ---- | M] (SMI) [Kernel | On_Demand] -- F:\Windows\System32\drivers\SMIksdrv.sys -- (usbsmi)
DRV - [2009/06/14 22:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/05/19 09:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008/08/06 08:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- F:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Der_Stutz_ON_F\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKU\Der_Stutz_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKU\Der_Stutz_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Der_Stutz_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\Gast_ON_F\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKU\Gast_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKU\Gast_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Romilda_ON_F\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKU\Romilda_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKU\Romilda_ON_F\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKU\Romilda_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: F:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: F:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: F:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 06:59:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/31 15:09:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.14\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/09/15 03:39:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.14\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010/09/29 17:04:39 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Der Stutz\AppData\Roaming\Mozilla\Extensions
[2010/09/29 17:04:39 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Der Stutz\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/07/10 07:18:06 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Der Stutz\AppData\Roaming\Mozilla\Firefox\Profiles\k2ihuyvt.default\extensions
[2011/09/12 15:41:46 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions
[2011/09/12 15:41:46 | 000,000,000 | ---D | M] (Skype extension) -- F:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- 
[2011/09/08 06:59:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- F:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- F:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/05/31 15:09:48 | 000,001,392 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/05/31 15:09:48 | 000,002,252 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/31 15:09:48 | 000,001,153 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/05/31 15:09:48 | 000,006,805 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/05/31 15:09:48 | 000,001,178 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/05/31 15:09:48 | 000,001,105 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/10/03 04:41:46 | 000,000,098 | ---- | M]) - F:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\Der_Stutz_ON_F\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Romilda_ON_F\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] F:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Energy Management] F:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] F:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] F:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] F:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] F:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartAudio] F:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [UpdateP2GShortCut] F:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\Der_Stutz_ON_F..\Run: [avupdate]  File not found
O4 - HKU\Der_Stutz_ON_F..\Run: [Corel Photo Downloader] F:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKU\Der_Stutz_ON_F..\Run: [EA Core]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] F:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\Romilda_ON_F..\RunOnce: [FlashPlayerUpdate] F:\windows\System32\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: F:\Users\Der Stutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Der_Stutz_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Der_Stutz_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Der_Stutz_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Romilda_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Romilda_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Romilda_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - F:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - F:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/10/14 16:51:42 | 000,000,000 | -HSD | C] -- F:\found.000
[2011/10/02 04:19:30 | 002,237,440 | R--- | C] (OldTimer Tools) -- F:\OTLPE.exe
[2011/10/02 04:19:24 | 000,000,000 | ---D | C] -- F:\_OTL
[2011/10/01 14:42:07 | 000,000,000 | -HSD | C] -- F:\RECYCLER
[2011/09/25 17:02:09 | 000,000,000 | ---D | C] -- F:\Users\Romilda\AppData\Roaming\Winamp
[2011/09/25 17:00:23 | 000,000,000 | ---D | C] -- F:\Users\Romilda\AppData\Local\{815A9AC8-166A-4769-B204-DC8B50944592}
[2011/09/25 16:59:27 | 000,000,000 | ---D | C] -- F:\Users\Romilda\AppData\Roaming\Malwarebytes
 
========== Files - Modified Within 30 Days ==========
 
[2011/10/16 11:52:10 | 000,067,584 | --S- | M] () -- F:\windows\bootstat.dat
[2011/10/16 10:25:39 | 230,968,417 | ---- | M] () -- F:\windows\MEMORY.DMP
[2011/10/16 10:25:34 | 774,320,128 | -HS- | M] () -- F:\hiberfil.sys
[2011/10/16 10:23:49 | 000,001,100 | ---- | M] () -- F:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/16 08:44:06 | 000,001,104 | ---- | M] () -- F:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/16 07:11:42 | 000,009,696 | ---- | M] () -- F:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/16 07:11:42 | 000,009,696 | ---- | M] () -- F:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/16 07:05:22 | 000,001,348 | ---- | M] () -- F:\Users\Der Stutz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/16 07:05:22 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/30 16:36:03 | 000,000,000 | ---- | M] () -- F:\Users\Der Stutz\AppData\Local\{231CDFCB-175B-49E5-B6DE-671CC2900DA4}
[2011/09/30 11:27:20 | 000,009,800 | ---- | M] () -- F:\bootsqm.dat
 
========== Files Created - No Company Name ==========
 
[2011/09/30 16:36:03 | 000,000,000 | ---- | C] () -- F:\Users\Der Stutz\AppData\Local\{231CDFCB-175B-49E5-B6DE-671CC2900DA4}
[2011/09/30 11:27:20 | 000,009,800 | ---- | C] () -- F:\bootsqm.dat
[2011/05/19 15:51:08 | 000,000,136 | ---- | C] () -- F:\ProgramData\~27516664r
[2011/05/19 15:51:08 | 000,000,112 | ---- | C] () -- F:\ProgramData\~27516664
[2011/05/19 15:50:52 | 000,000,392 | ---- | C] () -- F:\ProgramData\27516664
[2011/05/08 13:54:57 | 000,116,224 | ---- | C] () -- F:\windows\System32\pdfcmnnt.dll
[2010/10/10 14:34:07 | 000,003,584 | ---- | C] () -- F:\Users\Der Stutz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/09 14:21:26 | 000,000,097 | ---- | C] () -- F:\Users\Der Stutz\AppData\Local\fusioncache.dat
[2010/10/05 05:56:14 | 000,000,056 | ---- | C] () -- F:\ProgramData\ezsidmv.dat
[2010/06/26 06:54:21 | 000,000,000 | ---- | C] () -- F:\windows\PowerReg.dat
[2010/02/09 05:21:22 | 002,110,728 | ---- | C] () -- F:\windows\System32\Apblend.dll
[2010/02/09 05:21:22 | 001,410,312 | ---- | C] () -- F:\windows\System32\IcnOvrly.dll
[2010/02/09 05:21:22 | 001,171,456 | ---- | C] () -- F:\windows\System32\PicNotify.dll
[2010/02/09 05:21:22 | 000,660,744 | ---- | C] () -- F:\windows\System32\EncIcons.dll
[2010/02/09 05:21:22 | 000,513,288 | ---- | C] () -- F:\windows\System32\SimpleExt.dll
[2010/02/09 05:21:02 | 001,044,480 | ---- | C] () -- F:\windows\System32\3DImageRenderer.dll
[2010/02/09 05:20:27 | 000,057,344 | ---- | C] () -- F:\windows\AsfHelper.dll
[2010/02/09 05:20:27 | 000,054,800 | ---- | C] () -- F:\windows\System32\drivers\funfrm.sys
[2010/02/09 05:20:14 | 000,163,840 | ---- | C] () -- F:\windows\System32\SM37XCoInst.dll
[2010/02/09 05:18:40 | 000,140,288 | ---- | C] () -- F:\windows\System32\igfxtvcx.dll
[2010/02/09 05:14:00 | 000,016,648 | R--- | C] () -- F:\windows\System32\LogAPI.dll
[2010/02/09 05:11:31 | 000,982,220 | ---- | C] () -- F:\windows\System32\igkrng500.bin
[2010/02/09 05:11:31 | 000,134,592 | ---- | C] () -- F:\windows\System32\igfcg500.bin
[2010/02/09 05:11:31 | 000,092,216 | ---- | C] () -- F:\windows\System32\igfcg500m.bin
[2010/02/09 05:11:30 | 000,439,300 | ---- | C] () -- F:\windows\System32\igcompkrng500.bin
[2010/01/18 20:37:21 | 000,700,874 | ---- | C] () -- F:\windows\System32\perfh007.dat
[2010/01/18 20:37:21 | 000,295,922 | ---- | C] () -- F:\windows\System32\perfi007.dat
[2010/01/18 20:37:21 | 000,147,528 | ---- | C] () -- F:\windows\System32\perfc007.dat
[2010/01/18 20:37:21 | 000,038,104 | ---- | C] () -- F:\windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- F:\windows\bootstat.dat
[2009/07/14 00:33:53 | 001,792,864 | ---- | C] () -- F:\windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,662,716 | ---- | C] () -- F:\windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- F:\windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,123,910 | ---- | C] () -- F:\windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- F:\windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- F:\windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- F:\windows\System32\dssec.dat
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- F:\windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- F:\windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- F:\windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\windows\System32\mlang.dat
[2007/07/23 03:03:32 | 000,053,248 | ---- | C] () -- F:\windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 03:03:32 | 000,053,248 | ---- | C] () -- F:\windows\System32\AgCPanelSwedish.dll
[2007/07/23 03:03:32 | 000,053,248 | ---- | C] () -- F:\windows\System32\AgCPanelSpanish.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- F:\windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- F:\windows\System32\AgCPanelPortugese.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- F:\windows\System32\AgCPanelKorean.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- F:\windows\System32\AgCPanelJapanese.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- F:\windows\System32\AgCPanelGerman.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- F:\windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010/06/25 16:44:20 | 000,000,000 | -HSD | M] -- F:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2010/06/25 16:44:20 | 000,000,000 | -HSD | M] -- F:\ProgramData\Dokumente
[2010/02/09 05:20:27 | 000,000,000 | ---D | M] -- F:\ProgramData\EasyCapture
[2011/05/06 16:19:16 | 000,000,000 | ---D | M] -- F:\ProgramData\Electronic Arts
[2010/06/25 16:44:20 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2010/02/09 05:11:02 | 000,000,000 | ---D | M] -- F:\ProgramData\PC-Doctor for Windows
[2010/02/09 05:11:01 | 000,000,000 | ---D | M] -- F:\ProgramData\PCDr
[2011/06/08 04:14:46 | 000,000,000 | ---D | M] -- F:\ProgramData\PhotoStitch
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2010/06/25 16:44:20 | 000,000,000 | -HSD | M] -- F:\ProgramData\Startmenü
[2010/01/18 13:05:55 | 000,000,000 | ---D | M] -- F:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2010/10/11 04:56:10 | 000,000,000 | ---D | M] -- F:\ProgramData\Ulead Systems
[2010/06/25 16:44:20 | 000,000,000 | -HSD | M] -- F:\ProgramData\Vorlagen
[2010/01/18 13:04:53 | 000,000,000 | ---D | M] -- F:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/08/25 06:59:19 | 000,032,632 | ---- | M] () -- F:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

Wobei man auch sagen muss, dass die Laufwerksbuchstaben vertauscht sind. F sollte eigentlich C sein

cosinus · 16.10.2011, 19:36

Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O3 - HKU\Der_Stutz_ON_F\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Romilda_ON_F\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\Der_Stutz_ON_F..\Run: [avupdate]  File not found
O4 - HKU\Der_Stutz_ON_F..\Run: [EA Core]  File not found
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
[2011/10/14 16:51:42 | 000,000,000 | -HSD | C] -- F:\found.000
[2011/09/25 17:00:23 | 000,000,000 | ---D | C] -- F:\Users\Romilda\AppData\Local\{815A9AC8-166A-4769-B204-DC8B50944592}
[2011/09/30 16:36:03 | 000,000,000 | ---- | M] () -- F:\Users\Der Stutz\AppData\Local\{231CDFCB-175B-49E5-B6DE-671CC2900DA4}
[2011/05/19 15:51:08 | 000,000,136 | ---- | C] () -- F:\ProgramData\~27516664r
[2011/05/19 15:51:08 | 000,000,112 | ---- | C] () -- F:\ProgramData\~27516664
[2011/05/19 15:50:52 | 000,000,392 | ---- | C] () -- F:\ProgramData\27516664
[2010/01/18 13:04:53 | 000,000,000 | ---D | M] -- F:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
:Commands
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows hoffentlich wieder normal starten, poste bitte ob dem so ist oder nicht.

opteryx · 16.10.2011, 20:04

hier die Logfile, der Crash/Bluescreen kam zum selben Zeitpunkt wieder.

Zitat:

========== OTL ==========
Registry value HKEY_USERS\Der_Stutz_ON_F\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\Romilda_ON_F\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\Der_Stutz_ON_F\Software\Microsoft\Windows\CurrentVersion\Run\\avupdate deleted successfully.
Registry value HKEY_USERS\Der_Stutz_ON_F\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_USERS\LocalService_ON_F\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
F:\Windows\System32\mctadmin.exe moved successfully.
Registry value HKEY_USERS\NetworkService_ON_F\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File F:\Windows\System32\mctadmin.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
F:\autoexec.bat moved successfully.
F:\found.000\dir0004.chk folder moved successfully.
F:\found.000\dir0003.chk folder moved successfully.
F:\found.000\dir0002.chk folder moved successfully.
F:\found.000\dir0001.chk folder moved successfully.
F:\found.000\dir0000.chk folder moved successfully.
F:\found.000 folder moved successfully.
F:\Users\Romilda\AppData\Local\{815A9AC8-166A-4769-B204-DC8B50944592} folder moved successfully.
F:\Users\Der Stutz\AppData\Local\{231CDFCB-175B-49E5-B6DE-671CC2900DA4} moved successfully.
F:\ProgramData\~27516664r moved successfully.
F:\ProgramData\~27516664 moved successfully.
F:\ProgramData\27516664 moved successfully.
F:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} folder moved successfully.
========== COMMANDS ==========
F:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 10162011_225421

cosinus · 16.10.2011, 20:07

Funktioniert noch der abgesicherte Modus?

opteryx · 16.10.2011, 20:09

ja der funktioniert noch

cosinus · 16.10.2011, 20:16

Dann mach darin auch nochmal ein OTL-Log:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

opteryx · 16.10.2011, 20:43

hier die OTL.txt:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.10.2011 21:23:40 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Der Stutz\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
984,60 Mb Total Physical Memory | 607,36 Mb Available Physical Memory | 61,69% Memory free
1,96 Gb Paging File | 1,62 Gb Available in Paging File | 82,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 187,69 Gb Total Space | 106,00 Gb Free Space | 56,48% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 29,54 Gb Free Space | 97,65% Space Free | Partition Type: NTFS
Drive I: | 465,76 Gb Total Space | 398,02 Gb Free Space | 85,46% Space Free | Partition Type: NTFS
 
Computer Name: BLECHDEPP | User Name: Der Stutz | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.16 21:18:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Der Stutz\Desktop\OTL.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.03.18 22:17:20 | 000,102,032 | ---- | M] () -- C:\Programme\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.01 14:43:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 19:31:13 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.25 15:03:38 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.09.22 20:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009.08.14 16:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\System32\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009.06.04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.01 14:44:03 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 14:44:03 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 16:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.09 11:20:27 | 000,054,800 | ---- | M] () [Kernel | System | Stopped] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2009.09.14 20:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.07.28 23:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
DRV - [2009.07.21 23:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009.07.16 14:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009.06.19 18:18:26 | 000,168,704 | ---- | M] (SMI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SMIksdrv.sys -- (usbsmi)
DRV - [2009.06.15 04:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.05.19 15:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008.08.06 14:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.08 12:59:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.31 21:09:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.14\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.15 09:39:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.14\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.09.29 23:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Der Stutz\AppData\Roaming\mozilla\Extensions
[2010.09.29 23:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Der Stutz\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.10 13:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Der Stutz\AppData\Roaming\mozilla\Firefox\Profiles\k2ihuyvt.default\extensions
[2011.09.12 21:41:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.12 21:41:46 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.09.08 12:59:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.05.31 21:09:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.31 21:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.31 21:09:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.31 21:09:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.31 21:09:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.31 21:09:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2011.10.17 04:54:27 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Der Stutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01A87624-8921-467D-85FB-5C652EE482CF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{206B9BC7-0D41-474E-B105-71C8C7BA5008}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.clmp3enc - C:\Programme\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.02 10:19:30 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011.10.02 10:19:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.10.01 20:42:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.16 21:08:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011.10.16 21:08:38 | 238,279,777 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011.10.16 21:08:34 | 774,320,128 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.16 21:04:19 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.16 14:44:06 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.16 13:11:42 | 000,009,696 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.16 13:11:42 | 000,009,696 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.30 17:27:20 | 000,009,800 | ---- | M] () -- C:\bootsqm.dat
 
========== Files Created - No Company Name ==========
 
[2011.09.30 17:27:20 | 000,009,800 | ---- | C] () -- C:\bootsqm.dat
[2011.05.08 19:54:57 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2010.10.10 20:34:07 | 000,003,584 | ---- | C] () -- C:\Users\Der Stutz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.09 20:21:26 | 000,000,097 | ---- | C] () -- C:\Users\Der Stutz\AppData\Local\fusioncache.dat
[2010.10.05 11:56:14 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.26 12:54:21 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat
[2010.02.09 11:21:22 | 002,110,728 | ---- | C] () -- C:\windows\System32\Apblend.dll
[2010.02.09 11:21:22 | 001,410,312 | ---- | C] () -- C:\windows\System32\IcnOvrly.dll
[2010.02.09 11:21:22 | 001,171,456 | ---- | C] () -- C:\windows\System32\PicNotify.dll
[2010.02.09 11:21:22 | 000,660,744 | ---- | C] () -- C:\windows\System32\EncIcons.dll
[2010.02.09 11:21:22 | 000,513,288 | ---- | C] () -- C:\windows\System32\SimpleExt.dll
[2010.02.09 11:21:02 | 001,044,480 | ---- | C] () -- C:\windows\System32\3DImageRenderer.dll
[2010.02.09 11:20:27 | 000,057,344 | ---- | C] () -- C:\windows\AsfHelper.dll
[2010.02.09 11:20:27 | 000,054,800 | ---- | C] () -- C:\windows\System32\drivers\funfrm.sys
[2010.02.09 11:20:14 | 000,163,840 | ---- | C] () -- C:\windows\System32\SM37XCoInst.dll
[2010.02.09 11:18:40 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2010.02.09 11:14:00 | 000,016,648 | R--- | C] () -- C:\windows\System32\LogAPI.dll
[2010.02.09 11:11:31 | 000,982,220 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2010.02.09 11:11:31 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2010.02.09 11:11:31 | 000,092,216 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2010.02.09 11:11:30 | 000,439,300 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2010.01.19 02:37:21 | 000,700,874 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2010.01.19 02:37:21 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2010.01.19 02:37:21 | 000,147,528 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2010.01.19 02:37:21 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009.07.14 06:33:53 | 001,792,864 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,662,716 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,123,910 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.10.09 22:09:58 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\Canon
[2010.09.30 21:21:33 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\GHISLER
[2010.12.11 18:12:20 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\gtk-2.0
[2010.10.09 20:24:18 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\HDRsoft
[2011.08.06 20:12:26 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\ICQ
[2011.01.07 13:59:22 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\Lite
[2010.06.27 13:58:40 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\OpenOffice.org
[2011.04.18 23:15:27 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\temp
[2010.09.29 23:04:33 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\Thunderbird
[2011.08.25 12:59:19 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.25 15:13:31 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\Adobe
[2010.12.12 14:58:12 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\Avira
[2010.10.09 22:09:58 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\Canon
[2010.10.10 20:33:34 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\Corel
[2010.09.30 21:21:33 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\GHISLER
[2010.12.11 18:12:20 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\gtk-2.0
[2010.10.09 20:24:18 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\HDRsoft
[2011.03.27 17:41:49 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\HpUpdate
[2011.08.06 20:12:26 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\ICQ
[2010.06.25 22:45:41 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\Identities
[2010.10.16 16:04:39 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\InstallShield Installation Information
[2011.01.07 13:59:22 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\Lite
[2010.09.28 01:32:42 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\Macromedia
[2011.05.19 22:25:05 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\Malwarebytes
[2009.07.29 12:50:54 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\Media Center Programs
[2010.11.07 18:13:30 | 000,000,000 | --SD | M] -- C:\Users\Der Stutz\AppData\Roaming\Microsoft
[2010.07.10 13:18:06 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\Mozilla
[2010.06.27 13:58:40 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\OpenOffice.org
[2010.07.10 13:27:59 | 000,000,000 | R--D | M] -- C:\Users\Der Stutz\AppData\Roaming\SecuROM
[2011.09.19 21:25:16 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\Skype
[2011.09.12 21:40:27 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\skypePM
[2011.04.18 23:15:27 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\temp
[2010.09.29 23:04:33 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\Thunderbird
[2011.09.23 18:14:49 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\Winamp
[2010.06.26 13:29:03 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\WinRAR
[2010.10.09 20:02:20 | 000,000,000 | ---D | M] -- C:\Users\Der Stutz\AppData\Roaming\ZoomBrowser EX
 
< %APPDATA%\*.exe /s >
[2010.10.16 15:44:45 | 000,331,776 | ---- | M] () -- C:\Users\Der Stutz\AppData\Roaming\InstallShield Installation Information\{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}\SetupUT3.exe
 
< %SYSTEMDRIVE%\*.exe >
[2011.07.13 04:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 20:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.06.04 20:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 20:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

und hier die Extras.txt:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 16.10.2011 21:23:40 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Der Stutz\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
984,60 Mb Total Physical Memory | 607,36 Mb Available Physical Memory | 61,69% Memory free
1,96 Gb Paging File | 1,62 Gb Available in Paging File | 82,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 187,69 Gb Total Space | 106,00 Gb Free Space | 56,48% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 29,54 Gb Free Space | 97,65% Space Free | Partition Type: NTFS
Drive I: | 465,76 Gb Total Space | 398,02 Gb Free Space | 85,46% Space Free | Partition Type: NTFS
 
Computer Name: BLECHDEPP | User Name: Der Stutz | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Photo Pro X3 durchsuchen] -- "C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1A2000AF-79DE-47FB-8411-BA22F981917F}" = Tropico 2: Die Pirateninsel
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CA7DA5E-B8BD-4E9F-A6F2-BAF53D503498}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6199025-CBF8-4ACB-BEE9-D14EC1CCD731}" = X2 - The Threat
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A90100000001}" = Adobe Reader 9.0.1 - Deutsch
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDB68A90-340C-42B9-B42B-D2CBED1B91DC}" = Heroes of Might and Magic V Collector Edition
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Lenovo EasyCamera
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DPP" = Canon Utilities Digital Photo Professional 3.6
"EADM" = EA Download Manager
"EasyCapture4.0" = EasyCapture
"EOS Utility" = Canon Utilities EOS Utility
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Heroes of Might and Magic IV" = Heroes of Might and Magic IV: Winds of War
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"Lenovo EasyCamera" = Lenovo EasyCamera
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Master of Orion 3" = Master of Orion 3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MoO3 - Die deutsche Übersetzung" = MoO3 - Die deutsche Übersetzung
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"Mozilla Thunderbird (3.1.14)" = Mozilla Thunderbird (3.1.14)
"MyCamera" = Canon Utilities MyCamera
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"Orion2DeinstKey" = Master of Orion II
"PC-Doctor for Windows" = PC-Doctor für Windows
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.5
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PROHYBRIDR" = 2007 Microsoft Office system
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Totalcmd" = Total Commander (Remove or Repair)
"TVWiz" = Intel(R) TV Wizard
"WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"x2_allinone_bonus_package_is1" = X² All In One Bonus Package 1.04
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.08.2011 09:36:11 | Computer Name = Blechdepp | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Corel\Corel
 PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-9.0-amd64.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.08.2011 08:58:09 | Computer Name = Blechdepp | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Corel\Corel
 PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-9.0-amd64.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 15.08.2011 08:19:03 | Computer Name = Blechdepp | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Corel\Corel
 PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-9.0-amd64.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.08.2011 17:16:39 | Computer Name = Blechdepp | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Corel\Corel
 PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-9.0-amd64.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 26.08.2011 11:54:33 | Computer Name = Blechdepp | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Corel\Corel
 PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-9.0-amd64.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.08.2011 11:22:11 | Computer Name = Blechdepp | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 6.0.0.4240 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 634    Startzeit: 
01cc64be07996e8b    Endzeit: 467    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
 4f046ac2-d0c0-11e0-9e3b-a5f8384b42a3  
 
Error - 03.09.2011 07:30:27 | Computer Name = Blechdepp | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Corel\Corel
 PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-9.0-amd64.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.09.2011 08:06:21 | Computer Name = Blechdepp | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Corel\Corel
 PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-9.0-amd64.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.09.2011 06:42:52 | Computer Name = Blechdepp | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Corel\Corel
 PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-9.0-amd64.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.09.2011 15:13:42 | Computer Name = Blechdepp | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Corel\Corel
 PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-9.0-amd64.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 16.10.2011 15:08:57 | Computer Name = Blechdepp | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  avipbb  DfsC  discache  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr  ssmdrv  Tcpip  tdx  vwififlt
Wanarpv6
WfpLwf
 
Error - 16.10.2011 15:09:06 | Computer Name = Blechdepp | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.10.2011 15:09:07 | Computer Name = Blechdepp | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.10.2011 15:09:11 | Computer Name = Blechdepp | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.10.2011 15:09:11 | Computer Name = Blechdepp | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.10.2011 15:09:11 | Computer Name = Blechdepp | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.10.2011 15:09:11 | Computer Name = Blechdepp | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.10.2011 15:09:11 | Computer Name = Blechdepp | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.10.2011 15:09:11 | Computer Name = Blechdepp | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.10.2011 15:20:05 | Computer Name = Blechdepp | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >

--- --- ---

cosinus · 16.10.2011, 20:49

Das Log ist soweit ok. Versuch mal einen neuen Benutzer über die Systemsteuerung im abgesicherten Modus zu erstellen und starte dann im normalen Windows-Modus, log dich dann mit dem neu erstellen Benutzer ein. Funktioniert das?

opteryx · 16.10.2011, 20:53

nein, crasht wieder...

Windows gibt mir die Infos zum Bluescreen:

Zitat:

Problemereignisname: Bluescreen
Betriebssystemversion: 6.1.7600.2.0.0.768.3
Gebietsschema-ID: 1031

Zusatzinformationen zum Problem:
BCCode: 51
BCP1: 00000001
BCP2: 8841B008
BCP3: 0154B000
BCP4: 00000374
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1

Dateien, die bei der Beschreibung des Problems hilfreich sind:
C:\Windows\Minidump\101611-18423-01.dmp
C:\Users\Der Stutz\AppData\Local\Temp\WER-34117-0.sysdata.xml

cosinus · 16.10.2011, 20:54

Bitte nun dieses Tool von Kaspersky im abgesicherte Modus mit Netzwerktreibern ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

opteryx · 16.10.2011, 21:14

hat nix gefunden. Hier das Log:

Zitat:

22:10:05.0059 0672 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
22:10:05.0277 0672 ============================================================
22:10:05.0277 0672 Current date / time: 2011/10/16 22:10:05.0277
22:10:05.0277 0672 SystemInfo:
22:10:05.0277 0672
22:10:05.0277 0672 OS Version: 6.1.7600 ServicePack: 0.0
22:10:05.0277 0672 Product type: Workstation
22:10:05.0277 0672 ComputerName: BLECHDEPP
22:10:05.0277 0672 UserName: Der Stutz
22:10:05.0277 0672 Windows directory: C:\windows
22:10:05.0277 0672 System windows directory: C:\windows
22:10:05.0277 0672 Processor architecture: Intel x86
22:10:05.0277 0672 Number of processors: 2
22:10:05.0277 0672 Page size: 0x1000
22:10:05.0277 0672 Boot type: Safe boot with network
22:10:05.0277 0672 ============================================================
22:10:06.0790 0672 Initialize success
22:10:38.0583 1384 ============================================================
22:10:38.0583 1384 Scan started
22:10:38.0583 1384 Mode: Manual; SigCheck; TDLFS;
22:10:38.0583 1384 ============================================================
22:10:38.0848 1384 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
22:10:38.0973 1384 1394ohci - ok
22:10:39.0113 1384 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
22:10:39.0129 1384 ACPI - ok
22:10:39.0269 1384 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
22:10:39.0316 1384 AcpiPmi - ok
22:10:39.0457 1384 ACPIVPC (87114efedeb94af49323ca61f344716d) C:\windows\system32\DRIVERS\AcpiVpc.sys
22:10:39.0488 1384 ACPIVPC - ok
22:10:39.0769 1384 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
22:10:39.0784 1384 adp94xx - ok
22:10:40.0003 1384 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
22:10:40.0034 1384 adpahci - ok
22:10:40.0252 1384 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
22:10:40.0252 1384 adpu320 - ok
22:10:40.0751 1384 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
22:10:40.0829 1384 AFD - ok
22:10:40.0954 1384 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
22:10:40.0954 1384 agp440 - ok
22:10:41.0079 1384 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
22:10:41.0095 1384 aic78xx - ok
22:10:41.0204 1384 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
22:10:41.0219 1384 aliide - ok
22:10:41.0609 1384 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
22:10:41.0609 1384 amdagp - ok
22:10:41.0765 1384 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
22:10:41.0781 1384 amdide - ok
22:10:41.0953 1384 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
22:10:42.0031 1384 AmdK8 - ok
22:10:42.0171 1384 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
22:10:42.0202 1384 AmdPPM - ok
22:10:42.0530 1384 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
22:10:42.0545 1384 amdsata - ok
22:10:42.0951 1384 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
22:10:42.0967 1384 amdsbs - ok
22:10:43.0310 1384 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
22:10:43.0310 1384 amdxata - ok
22:10:43.0528 1384 ApfiltrService (fd6d4bc1cf7d1fec5a17588007ecafb5) C:\windows\system32\DRIVERS\Apfiltr.sys
22:10:43.0528 1384 ApfiltrService - ok
22:10:43.0871 1384 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
22:10:43.0918 1384 AppID - ok
22:10:44.0246 1384 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
22:10:44.0246 1384 arc - ok
22:10:44.0511 1384 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
22:10:44.0511 1384 arcsas - ok
22:10:44.0885 1384 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
22:10:44.0995 1384 AsyncMac - ok
22:10:45.0182 1384 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
22:10:45.0182 1384 atapi - ok
22:10:45.0572 1384 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys
22:10:45.0587 1384 avgntflt - ok
22:10:45.0993 1384 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys
22:10:45.0993 1384 avipbb - ok
22:10:46.0336 1384 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
22:10:46.0383 1384 b06bdrv - ok
22:10:46.0555 1384 b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\windows\system32\DRIVERS\b57nd60x.sys
22:10:46.0570 1384 b57nd60x - ok
22:10:47.0381 1384 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\windows\system32\DRIVERS\bcmwl6.sys
22:10:47.0428 1384 BCM43XX - ok
22:10:47.0631 1384 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
22:10:47.0693 1384 Beep - ok
22:10:48.0052 1384 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
22:10:48.0083 1384 blbdrive - ok
22:10:48.0442 1384 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
22:10:48.0505 1384 bowser - ok
22:10:48.0785 1384 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
22:10:48.0832 1384 BrFiltLo - ok
22:10:49.0004 1384 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
22:10:49.0051 1384 BrFiltUp - ok
22:10:49.0534 1384 Bridge0 (b35bb97b6dd9913093579f5c83962636) C:\windows\system32\drivers\WDBridge.sys
22:10:49.0550 1384 Bridge0 - ok
22:10:50.0033 1384 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
22:10:50.0080 1384 Brserid - ok
22:10:50.0174 1384 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
22:10:50.0236 1384 BrSerWdm - ok
22:10:50.0377 1384 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
22:10:50.0408 1384 BrUsbMdm - ok
22:10:50.0517 1384 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
22:10:50.0548 1384 BrUsbSer - ok
22:10:50.0782 1384 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
22:10:50.0813 1384 BthEnum - ok
22:10:51.0016 1384 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
22:10:51.0032 1384 BTHMODEM - ok
22:10:51.0125 1384 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
22:10:51.0157 1384 BthPan - ok
22:10:51.0313 1384 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\windows\System32\Drivers\BTHport.sys
22:10:51.0359 1384 BTHPORT - ok
22:10:51.0484 1384 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\windows\System32\Drivers\BTHUSB.sys
22:10:51.0515 1384 BTHUSB - ok
22:10:51.0625 1384 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
22:10:51.0671 1384 cdfs - ok
22:10:51.0796 1384 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
22:10:51.0812 1384 cdrom - ok
22:10:51.0937 1384 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
22:10:51.0968 1384 circlass - ok
22:10:52.0311 1384 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
22:10:52.0342 1384 CLFS - ok
22:10:52.0592 1384 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
22:10:52.0607 1384 CmBatt - ok
22:10:52.0654 1384 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
22:10:52.0654 1384 cmdide - ok
22:10:52.0763 1384 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
22:10:52.0810 1384 CNG - ok
22:10:52.0966 1384 CnxtHdAudService (7c47786b58ae503777dbd12fae20ed42) C:\windows\system32\drivers\CHDRT32.sys
22:10:53.0029 1384 CnxtHdAudService - ok
22:10:53.0153 1384 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
22:10:53.0153 1384 Compbatt - ok
22:10:53.0216 1384 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
22:10:53.0247 1384 CompositeBus - ok
22:10:53.0372 1384 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
22:10:53.0372 1384 crcdisk - ok
22:10:53.0528 1384 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
22:10:53.0590 1384 DfsC - ok
22:10:53.0762 1384 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
22:10:53.0793 1384 discache - ok
22:10:53.0933 1384 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
22:10:53.0949 1384 Disk - ok
22:10:53.0996 1384 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
22:10:54.0011 1384 drmkaud - ok
22:10:54.0089 1384 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
22:10:54.0121 1384 DXGKrnl - ok
22:10:54.0230 1384 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
22:10:54.0355 1384 ebdrv - ok
22:10:54.0495 1384 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
22:10:54.0511 1384 elxstor - ok
22:10:54.0542 1384 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
22:10:54.0573 1384 ErrDev - ok
22:10:54.0651 1384 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
22:10:54.0698 1384 exfat - ok
22:10:54.0713 1384 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
22:10:54.0760 1384 fastfat - ok
22:10:54.0807 1384 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
22:10:54.0838 1384 fdc - ok
22:10:54.0869 1384 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
22:10:54.0869 1384 FileInfo - ok
22:10:54.0885 1384 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
22:10:54.0932 1384 Filetrace - ok
22:10:55.0072 1384 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
22:10:55.0197 1384 flpydisk - ok
22:10:55.0244 1384 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
22:10:55.0259 1384 FltMgr - ok
22:10:55.0275 1384 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
22:10:55.0291 1384 FsDepends - ok
22:10:55.0306 1384 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
22:10:55.0322 1384 Fs_Rec - ok
22:10:55.0447 1384 funfrm (f626f291e3f56e8969e35945552feca3) C:\windows\system32\drivers\funfrm.sys
22:10:55.0462 1384 funfrm - ok
22:10:55.0509 1384 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
22:10:55.0525 1384 fvevol - ok
22:10:55.0556 1384 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
22:10:55.0571 1384 gagp30kx - ok
22:10:55.0696 1384 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
22:10:55.0790 1384 hcw85cir - ok
22:10:55.0837 1384 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
22:10:55.0915 1384 HdAudAddService - ok
22:10:56.0024 1384 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
22:10:56.0039 1384 HDAudBus - ok
22:10:56.0071 1384 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
22:10:56.0086 1384 HidBatt - ok
22:10:56.0133 1384 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
22:10:56.0149 1384 HidBth - ok
22:10:56.0195 1384 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
22:10:56.0211 1384 HidIr - ok
22:10:56.0273 1384 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
22:10:56.0289 1384 HidUsb - ok
22:10:56.0414 1384 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
22:10:56.0429 1384 HpSAMD - ok
22:10:56.0461 1384 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
22:10:56.0507 1384 HTTP - ok
22:10:56.0539 1384 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
22:10:56.0554 1384 hwpolicy - ok
22:10:56.0617 1384 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
22:10:56.0648 1384 i8042prt - ok
22:10:56.0757 1384 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
22:10:56.0773 1384 iaStor - ok
22:10:56.0835 1384 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
22:10:56.0851 1384 iaStorV - ok
22:10:57.0116 1384 igfx (45d1a22c0e932768729dd422e175a448) C:\windows\system32\DRIVERS\igdkmd32.sys
22:10:57.0334 1384 igfx - ok
22:10:57.0475 1384 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
22:10:57.0475 1384 iirsp - ok
22:10:57.0521 1384 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
22:10:57.0537 1384 intelide - ok
22:10:57.0584 1384 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
22:10:57.0599 1384 intelppm - ok
22:10:57.0724 1384 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:10:57.0787 1384 IpFilterDriver - ok
22:10:57.0880 1384 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
22:10:57.0896 1384 IPMIDRV - ok
22:10:57.0927 1384 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
22:10:57.0958 1384 IPNAT - ok
22:10:58.0005 1384 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
22:10:58.0021 1384 IRENUM - ok
22:10:58.0052 1384 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
22:10:58.0067 1384 isapnp - ok
22:10:58.0114 1384 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
22:10:58.0130 1384 iScsiPrt - ok
22:10:58.0161 1384 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\windows\system32\DRIVERS\k57nd60x.sys
22:10:58.0192 1384 k57nd60x - ok
22:10:58.0317 1384 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
22:10:58.0333 1384 kbdclass - ok
22:10:58.0364 1384 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
22:10:58.0379 1384 kbdhid - ok
22:10:58.0395 1384 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
22:10:58.0411 1384 KSecDD - ok
22:10:58.0457 1384 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
22:10:58.0457 1384 KSecPkg - ok
22:10:58.0832 1384 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
22:10:58.0879 1384 lltdio - ok
22:10:59.0144 1384 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
22:10:59.0144 1384 LSI_FC - ok
22:10:59.0518 1384 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
22:10:59.0534 1384 LSI_SAS - ok
22:10:59.0690 1384 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
22:10:59.0690 1384 LSI_SAS2 - ok
22:10:59.0721 1384 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
22:10:59.0721 1384 LSI_SCSI - ok
22:10:59.0799 1384 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
22:10:59.0830 1384 luafv - ok
22:10:59.0986 1384 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\windows\system32\drivers\mbam.sys
22:11:00.0002 1384 MBAMProtector - ok
22:11:00.0033 1384 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
22:11:00.0049 1384 megasas - ok
22:11:00.0095 1384 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
22:11:00.0111 1384 MegaSR - ok
22:11:00.0158 1384 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
22:11:00.0205 1384 Modem - ok
22:11:00.0251 1384 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
22:11:00.0283 1384 monitor - ok
22:11:00.0314 1384 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
22:11:00.0329 1384 mouclass - ok
22:11:00.0361 1384 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
22:11:00.0392 1384 mouhid - ok
22:11:00.0470 1384 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
22:11:00.0485 1384 mountmgr - ok
22:11:00.0532 1384 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
22:11:00.0532 1384 mpio - ok
22:11:00.0563 1384 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
22:11:00.0595 1384 mpsdrv - ok
22:11:00.0626 1384 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
22:11:00.0641 1384 MRxDAV - ok
22:11:00.0704 1384 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
22:11:00.0751 1384 mrxsmb - ok
22:11:00.0860 1384 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:11:00.0891 1384 mrxsmb10 - ok
22:11:00.0938 1384 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:11:00.0953 1384 mrxsmb20 - ok
22:11:00.0985 1384 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
22:11:01.0000 1384 msahci - ok
22:11:01.0031 1384 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
22:11:01.0047 1384 msdsm - ok
22:11:01.0094 1384 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
22:11:01.0125 1384 Msfs - ok
22:11:01.0141 1384 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
22:11:01.0187 1384 mshidkmdf - ok
22:11:01.0219 1384 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
22:11:01.0234 1384 msisadrv - ok
22:11:01.0312 1384 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
22:11:01.0343 1384 MSKSSRV - ok
22:11:01.0453 1384 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
22:11:01.0484 1384 MSPCLOCK - ok
22:11:01.0499 1384 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
22:11:01.0546 1384 MSPQM - ok
22:11:01.0577 1384 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
22:11:01.0593 1384 MsRPC - ok
22:11:01.0624 1384 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
22:11:01.0640 1384 mssmbios - ok
22:11:01.0671 1384 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
22:11:01.0718 1384 MSTEE - ok
22:11:01.0733 1384 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
22:11:01.0765 1384 MTConfig - ok
22:11:01.0796 1384 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
22:11:01.0811 1384 Mup - ok
22:11:01.0936 1384 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
22:11:01.0967 1384 NativeWifiP - ok
22:11:02.0014 1384 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
22:11:02.0030 1384 NDIS - ok
22:11:02.0155 1384 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
22:11:02.0186 1384 NdisCap - ok
22:11:02.0233 1384 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
22:11:02.0264 1384 NdisTapi - ok
22:11:02.0389 1384 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
22:11:02.0420 1384 Ndisuio - ok
22:11:02.0435 1384 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
22:11:02.0467 1384 NdisWan - ok
22:11:02.0498 1384 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
22:11:02.0545 1384 NDProxy - ok
22:11:02.0654 1384 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
22:11:02.0685 1384 NetBIOS - ok
22:11:02.0701 1384 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
22:11:02.0732 1384 NetBT - ok
22:11:02.0935 1384 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\windows\system32\DRIVERS\netw5v32.sys
22:11:03.0075 1384 netw5v32 - ok
22:11:03.0200 1384 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
22:11:03.0215 1384 nfrd960 - ok
22:11:03.0262 1384 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
22:11:03.0309 1384 Npfs - ok
22:11:03.0325 1384 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
22:11:03.0356 1384 nsiproxy - ok
22:11:03.0434 1384 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
22:11:03.0481 1384 Ntfs - ok
22:11:03.0512 1384 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
22:11:03.0559 1384 Null - ok
22:11:03.0590 1384 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
22:11:03.0605 1384 nvraid - ok
22:11:03.0637 1384 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
22:11:03.0652 1384 nvstor - ok
22:11:03.0683 1384 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
22:11:03.0699 1384 nv_agp - ok
22:11:03.0746 1384 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
22:11:03.0777 1384 ohci1394 - ok
22:11:03.0886 1384 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
22:11:03.0917 1384 Parport - ok
22:11:03.0964 1384 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
22:11:03.0964 1384 partmgr - ok
22:11:04.0011 1384 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
22:11:04.0027 1384 Parvdm - ok
22:11:04.0089 1384 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
22:11:04.0089 1384 pci - ok
22:11:04.0136 1384 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
22:11:04.0151 1384 pciide - ok
22:11:04.0183 1384 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
22:11:04.0198 1384 pcmcia - ok
22:11:04.0276 1384 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
22:11:04.0292 1384 pcw - ok
22:11:04.0323 1384 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
22:11:04.0385 1384 PEAUTH - ok
22:11:04.0541 1384 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
22:11:04.0588 1384 PptpMiniport - ok
22:11:04.0619 1384 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
22:11:04.0651 1384 Processor - ok
22:11:04.0775 1384 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
22:11:04.0822 1384 Psched - ok
22:11:04.0916 1384 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
22:11:04.0963 1384 ql2300 - ok
22:11:05.0056 1384 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
22:11:05.0072 1384 ql40xx - ok
22:11:05.0103 1384 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
22:11:05.0119 1384 QWAVEdrv - ok
22:11:05.0134 1384 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
22:11:05.0181 1384 RasAcd - ok
22:11:05.0228 1384 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
22:11:05.0275 1384 RasAgileVpn - ok
22:11:05.0306 1384 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
22:11:05.0337 1384 Rasl2tp - ok
22:11:05.0462 1384 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
22:11:05.0509 1384 RasPppoe - ok
22:11:05.0540 1384 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
22:11:05.0555 1384 RasSstp - ok
22:11:05.0587 1384 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
22:11:05.0618 1384 rdbss - ok
22:11:05.0665 1384 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
22:11:05.0696 1384 rdpbus - ok
22:11:05.0743 1384 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
22:11:05.0774 1384 RDPCDD - ok
22:11:05.0899 1384 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
22:11:05.0914 1384 RDPENCDD - ok
22:11:05.0930 1384 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
22:11:05.0961 1384 RDPREFMP - ok
22:11:05.0992 1384 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
22:11:06.0039 1384 RDPWD - ok
22:11:06.0179 1384 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
22:11:06.0179 1384 rdyboost - ok
22:11:06.0304 1384 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
22:11:06.0335 1384 RFCOMM - ok
22:11:06.0476 1384 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
22:11:06.0507 1384 rspndr - ok
22:11:06.0538 1384 RSUSBSTOR - ok
22:11:06.0554 1384 RtsUIR - ok
22:11:06.0601 1384 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
22:11:06.0616 1384 sbp2port - ok
22:11:06.0647 1384 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
22:11:06.0679 1384 scfilter - ok
22:11:06.0803 1384 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
22:11:06.0835 1384 secdrv - ok
22:11:06.0897 1384 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
22:11:06.0928 1384 Serenum - ok
22:11:06.0959 1384 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
22:11:06.0991 1384 Serial - ok
22:11:07.0022 1384 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
22:11:07.0053 1384 sermouse - ok
22:11:07.0084 1384 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
22:11:07.0100 1384 sffdisk - ok
22:11:07.0131 1384 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
22:11:07.0162 1384 sffp_mmc - ok
22:11:07.0209 1384 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
22:11:07.0225 1384 sffp_sd - ok
22:11:07.0271 1384 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
22:11:07.0287 1384 sfloppy - ok
22:11:07.0349 1384 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
22:11:07.0349 1384 sisagp - ok
22:11:07.0396 1384 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
22:11:07.0412 1384 SiSRaid2 - ok
22:11:07.0443 1384 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
22:11:07.0459 1384 SiSRaid4 - ok
22:11:07.0599 1384 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
22:11:07.0630 1384 Smb - ok
22:11:07.0677 1384 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
22:11:07.0677 1384 spldr - ok
22:11:07.0817 1384 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
22:11:07.0880 1384 srv - ok
22:11:07.0911 1384 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
22:11:07.0942 1384 srv2 - ok
22:11:07.0989 1384 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
22:11:08.0005 1384 srvnet - ok
22:11:08.0067 1384 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
22:11:08.0083 1384 ssmdrv - ok
22:11:08.0129 1384 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
22:11:08.0129 1384 stexstor - ok
22:11:08.0176 1384 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
22:11:08.0192 1384 swenum - ok
22:11:08.0285 1384 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\windows\system32\drivers\tcpip.sys
22:11:08.0317 1384 Tcpip - ok
22:11:08.0363 1384 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\windows\system32\DRIVERS\tcpip.sys
22:11:08.0395 1384 TCPIP6 - ok
22:11:08.0441 1384 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
22:11:08.0488 1384 tcpipreg - ok
22:11:08.0519 1384 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
22:11:08.0551 1384 TDPIPE - ok
22:11:08.0566 1384 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
22:11:08.0597 1384 TDTCP - ok
22:11:08.0613 1384 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
22:11:08.0660 1384 tdx - ok
22:11:08.0691 1384 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
22:11:08.0691 1384 TermDD - ok
22:11:08.0769 1384 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
22:11:08.0800 1384 tssecsrv - ok
22:11:08.0925 1384 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
22:11:08.0956 1384 tunnel - ok
22:11:09.0065 1384 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
22:11:09.0081 1384 uagp35 - ok
22:11:09.0112 1384 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
22:11:09.0159 1384 udfs - ok
22:11:09.0221 1384 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
22:11:09.0221 1384 uliagpkx - ok
22:11:09.0346 1384 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
22:11:09.0362 1384 umbus - ok
22:11:09.0393 1384 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
22:11:09.0424 1384 UmPass - ok
22:11:09.0455 1384 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys
22:11:09.0487 1384 usbccgp - ok
22:11:09.0502 1384 USBCCID - ok
22:11:09.0533 1384 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
22:11:09.0549 1384 usbcir - ok
22:11:09.0611 1384 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\DRIVERS\usbehci.sys
22:11:09.0627 1384 usbehci - ok
22:11:09.0658 1384 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
22:11:09.0674 1384 usbhub - ok
22:11:09.0705 1384 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys
22:11:09.0721 1384 usbohci - ok
22:11:09.0767 1384 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
22:11:09.0799 1384 usbprint - ok
22:11:09.0908 1384 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
22:11:09.0939 1384 usbscan - ok
22:11:09.0986 1384 usbsmi (44cdcf77305096e866381688635064d8) C:\windows\system32\DRIVERS\SMIksdrv.sys
22:11:10.0033 1384 usbsmi - ok
22:11:10.0142 1384 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:11:10.0173 1384 USBSTOR - ok
22:11:10.0220 1384 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\DRIVERS\usbuhci.sys
22:11:10.0251 1384 usbuhci - ok
22:11:10.0345 1384 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
22:11:10.0376 1384 usbvideo - ok
22:11:10.0423 1384 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
22:11:10.0438 1384 vdrvroot - ok
22:11:10.0501 1384 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
22:11:10.0516 1384 vga - ok
22:11:10.0547 1384 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
22:11:10.0563 1384 VgaSave - ok
22:11:10.0625 1384 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
22:11:10.0641 1384 vhdmp - ok
22:11:10.0688 1384 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
22:11:10.0688 1384 viaagp - ok
22:11:10.0719 1384 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
22:11:10.0750 1384 ViaC7 - ok
22:11:10.0781 1384 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
22:11:10.0781 1384 viaide - ok
22:11:10.0813 1384 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
22:11:10.0828 1384 volmgr - ok
22:11:10.0875 1384 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
22:11:10.0891 1384 volmgrx - ok
22:11:10.0937 1384 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
22:11:10.0937 1384 volsnap - ok
22:11:10.0984 1384 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
22:11:11.0000 1384 vsmraid - ok
22:11:11.0047 1384 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
22:11:11.0078 1384 vwifibus - ok
22:11:11.0109 1384 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
22:11:11.0125 1384 vwififlt - ok
22:11:11.0234 1384 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
22:11:11.0265 1384 vwifimp - ok
22:11:11.0296 1384 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
22:11:11.0312 1384 WacomPen - ok
22:11:11.0359 1384 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
22:11:11.0390 1384 WANARP - ok
22:11:11.0390 1384 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
22:11:11.0421 1384 Wanarpv6 - ok
22:11:11.0468 1384 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
22:11:11.0483 1384 Wd - ok
22:11:11.0515 1384 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
22:11:11.0530 1384 Wdf01000 - ok
22:11:11.0655 1384 wdmirror (ea4e9dd00e69b35f9bd3d39acb113e3f) C:\windows\system32\DRIVERS\WDMirror.sys
22:11:11.0655 1384 wdmirror - ok
22:11:11.0749 1384 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
22:11:11.0780 1384 WfpLwf - ok
22:11:11.0827 1384 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\windows\system32\DRIVERS\wimfltr.sys
22:11:11.0827 1384 WimFltr - ok
22:11:11.0858 1384 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
22:11:11.0873 1384 WIMMount - ok
22:11:11.0951 1384 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
22:11:11.0983 1384 WmiAcpi - ok
22:11:12.0092 1384 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
22:11:12.0139 1384 ws2ifsl - ok
22:11:12.0185 1384 wsvd (baedc491374defd5e76336901d6d397d) C:\windows\system32\DRIVERS\wsvd.sys
22:11:12.0201 1384 wsvd - ok
22:11:12.0232 1384 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
22:11:12.0279 1384 WudfPf - ok
22:11:12.0326 1384 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
22:11:12.0341 1384 WUDFRd - ok
22:11:12.0388 1384 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:11:12.0482 1384 \Device\Harddisk0\DR0 - ok
22:11:12.0497 1384 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
22:11:12.0887 1384 \Device\Harddisk1\DR1 - ok
22:11:12.0903 1384 Boot (0x1200) (c98a1924b196e8e2d3aab7b0055f6a39) \Device\Harddisk0\DR0\Partition0
22:11:12.0903 1384 \Device\Harddisk0\DR0\Partition0 - ok
22:11:12.0950 1384 Boot (0x1200) (b248e672bb6a71ac4ac5d4217dd85b7a) \Device\Harddisk0\DR0\Partition1
22:11:12.0950 1384 \Device\Harddisk0\DR0\Partition1 - ok
22:11:12.0965 1384 Boot (0x1200) (cbcb8fbbb514a4e02a232d9c07ce4933) \Device\Harddisk0\DR0\Partition2
22:11:12.0965 1384 \Device\Harddisk0\DR0\Partition2 - ok
22:11:12.0965 1384 Boot (0x1200) (ef06fa61382ac3d1c0fa5e1e954b00d8) \Device\Harddisk1\DR1\Partition0
22:11:12.0965 1384 \Device\Harddisk1\DR1\Partition0 - ok
22:11:12.0981 1384 ============================================================
22:11:12.0981 1384 Scan finished
22:11:12.0981 1384 ============================================================
22:11:12.0997 1392 Detected object count: 0
22:11:12.0997 1392 Actual detected object count: 0

opteryx · 16.10.2011, 21:37

Ich werde jetzt das Ganze auf die altmodische Art lösen und nochmal komplett neu aufsetzen! Danke trotzdem für die schnelle Hilfe!

cosinus · 17.10.2011, 16:31

Ist wohl besser in diesem Fall, denn es ist ungewiss ob wir deinen Rechner nochmal in den normalen Modus gebracht hätten, aber ein Versuch war es IMHO wert.

16.10.2011, 16:29	#17
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BKA-Malware Ist Windows jetzt bedienbar oder nicht? Wenn nicht wie gesagt ein neues OTLPE-Log machen __________________ __________________

16.10.2011, 20:07	#21
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BKA-Malware Funktioniert noch der abgesicherte Modus? __________________ --> BKA-Malware

16.10.2011, 20:49	#25
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BKA-Malware Das Log ist soweit ok. Versuch mal einen neuen Benutzer über die Systemsteuerung im abgesicherten Modus zu erstellen und starte dann im normalen Windows-Modus, log dich dann mit dem neu erstellen Benutzer ein. Funktioniert das? __________________ Logfiles bitte immer in CODE-Tags posten

17.10.2011, 16:31	#30
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BKA-Malware Ist wohl besser in diesem Fall, denn es ist ungewiss ob wir deinen Rechner nochmal in den normalen Modus gebracht hätten, aber ein Versuch war es IMHO wert. __________________ Logfiles bitte immer in CODE-Tags posten

BKA-Malware

Plagegeister aller Art und deren Bekämpfung: BKA-Malware

BKA-Malware

BKA-Malware

BKA-Malware

BKA-Malware

BKA-Malware

BKA-Malware

BKA-Malware

BKA-Malware

BKA-Malware

BKA-Malware

BKA-Malware

BKA-Malware

BKA-Malware

BKA-Malware

BKA-Malware

Ähnliche Themen: BKA-Malware

16.10.2011, 20:09	#22
opteryx	BKA-Malware ja der funktioniert noch

16.10.2011, 21:37	#29
opteryx	BKA-Malware Ich werde jetzt das Ganze auf die altmodische Art lösen und nochmal komplett neu aufsetzen! Danke trotzdem für die schnelle Hilfe!