Bundespolizeivirus (Win 7)

ecdub · 07.10.2011, 14:11

Hallo zusammen,

gestern Abend habe ich mir leider oben erwähnten Trojaner an meinem Laptop eingefangen. Durch google bin ich auf einen einen Monat alten Thread hier gestoßen, bei dem ein Scan mit srep.exe vorgeschlagen wurde. Dies habe ich getan, allerdings gab es nicht das gewünschte Ergebnis. Ich werde weiterhin darauf hingewiesen doch bitte 100€ zu bezahlen.

Nachdem ich mir hier einige Threads zum Thema durchgelesen hatte, habe ich vorhin den nächsten Schritt untergenommen. Der Scan mit OTLPE brachte aber auch nicht das gewünschte Ergebnis. Ich habe mir das Programm runtergeladen und mit ISOburner auf eine CD gebrannt. Im Anschluss daran habe ich das System neu gestartet und von der CD booten lassen. Nach der erwünschten REATOGO-X-PE Anzeige wurde ich jedoch mit einem Bildschirm darauf hingewiesen, dass das System beendet wurde um keinen Schaden am Computer anzurichten.

Jetzt bin ich etwas ratlos und hoffe die Experten können mir weiterhelfen. Am Ende noch das Ergebnis des srep.exe Scans.

Code:

ATTFilter

WIN_7 X64Service Pack 1

HKLM\..\Winlogon; Shell = explorer.exe
No action taken
HKCU\..\Winlogon; Shell not found
No action taken


HKLM\..\Run [LoadFUJ02E3] = C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
HKLM\..\Run [IndicatorUtility] = C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
HKLM\..\Run [Adobe Reader Speed Launcher] = "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\..\Run [UCam_Menu] = "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
HKLM\..\Run [YouCam Mirror Tray icon] = "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
HKLM\..\Run [AIS_RegApp] = "C:\Program Files (x86)\Fujitsu\AIS Connect\regapp\RegApp.exe"
HKLM\..\Run [DeskUpdateNotifier] = "c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe"
HKLM\..\Run [avgnt] = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

HKCU\..\Run [swg] = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKCU\..\Run [Update] = C:\Users\***\AppData\Roaming\5F9E7B50.exe

HKU\.DEFAULT\..\Winlogon; Shell = 
HKU\S-1-5-19\..\Winlogon; Shell = 
HKU\S-1-5-20\..\Winlogon; Shell = 
HKU\S-1-5-21-358674387-1169249815-4034172737-1001\..\Winlogon; Shell = 
HKU\S-1-5-21-358674387-1169249815-4034172737-1001_Classes\..\Winlogon; Shell = 
HKU\S-1-5-18\..\Winlogon; Shell = 

HKU\S-1-5-19\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-358674387-1169249815-4034172737-1001\..\Run [swg] = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-358674387-1169249815-4034172737-1001\..\Run [Update] = C:\Users\***\AppData\Roaming\5F9E7B50.exe


x64
HKLMx64\..\Winlogon; Shell = explorer.exe
No action taken
HKCUx6464\..\Winlogon; Shell = 
No action taken
HKLMx64\..\Winlogon, Shell = explorer.exe
HKCUx64\..\Winlogon, Shell = 

==== FINISH 07.10-10.06 ====

Grüße Tim

cosinus · 07.10.2011, 16:36

Zitat:

jedoch mit einem Bildschirm darauf hingewiesen, dass das System beendet wurde um keinen Schaden am Computer anzurichten.

Geh mal ins BIOS deines Computers und stell den Plattencontroller von AHCI auf IDE bzw. Compatible um. Genauere Anleitungen kann man nicht posten, da fast jedes BIOS anders aussieht. Schau notfalls ins Handbuch.

Um das installierte Windows wieder booten zu können musst du natürlich auf AHCI wieder umstellen.

ecdub · 07.10.2011, 18:02

Geht es darum, nur Windows 7 wieder zum laufen zu bringen? Falls ja, das habe ich bereits geschafft, indem ich die Einstellungen bezüglich booten von CD zurückgenommen habe.

Trotzdem habe ich mich im BIOS Setup Menü einmal umgesehen, allerdings bin ich jetzt ein wenig überfordert. Er gibt mit Info, System, Advanced, Security, Boot und Exit 6 Unterpunkte. Ich glaube die Angelegenheit auf 2 Punkte eingrenzen zu können. Bei System gibt es neben Uhrzeit und Datum "Drive 0: [ST9500325AS-(S1)]", sowie "Drive 1:[TSSTcorp CDDVDW TS-L633F-(S2)]" Als Erklärung steht daneben "Configures Serial ATA/IDE Drive".

Desweiteren gibt es unter dem Punkt Advanced den Unterpunkt "AHCI Configuration: [Enabled]" mit der zugehörigen Erklärung "Select AHCI (Advanced Host Controller Interface) enabled or disabled."

Als Laie würde ich sagen ich wäre mit Advanced gut beraten, allerdings würde ich mir das gerne nochmal vom Experten bestätigen lassen, bevor ich da einfach irgendwas umstelle.

cosinus · 07.10.2011, 21:39

Zitat:

Geht es darum, nur Windows 7 wieder zum laufen zu bringen? Falls ja, das habe ich bereits geschafft

Was denn jetzt? Natürlich geht das mit OTLPE darum! Und wenn du den BKA-Fake hast wird Windows ja auch blockiert!
Vllt könntest du mal klarstellen was genau mit deinem Rechner jetzt ist - ist der BKA noch drauf bzw. wird der Rechner nun noch bom BKA-Screen blockiert ja oder nein?

ecdub · 08.10.2011, 01:43

Tut mir leid, da habe ich dich erst ein wenig missverstanden und mich anschließend unglücklich ausgedrückt.

Zur Klarstellung: Der BKA-Virus ist nach wie vor vorhanden. Ich habe den srep.exe Scan durchgeführt ohne gewünschten Erfolg. Im Anschluss habe ich OTLPE runtergeladen, auf CD gebrannt und das System über die CD booten lassen, was den angesprochen Bildschirm zur Folge hatte. Danach habe ich das System wieder auf normal gestellt, sodass Windows 7 normal hochgefahren ist (das System also nicht mehr über die CD booten lassen; das meinte ich mit "Windows zum laufen gebracht"). Der BKA Virus erscheint jetzt wieder wenige Sekunden nachdem ich beim Desktop angekommen bin.

Ich hoffe ich habe mich jetzt verständlicher ausgedrückt. Nochmal sorry für die Verwirrung.

cosinus · 08.10.2011, 16:27

Dann boote von der OTLPE-CD bei deaktiviertem AHCI und mach da das OTLPE-Log.

ecdub · 08.10.2011, 20:49

Ich habe den OTLPE-Scan durchgeführt.

Code:

ATTFilter

OTL logfile created on: 10/8/2011 11:31:19 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 110.00 Gb Total Space | 66.62 Gb Free Space | 60.56% Space Free | Partition Type: NTFS
Drive D: | 353.76 Gb Total Space | 353.66 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/09/22 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/23 20:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService)
SRV:64bit: - [2009/12/24 06:43:40 | 000,145,840 | ---- | M] (CSR, plc) [Auto] -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService)
SRV:64bit: - [2009/07/30 05:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/02 03:15:26 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2011/07/21 06:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/21 01:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/09/24 07:53:40 | 000,384,792 | ---- | M] (Fujitsu Technology Solutions) [On_Demand] -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe -- (TestHandler)
SRV - [2010/09/13 23:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/13 23:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/01 12:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/01 12:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/07/16 08:16:42 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/07/21 06:11:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/21 06:11:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/13 23:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/13 23:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/13 23:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/13 23:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/03/04 16:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/18 06:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/27 00:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/11/06 07:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/01 12:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/10/26 07:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2006/11/01 12:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV:64bit: - [2006/11/01 12:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\Tim_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
IE - HKU\Tim_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\Tim_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Tim_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ts.fujitsu.com
IE - HKU\Tim_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/02 19:45:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/09/02 04:02:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/02 19:45:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/02 19:45:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/02 19:45:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/02 19:45:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/02 19:45:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/02 19:45:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/02 19:45:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\Tim_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BthSyncServ]  File not found
O4:64bit: - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AIS_RegApp] C:\Program Files (x86)\Fujitsu\AIS Connect\regapp\RegApp.exe (Fujitsu)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DeskUpdateNotifier] C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Tim_ON_C..\Run: [Update] C:\Users\Tim\AppData\Roaming\5F9E7B50.exe (Vano Freelancer)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Tim_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/10/06 18:13:52 | 000,134,696 | ---- | C] (Vano Freelancer) -- C:\Users\Tim\AppData\Roaming\5F9E7B50.exe
[2011/10/06 08:49:55 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{FEB34D15-949D-4584-A2E9-6D9D7851989E}
[2011/10/06 08:49:55 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{44BAAEFC-8576-4230-982D-1062BB1FACAE}
[2011/10/06 08:49:42 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Windows Live Writer
[2011/10/06 08:49:42 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Windows Live Writer
[2011/09/22 19:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2011/09/21 18:33:32 | 000,000,000 | ---D | C] -- C:\Users\Tim\Documents\Bilder
[2011/09/21 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\Tim\Documents\Dateien
[2011/09/13 12:50:19 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Avira
[2011/09/12 19:05:13 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Diagnostics
 
========== Files - Modified Within 30 Days ==========
 
[2011/10/07 14:04:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/07 14:03:13 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/07 14:02:29 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/06 18:49:36 | 000,697,534 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/10/06 18:49:36 | 000,652,812 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/06 18:49:36 | 000,148,540 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/10/06 18:49:36 | 000,121,486 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/06 18:35:37 | 000,000,000 | ---- | M] () -- C:\Users\Tim\AppData\Local\{8586FA98-8DFC-4FB8-8BE2-E00AAFA141FD}
[2011/10/06 18:30:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/06 18:13:40 | 000,000,568 | -H-- | M] () -- C:\ProgramData\common.data
[2011/10/06 18:13:39 | 000,134,696 | ---- | M] (Vano Freelancer) -- C:\Users\Tim\AppData\Roaming\5F9E7B50.exe
[2011/10/06 17:27:34 | 000,016,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/06 17:27:34 | 000,016,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/02 11:34:54 | 000,638,753 | ---- | M] () -- C:\Users\Tim\Documents\Matt & Jeff Hardy Story.jpg
[2011/10/02 10:34:18 | 000,657,396 | ---- | M] () -- C:\Users\Tim\Documents\Alessandro del Piero.jpg
[2011/10/02 10:33:21 | 000,628,572 | ---- | M] () -- C:\Users\Tim\Documents\Miralem Pjanic.jpg
[2011/10/02 10:32:55 | 000,568,387 | ---- | M] () -- C:\Users\Tim\Documents\Ruud van Nistelrooy.jpg
[2011/09/30 08:09:06 | 000,603,055 | ---- | M] () -- C:\Users\Tim\Documents\Marek Hamsik.jpg
[2011/09/29 15:47:08 | 000,655,353 | ---- | M] () -- C:\Users\Tim\Documents\Greatest Superstars of Wrestlemania.jpg
[2011/09/29 15:46:14 | 000,606,326 | ---- | M] () -- C:\Users\Tim\Documents\Backlash 2006.jpg
[2011/09/29 15:45:26 | 000,627,963 | ---- | M] () -- C:\Users\Tim\Documents\Royal Rumble 2006.jpg
[2011/09/29 15:43:56 | 000,667,266 | ---- | M] () -- C:\Users\Tim\Documents\New Years Revolution 2006.jpg
[2011/09/29 15:43:32 | 000,566,174 | ---- | M] () -- C:\Users\Tim\Documents\Backlash 2005.jpg
[2011/09/29 15:42:16 | 000,667,399 | ---- | M] () -- C:\Users\Tim\Documents\Survivor Series 2004.jpg
[2011/09/29 15:41:20 | 000,623,436 | ---- | M] () -- C:\Users\Tim\Documents\Summerslam 2003.jpg
[2011/09/23 20:13:02 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/09/23 10:52:52 | 000,111,835 | ---- | M] () -- C:\Users\Tim\Documents\Fujitsu Lifebook AH530 (1).pdf
[2011/09/23 10:45:21 | 000,123,040 | ---- | M] () -- C:\Users\Tim\Documents\Fujitsu Lifebook AH530.pdf
[2011/09/23 04:13:53 | 000,276,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/22 19:15:03 | 000,002,555 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2011/09/18 19:44:12 | 005,057,154 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/18 15:38:36 | 000,659,406 | ---- | M] () -- C:\Users\Tim\Documents\CHIKARA Caught In A Cauldron Of Hate.jpg
[2011/09/18 15:37:32 | 000,652,128 | ---- | M] () -- C:\Users\Tim\Documents\CHIKARA Clutch Of Doom.jpg
[2011/09/18 15:36:46 | 000,613,378 | ---- | M] () -- C:\Users\Tim\Documents\CHIKARA Operation Big Freeze.jpg
[2011/09/18 15:36:06 | 000,665,011 | ---- | M] () -- C:\Users\Tim\Documents\ROH Fade To Black.jpg
[2011/09/15 14:40:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/09/15 14:35:38 | 000,613,366 | ---- | M] () -- C:\Users\Tim\Documents\Undertaker's Deadliest Matches.jpg
[2011/09/15 14:33:24 | 000,610,623 | ---- | M] () -- C:\Users\Tim\Documents\Jeff Hardy - My Life, My Rules.jpg
[2011/09/15 14:31:54 | 000,599,423 | ---- | M] () -- C:\Users\Tim\Documents\Wrestlemania 17.jpg
[2011/09/15 14:31:10 | 000,641,355 | ---- | M] () -- C:\Users\Tim\Documents\Survivor Series 2008.jpg
[2011/09/15 14:30:34 | 000,620,200 | ---- | M] () -- C:\Users\Tim\Documents\Summerslam 2005.jpg
[2011/09/15 14:29:20 | 000,641,967 | ---- | M] () -- C:\Users\Tim\Documents\Vengeance 2005.jpg
[2011/09/15 14:28:52 | 000,620,968 | ---- | M] () -- C:\Users\Tim\Documents\Royal Rumble 2005.jpg
[2011/09/15 14:28:16 | 000,650,288 | ---- | M] () -- C:\Users\Tim\Documents\New Years Revolution 2005.jpg
[2011/09/15 14:26:52 | 000,629,032 | ---- | M] () -- C:\Users\Tim\Documents\Unforgiven 2003.jpg
 
========== Files Created - No Company Name ==========
 
[2011/10/06 18:35:37 | 000,000,000 | ---- | C] () -- C:\Users\Tim\AppData\Local\{8586FA98-8DFC-4FB8-8BE2-E00AAFA141FD}
[2011/10/06 18:13:36 | 000,000,568 | -H-- | C] () -- C:\ProgramData\common.data
[2011/10/02 16:23:51 | 000,638,753 | ---- | C] () -- C:\Users\Tim\Documents\Matt & Jeff Hardy Story.jpg
[2011/10/02 10:31:40 | 000,628,572 | ---- | C] () -- C:\Users\Tim\Documents\Miralem Pjanic.jpg
[2011/10/02 10:31:34 | 000,568,387 | ---- | C] () -- C:\Users\Tim\Documents\Ruud van Nistelrooy.jpg
[2011/10/02 10:31:31 | 000,657,396 | ---- | C] () -- C:\Users\Tim\Documents\Alessandro del Piero.jpg
[2011/09/30 08:07:51 | 000,603,055 | ---- | C] () -- C:\Users\Tim\Documents\Marek Hamsik.jpg
[2011/09/29 15:52:33 | 000,655,353 | ---- | C] () -- C:\Users\Tim\Documents\Greatest Superstars of Wrestlemania.jpg
[2011/09/29 15:52:31 | 000,606,326 | ---- | C] () -- C:\Users\Tim\Documents\Backlash 2006.jpg
[2011/09/29 15:52:29 | 000,627,963 | ---- | C] () -- C:\Users\Tim\Documents\Royal Rumble 2006.jpg
[2011/09/29 15:52:27 | 000,667,266 | ---- | C] () -- C:\Users\Tim\Documents\New Years Revolution 2006.jpg
[2011/09/29 15:52:26 | 000,566,174 | ---- | C] () -- C:\Users\Tim\Documents\Backlash 2005.jpg
[2011/09/29 15:52:22 | 000,667,399 | ---- | C] () -- C:\Users\Tim\Documents\Survivor Series 2004.jpg
[2011/09/29 15:52:19 | 000,623,436 | ---- | C] () -- C:\Users\Tim\Documents\Summerslam 2003.jpg
[2011/09/23 10:52:51 | 000,111,835 | ---- | C] () -- C:\Users\Tim\Documents\Fujitsu Lifebook AH530 (1).pdf
[2011/09/23 10:45:20 | 000,123,040 | ---- | C] () -- C:\Users\Tim\Documents\Fujitsu Lifebook AH530.pdf
[2011/09/22 19:15:03 | 000,002,555 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2011/09/18 15:42:56 | 000,665,011 | ---- | C] () -- C:\Users\Tim\Documents\ROH Fade To Black.jpg
[2011/09/18 15:42:48 | 000,659,406 | ---- | C] () -- C:\Users\Tim\Documents\CHIKARA Caught In A Cauldron Of Hate.jpg
[2011/09/18 15:42:45 | 000,652,128 | ---- | C] () -- C:\Users\Tim\Documents\CHIKARA Clutch Of Doom.jpg
[2011/09/18 15:42:44 | 000,613,378 | ---- | C] () -- C:\Users\Tim\Documents\CHIKARA Operation Big Freeze.jpg
[2011/09/15 14:43:02 | 000,629,032 | ---- | C] () -- C:\Users\Tim\Documents\Unforgiven 2003.jpg
[2011/09/15 14:42:47 | 000,613,366 | ---- | C] () -- C:\Users\Tim\Documents\Undertaker's Deadliest Matches.jpg
[2011/09/15 14:42:44 | 000,610,623 | ---- | C] () -- C:\Users\Tim\Documents\Jeff Hardy - My Life, My Rules.jpg
[2011/09/15 14:42:39 | 000,599,423 | ---- | C] () -- C:\Users\Tim\Documents\Wrestlemania 17.jpg
[2011/09/15 14:42:37 | 000,641,355 | ---- | C] () -- C:\Users\Tim\Documents\Survivor Series 2008.jpg
[2011/09/15 14:42:35 | 000,620,200 | ---- | C] () -- C:\Users\Tim\Documents\Summerslam 2005.jpg
[2011/09/15 14:42:33 | 000,641,967 | ---- | C] () -- C:\Users\Tim\Documents\Vengeance 2005.jpg
[2011/09/15 14:42:33 | 000,620,968 | ---- | C] () -- C:\Users\Tim\Documents\Royal Rumble 2005.jpg
[2011/09/15 14:42:30 | 000,650,288 | ---- | C] () -- C:\Users\Tim\Documents\New Years Revolution 2005.jpg
[2011/09/15 14:40:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/09/03 15:32:49 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2011/09/02 05:29:50 | 000,000,061 | ---- | C] () -- C:\Windows\FliegenKlatschen.ini
[2011/08/24 05:48:34 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/08/24 05:48:34 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/08/24 05:48:34 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/08/24 05:48:33 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/08/24 05:48:33 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/04/16 06:56:37 | 005,057,154 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/30 07:49:22 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/09/02 03:32:53 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Fujitsu
[2011/10/06 10:33:29 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\SoftGrid Client
[2011/09/02 07:06:48 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TP
[2011/10/06 08:49:42 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Windows Live Writer
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/09/02 03:55:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Fujitsu
[2011/09/02 03:15:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Partner
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/09/02 03:18:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/09/03 14:23:06 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications
[2011/10/07 13:36:34 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

cosinus · 10.10.2011, 11:02

Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\Tim_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ts.fujitsu.com
IE - HKU\Tim_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\Tim_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Tim_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ts.fujitsu.com
O4 - HKU\Tim_ON_C..\Run: [Update] C:\Users\Tim\AppData\Roaming\5F9E7B50.exe (Vano Freelancer)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O32 - HKLM CDRom: AutoRun - 1
[2011/10/06 18:13:52 | 000,134,696 | ---- | C] (Vano Freelancer) -- C:\Users\Tim\AppData\Roaming\5F9E7B50.exe
[2011/10/06 18:13:40 | 000,000,568 | -H-- | M] () -- C:\ProgramData\common.data
:Commands
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

ecdub · 10.10.2011, 16:02

Hier das Logfile:

Code:

ATTFilter

========== OTL ==========
HKU\Tim_ON_C\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\Tim_ON_C\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\Tim_ON_C\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\Tim_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\Tim_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
C:\Users\Tim\AppData\Roaming\5F9E7B50.exe moved successfully.
Registry key HKEY_USERS\LocalService_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\Users\Tim\AppData\Roaming\5F9E7B50.exe not found.
C:\ProgramData\common.data moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 10102011_193334

Die Datei habe ich ebenfalls hochgeladen. Von der Bundespolizei Meldung ist jetzt nichts mehr zu sehen. Bis hierhin schonmal vielen Dank.

cosinus · 10.10.2011, 17:02

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

ecdub · 10.10.2011, 23:19

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7917

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10.10.2011 21:09:35
mbam-log-2011-10-10 (21-09-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|Q:\|)
Durchsuchte Objekte: 321207
Laufzeit: 42 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Tim\AppData\Local\Temp\wpbt0.dll (Exploit.Drop) -> Quarantined and deleted successfully.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=186d3bba0ed13946a4bc428ee6c8edf8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-10 08:10:24
# local_time=2011-10-10 10:10:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 473269 54806522 467551 0
# compatibility_mode=5893 16776573 100 94 568 69904509 0 0
# compatibility_mode=8192 67108863 100 0 312 312 0 0
# scanned=130566
# found=6
# cleaned=0
# scan_time=2764
C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D6XHO3T\calc[1].exe	a variant of Win32/Injector.JUJ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XIUBTFFV\calc[1].exe	a variant of Win32/Kryptik.TPK trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Tim\AppData\Local\Mozilla\Firefox\Profiles\d34ztlko.default\Cache\4\99\7E1FEd01	JS/Exploit.Pdfka.PEN trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Tim\AppData\Local\Temp\wpbt1.dll	a variant of Win32/Injector.JUJ trojan (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles.zip	a variant of Win32/Injector.JUJ trojan (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles\10102011_193334\C_Users\Tim\AppData\Roaming\5F9E7B50.exe	a variant of Win32/Injector.JUJ trojan (unable to clean)	00000000000000000000000000000000	I

cosinus · 11.10.2011, 10:02

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

ecdub · 11.10.2011, 10:55

Code:

ATTFilter

OTL logfile created on: 10/11/2011 11:38:12 AM - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Tim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.80 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 67.16% Memory free
7.60 Gb Paging File | 6.24 Gb Available in Paging File | 82.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 110.00 Gb Total Space | 64.49 Gb Free Space | 58.63% Space Free | Partition Type: NTFS
Drive D: | 353.76 Gb Total Space | 353.66 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive F: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/10/11 11:37:04 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
PRC - [2011/07/21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/13 13:04:22 | 000,097,560 | ---- | M] (Fujitsu Technology Solutions) -- C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/11/01 18:04:48 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/01 18:04:42 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/10/09 21:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2009/10/08 20:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2009/07/16 14:16:42 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/07/08 21:58:26 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/09/19 11:35:17 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\924868e6f2c4357e222171237891d140\log4net.ni.dll
MOD - [2011/09/19 11:35:14 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/09/19 11:35:06 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/09/19 11:35:05 | 000,113,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\0dddee4ddf0bbd63c3755928370f0340\DeskUpdateNotifier.ni.exe
MOD - [2011/09/19 11:35:01 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/09/19 11:34:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/09/19 11:34:56 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/09/19 11:34:50 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 02:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService)
SRV:64bit: - [2009/12/24 12:43:40 | 000,145,840 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService)
SRV:64bit: - [2009/07/30 11:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/07/21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/09/24 13:53:40 | 000,384,792 | ---- | M] (Fujitsu Technology Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe -- (TestHandler)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/01 18:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/01 18:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/07/16 14:16:42 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/07/21 12:11:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/21 12:11:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/06/08 10:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/04 22:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/18 12:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/27 06:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/11/06 13:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/01 18:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/10/26 13:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/09 21:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 18:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
DRV:64bit: - [2006/11/01 18:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 CE 70 34 5D 87 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/03 01:45:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/09/02 10:03:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Extensions
[2011/09/10 16:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\d34ztlko.default\extensions
[2011/09/02 10:02:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\TIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D34ZTLKO.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2011/10/03 01:45:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 01:45:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/03 01:45:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/03 01:45:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/03 01:45:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/03 01:45:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/03 01:45:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/10/11 01:33:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BthSyncServ] "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe" File not found
O4:64bit: - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AIS_RegApp] C:\Program Files (x86)\Fujitsu\AIS Connect\regapp\RegApp.exe (Fujitsu)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Update] C:\Users\Tim\AppData\Roaming\5F9E7B50.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B177CBF6-390A-4E52-9F69-60BDD2CB9D86}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD3427C2-C63B-43C7-9AA7-EB0B84E4995E}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 13:06:41 | 000,000,053 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a57b74bc-d57b-11e0-ad83-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a57b74bc-d57b-11e0-ad83-806e6f6e6963}\Shell\AutoRun\command - "" = F:\reatogoMenu.exe -- [2005/07/16 23:36:50 | 000,240,128 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/10/11 11:37:02 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2011/10/11 01:33:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/10 21:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/10/10 21:18:10 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Tim\Desktop\esetsmartinstaller_enu.exe
[2011/10/10 20:14:11 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Malwarebytes
[2011/10/10 20:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/10 20:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/10 20:13:35 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/10/10 20:13:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/06 14:49:55 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{FEB34D15-949D-4584-A2E9-6D9D7851989E}
[2011/10/06 14:49:55 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{44BAAEFC-8576-4230-982D-1062BB1FACAE}
[2011/10/06 14:49:42 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Windows Live Writer
[2011/10/06 14:49:42 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Windows Live Writer
[2011/09/23 01:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2011/09/22 00:33:32 | 000,000,000 | ---D | C] -- C:\Users\Tim\Documents\Bilder
[2011/09/22 00:33:13 | 000,000,000 | ---D | C] -- C:\Users\Tim\Documents\Dateien
[2011/09/13 18:50:19 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Avira
[2011/09/13 01:05:13 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Diagnostics
 
========== Files - Modified Within 30 Days ==========
 
[2011/10/11 11:41:32 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/11 11:41:32 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/11 11:40:44 | 000,861,066 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/11 11:40:44 | 000,712,326 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/10/11 11:40:44 | 000,153,276 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/10/11 11:40:44 | 000,004,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/11 11:40:44 | 000,004,272 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/11 11:37:04 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2011/10/11 11:33:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/11 11:33:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/11 11:33:37 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/10 23:30:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/10 21:18:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Tim\Desktop\esetsmartinstaller_enu.exe
[2011/10/07 00:35:37 | 000,000,000 | ---- | M] () -- C:\Users\Tim\AppData\Local\{8586FA98-8DFC-4FB8-8BE2-E00AAFA141FD}
[2011/10/02 17:34:54 | 000,638,753 | ---- | M] () -- C:\Users\Tim\Documents\Matt & Jeff Hardy Story.jpg
[2011/10/02 16:34:18 | 000,657,396 | ---- | M] () -- C:\Users\Tim\Documents\Alessandro del Piero.jpg
[2011/10/02 16:33:21 | 000,628,572 | ---- | M] () -- C:\Users\Tim\Documents\Miralem Pjanic.jpg
[2011/10/02 16:32:55 | 000,568,387 | ---- | M] () -- C:\Users\Tim\Documents\Ruud van Nistelrooy.jpg
[2011/09/30 14:09:06 | 000,603,055 | ---- | M] () -- C:\Users\Tim\Documents\Marek Hamsik.jpg
[2011/09/29 21:47:08 | 000,655,353 | ---- | M] () -- C:\Users\Tim\Documents\Greatest Superstars of Wrestlemania.jpg
[2011/09/29 21:46:14 | 000,606,326 | ---- | M] () -- C:\Users\Tim\Documents\Backlash 2006.jpg
[2011/09/29 21:45:26 | 000,627,963 | ---- | M] () -- C:\Users\Tim\Documents\Royal Rumble 2006.jpg
[2011/09/29 21:43:56 | 000,667,266 | ---- | M] () -- C:\Users\Tim\Documents\New Years Revolution 2006.jpg
[2011/09/29 21:43:32 | 000,566,174 | ---- | M] () -- C:\Users\Tim\Documents\Backlash 2005.jpg
[2011/09/29 21:42:16 | 000,667,399 | ---- | M] () -- C:\Users\Tim\Documents\Survivor Series 2004.jpg
[2011/09/29 21:41:20 | 000,623,436 | ---- | M] () -- C:\Users\Tim\Documents\Summerslam 2003.jpg
[2011/09/23 16:52:52 | 000,111,835 | ---- | M] () -- C:\Users\Tim\Documents\Fujitsu Lifebook AH530 (1).pdf
[2011/09/23 16:45:21 | 000,123,040 | ---- | M] () -- C:\Users\Tim\Documents\Fujitsu Lifebook AH530.pdf
[2011/09/23 10:13:53 | 000,276,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/19 01:44:12 | 005,057,154 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/18 21:38:36 | 000,659,406 | ---- | M] () -- C:\Users\Tim\Documents\CHIKARA Caught In A Cauldron Of Hate.jpg
[2011/09/18 21:37:32 | 000,652,128 | ---- | M] () -- C:\Users\Tim\Documents\CHIKARA Clutch Of Doom.jpg
[2011/09/18 21:36:46 | 000,613,378 | ---- | M] () -- C:\Users\Tim\Documents\CHIKARA Operation Big Freeze.jpg
[2011/09/18 21:36:06 | 000,665,011 | ---- | M] () -- C:\Users\Tim\Documents\ROH Fade To Black.jpg
[2011/09/15 20:40:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/09/15 20:35:38 | 000,613,366 | ---- | M] () -- C:\Users\Tim\Documents\Undertaker's Deadliest Matches.jpg
[2011/09/15 20:33:24 | 000,610,623 | ---- | M] () -- C:\Users\Tim\Documents\Jeff Hardy - My Life, My Rules.jpg
[2011/09/15 20:31:54 | 000,599,423 | ---- | M] () -- C:\Users\Tim\Documents\Wrestlemania 17.jpg
[2011/09/15 20:31:10 | 000,641,355 | ---- | M] () -- C:\Users\Tim\Documents\Survivor Series 2008.jpg
[2011/09/15 20:30:34 | 000,620,200 | ---- | M] () -- C:\Users\Tim\Documents\Summerslam 2005.jpg
[2011/09/15 20:29:20 | 000,641,967 | ---- | M] () -- C:\Users\Tim\Documents\Vengeance 2005.jpg
[2011/09/15 20:28:52 | 000,620,968 | ---- | M] () -- C:\Users\Tim\Documents\Royal Rumble 2005.jpg
[2011/09/15 20:28:16 | 000,650,288 | ---- | M] () -- C:\Users\Tim\Documents\New Years Revolution 2005.jpg
[2011/09/15 20:26:52 | 000,629,032 | ---- | M] () -- C:\Users\Tim\Documents\Unforgiven 2003.jpg
 
========== Files Created - No Company Name ==========
 
[2011/10/07 00:35:37 | 000,000,000 | ---- | C] () -- C:\Users\Tim\AppData\Local\{8586FA98-8DFC-4FB8-8BE2-E00AAFA141FD}
[2011/10/02 22:23:51 | 000,638,753 | ---- | C] () -- C:\Users\Tim\Documents\Matt & Jeff Hardy Story.jpg
[2011/10/02 16:31:40 | 000,628,572 | ---- | C] () -- C:\Users\Tim\Documents\Miralem Pjanic.jpg
[2011/10/02 16:31:34 | 000,568,387 | ---- | C] () -- C:\Users\Tim\Documents\Ruud van Nistelrooy.jpg
[2011/10/02 16:31:31 | 000,657,396 | ---- | C] () -- C:\Users\Tim\Documents\Alessandro del Piero.jpg
[2011/09/30 14:07:51 | 000,603,055 | ---- | C] () -- C:\Users\Tim\Documents\Marek Hamsik.jpg
[2011/09/29 21:52:33 | 000,655,353 | ---- | C] () -- C:\Users\Tim\Documents\Greatest Superstars of Wrestlemania.jpg
[2011/09/29 21:52:31 | 000,606,326 | ---- | C] () -- C:\Users\Tim\Documents\Backlash 2006.jpg
[2011/09/29 21:52:29 | 000,627,963 | ---- | C] () -- C:\Users\Tim\Documents\Royal Rumble 2006.jpg
[2011/09/29 21:52:27 | 000,667,266 | ---- | C] () -- C:\Users\Tim\Documents\New Years Revolution 2006.jpg
[2011/09/29 21:52:26 | 000,566,174 | ---- | C] () -- C:\Users\Tim\Documents\Backlash 2005.jpg
[2011/09/29 21:52:22 | 000,667,399 | ---- | C] () -- C:\Users\Tim\Documents\Survivor Series 2004.jpg
[2011/09/29 21:52:19 | 000,623,436 | ---- | C] () -- C:\Users\Tim\Documents\Summerslam 2003.jpg
[2011/09/23 16:52:51 | 000,111,835 | ---- | C] () -- C:\Users\Tim\Documents\Fujitsu Lifebook AH530 (1).pdf
[2011/09/23 16:45:20 | 000,123,040 | ---- | C] () -- C:\Users\Tim\Documents\Fujitsu Lifebook AH530.pdf
[2011/09/23 01:15:03 | 000,002,555 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2011/09/18 21:42:56 | 000,665,011 | ---- | C] () -- C:\Users\Tim\Documents\ROH Fade To Black.jpg
[2011/09/18 21:42:48 | 000,659,406 | ---- | C] () -- C:\Users\Tim\Documents\CHIKARA Caught In A Cauldron Of Hate.jpg
[2011/09/18 21:42:45 | 000,652,128 | ---- | C] () -- C:\Users\Tim\Documents\CHIKARA Clutch Of Doom.jpg
[2011/09/18 21:42:44 | 000,613,378 | ---- | C] () -- C:\Users\Tim\Documents\CHIKARA Operation Big Freeze.jpg
[2011/09/15 20:43:02 | 000,629,032 | ---- | C] () -- C:\Users\Tim\Documents\Unforgiven 2003.jpg
[2011/09/15 20:42:47 | 000,613,366 | ---- | C] () -- C:\Users\Tim\Documents\Undertaker's Deadliest Matches.jpg
[2011/09/15 20:42:44 | 000,610,623 | ---- | C] () -- C:\Users\Tim\Documents\Jeff Hardy - My Life, My Rules.jpg
[2011/09/15 20:42:39 | 000,599,423 | ---- | C] () -- C:\Users\Tim\Documents\Wrestlemania 17.jpg
[2011/09/15 20:42:37 | 000,641,355 | ---- | C] () -- C:\Users\Tim\Documents\Survivor Series 2008.jpg
[2011/09/15 20:42:35 | 000,620,200 | ---- | C] () -- C:\Users\Tim\Documents\Summerslam 2005.jpg
[2011/09/15 20:42:33 | 000,641,967 | ---- | C] () -- C:\Users\Tim\Documents\Vengeance 2005.jpg
[2011/09/15 20:42:33 | 000,620,968 | ---- | C] () -- C:\Users\Tim\Documents\Royal Rumble 2005.jpg
[2011/09/15 20:42:30 | 000,650,288 | ---- | C] () -- C:\Users\Tim\Documents\New Years Revolution 2005.jpg
[2011/09/15 20:40:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/09/03 21:32:49 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2011/09/02 11:29:50 | 000,000,061 | ---- | C] () -- C:\Windows\FliegenKlatschen.ini
[2011/08/24 11:48:34 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/08/24 11:48:34 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/08/24 11:48:34 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/08/24 11:48:33 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/08/24 11:48:33 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/04/16 12:56:37 | 005,057,154 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/30 13:49:22 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/09/02 09:32:53 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Fujitsu
[2011/10/06 16:33:29 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\SoftGrid Client
[2011/09/02 13:06:48 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TP
[2011/10/06 14:49:42 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Windows Live Writer
[2011/10/07 19:36:34 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/09/04 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Adobe
[2011/09/13 18:50:19 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Avira
[2011/09/02 09:32:53 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Fujitsu
[2011/09/02 10:00:12 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Google
[2011/09/02 09:32:12 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Identities
[2011/09/02 13:40:18 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Macromedia
[2011/10/10 20:14:11 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Malwarebytes
[2010/11/21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Media Center Programs
[2011/09/23 00:56:47 | 000,000,000 | --SD | M] -- C:\Users\Tim\AppData\Roaming\Microsoft
[2011/09/02 10:03:28 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Mozilla
[2011/10/06 16:33:29 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\SoftGrid Client
[2011/09/02 13:06:48 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TP
[2011/10/06 14:49:42 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010/06/08 10:33:14 | 000,540,696 | ---- | M] (Intel Corporation) MD5=2064090C9FAAD92C090D77E50E735B2E -- C:\Fujitsu\Driver Pool\7\iaStor.sys
[2010/06/08 10:33:14 | 000,540,696 | ---- | M] (Intel Corporation) MD5=2064090C9FAAD92C090D77E50E735B2E -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/06/08 10:33:14 | 000,540,696 | ---- | M] (Intel Corporation) MD5=2064090C9FAAD92C090D77E50E735B2E -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b2da0d5f1235b4d6\iaStor.sys
[2010/06/08 10:33:14 | 000,540,696 | ---- | M] (Intel Corporation) MD5=2064090C9FAAD92C090D77E50E735B2E -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_1170b46175ba2765\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus · 11.10.2011, 13:54

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

ecdub · 11.10.2011, 20:45

Code:

ATTFilter

21:32:37.0338 0704	TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
21:32:37.0525 0704	============================================================
21:32:37.0525 0704	Current date / time: 2011/10/11 21:32:37.0525
21:32:37.0525 0704	SystemInfo:
21:32:37.0525 0704	
21:32:37.0525 0704	OS Version: 6.1.7601 ServicePack: 1.0
21:32:37.0525 0704	Product type: Workstation
21:32:37.0525 0704	ComputerName: TIM-PC
21:32:37.0525 0704	UserName: Tim
21:32:37.0525 0704	Windows directory: C:\Windows
21:32:37.0525 0704	System windows directory: C:\Windows
21:32:37.0525 0704	Running under WOW64
21:32:37.0525 0704	Processor architecture: Intel x64
21:32:37.0525 0704	Number of processors: 2
21:32:37.0525 0704	Page size: 0x1000
21:32:37.0525 0704	Boot type: Normal boot
21:32:37.0525 0704	============================================================
21:32:38.0102 0704	Initialize success
21:33:31.0002 3292	============================================================
21:33:31.0002 3292	Scan started
21:33:31.0002 3292	Mode: Manual; SigCheck; TDLFS; 
21:33:31.0002 3292	============================================================
21:33:31.0470 3292	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:33:31.0594 3292	1394ohci - ok
21:33:31.0688 3292	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:33:31.0719 3292	ACPI - ok
21:33:31.0813 3292	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:33:31.0875 3292	AcpiPmi - ok
21:33:32.0000 3292	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:33:32.0047 3292	adp94xx - ok
21:33:32.0125 3292	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:33:32.0172 3292	adpahci - ok
21:33:32.0265 3292	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:33:32.0296 3292	adpu320 - ok
21:33:32.0421 3292	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:33:32.0515 3292	AFD - ok
21:33:32.0608 3292	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:33:32.0640 3292	agp440 - ok
21:33:32.0733 3292	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:33:32.0764 3292	aliide - ok
21:33:32.0811 3292	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:33:32.0842 3292	amdide - ok
21:33:32.0905 3292	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:33:32.0967 3292	AmdK8 - ok
21:33:33.0030 3292	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:33:33.0092 3292	AmdPPM - ok
21:33:33.0201 3292	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:33:33.0232 3292	amdsata - ok
21:33:33.0310 3292	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:33:33.0342 3292	amdsbs - ok
21:33:33.0388 3292	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:33:33.0404 3292	amdxata - ok
21:33:33.0529 3292	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:33:33.0607 3292	AppID - ok
21:33:33.0732 3292	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:33:33.0763 3292	arc - ok
21:33:33.0794 3292	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:33:33.0825 3292	arcsas - ok
21:33:33.0888 3292	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:33:33.0966 3292	AsyncMac - ok
21:33:34.0075 3292	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:33:34.0106 3292	atapi - ok
21:33:34.0184 3292	athr            (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
21:33:34.0293 3292	athr - ok
21:33:34.0434 3292	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
21:33:34.0480 3292	avgntflt - ok
21:33:34.0527 3292	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
21:33:34.0543 3292	avipbb - ok
21:33:34.0699 3292	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:33:34.0777 3292	b06bdrv - ok
21:33:34.0886 3292	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:33:34.0964 3292	b57nd60a - ok
21:33:35.0073 3292	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:33:35.0151 3292	Beep - ok
21:33:35.0260 3292	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:33:35.0307 3292	blbdrive - ok
21:33:35.0354 3292	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:33:35.0416 3292	bowser - ok
21:33:35.0510 3292	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:33:35.0557 3292	BrFiltLo - ok
21:33:35.0588 3292	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:33:35.0619 3292	BrFiltUp - ok
21:33:35.0728 3292	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:33:35.0806 3292	Brserid - ok
21:33:35.0838 3292	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:33:35.0900 3292	BrSerWdm - ok
21:33:35.0978 3292	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:33:36.0025 3292	BrUsbMdm - ok
21:33:36.0087 3292	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:33:36.0134 3292	BrUsbSer - ok
21:33:36.0259 3292	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:33:36.0321 3292	BthEnum - ok
21:33:36.0430 3292	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:33:36.0493 3292	BTHMODEM - ok
21:33:36.0571 3292	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:33:36.0602 3292	BthPan - ok
21:33:36.0696 3292	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:33:36.0742 3292	BTHPORT - ok
21:33:36.0883 3292	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:33:36.0930 3292	BTHUSB - ok
21:33:37.0039 3292	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:33:37.0132 3292	cdfs - ok
21:33:37.0195 3292	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:33:37.0273 3292	cdrom - ok
21:33:37.0398 3292	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:33:37.0460 3292	circlass - ok
21:33:37.0491 3292	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:33:37.0522 3292	CLFS - ok
21:33:37.0663 3292	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:33:37.0710 3292	CmBatt - ok
21:33:37.0741 3292	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:33:37.0772 3292	cmdide - ok
21:33:37.0819 3292	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:33:37.0850 3292	CNG - ok
21:33:37.0944 3292	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:33:37.0975 3292	Compbatt - ok
21:33:38.0022 3292	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:33:38.0068 3292	CompositeBus - ok
21:33:38.0115 3292	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:33:38.0131 3292	crcdisk - ok
21:33:38.0271 3292	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:33:38.0349 3292	DfsC - ok
21:33:38.0396 3292	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:33:38.0490 3292	discache - ok
21:33:38.0614 3292	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:33:38.0646 3292	Disk - ok
21:33:38.0708 3292	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:33:38.0755 3292	drmkaud - ok
21:33:38.0880 3292	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:33:38.0926 3292	DXGKrnl - ok
21:33:39.0020 3292	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:33:39.0176 3292	ebdrv - ok
21:33:39.0332 3292	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:33:39.0379 3292	elxstor - ok
21:33:39.0394 3292	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:33:39.0426 3292	ErrDev - ok
21:33:39.0457 3292	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:33:39.0535 3292	exfat - ok
21:33:39.0597 3292	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:33:39.0706 3292	fastfat - ok
21:33:39.0800 3292	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:33:39.0831 3292	fdc - ok
21:33:39.0972 3292	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:33:40.0003 3292	FileInfo - ok
21:33:40.0003 3292	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:33:40.0112 3292	Filetrace - ok
21:33:40.0206 3292	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:33:40.0237 3292	flpydisk - ok
21:33:40.0284 3292	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:33:40.0315 3292	FltMgr - ok
21:33:40.0330 3292	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:33:40.0346 3292	FsDepends - ok
21:33:40.0408 3292	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:33:40.0440 3292	Fs_Rec - ok
21:33:40.0486 3292	FUJ02B1         (ba0c1ffda496d8bcbcac63f8d98d20e3) C:\Windows\system32\DRIVERS\FUJ02B1.sys
21:33:40.0533 3292	FUJ02B1 - ok
21:33:40.0564 3292	FUJ02E3         (7135030cbf87d724b6037bb023923730) C:\Windows\system32\DRIVERS\FUJ02E3.sys
21:33:40.0596 3292	FUJ02E3 - ok
21:33:40.0736 3292	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:33:40.0752 3292	fvevol - ok
21:33:40.0783 3292	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:33:40.0814 3292	gagp30kx - ok
21:33:40.0876 3292	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:33:40.0923 3292	hcw85cir - ok
21:33:41.0048 3292	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:33:41.0110 3292	HdAudAddService - ok
21:33:41.0220 3292	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:33:41.0266 3292	HDAudBus - ok
21:33:41.0344 3292	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:33:41.0376 3292	HECIx64 - ok
21:33:41.0422 3292	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:33:41.0469 3292	HidBatt - ok
21:33:41.0532 3292	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:33:41.0594 3292	HidBth - ok
21:33:41.0703 3292	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:33:41.0750 3292	HidIr - ok
21:33:41.0875 3292	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:33:41.0906 3292	HidUsb - ok
21:33:42.0031 3292	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:33:42.0062 3292	HpSAMD - ok
21:33:42.0109 3292	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:33:42.0187 3292	HTTP - ok
21:33:42.0249 3292	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:33:42.0265 3292	hwpolicy - ok
21:33:42.0343 3292	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:33:42.0390 3292	i8042prt - ok
21:33:42.0468 3292	iaStor          (2064090c9faad92c090d77e50e735b2e) C:\Windows\system32\drivers\iaStor.sys
21:33:42.0499 3292	iaStor - ok
21:33:42.0561 3292	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:33:42.0592 3292	iaStorV - ok
21:33:42.0826 3292	igfx            (8e509de232cfa4f8a5b34f01802f500e) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:33:43.0107 3292	igfx - ok
21:33:43.0232 3292	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:33:43.0248 3292	iirsp - ok
21:33:43.0326 3292	Impcd           (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
21:33:43.0357 3292	Impcd - ok
21:33:43.0528 3292	IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
21:33:43.0591 3292	IntcAzAudAddService - ok
21:33:43.0669 3292	IntcDAud        (d248aae81c156c0d47a77cd61bc24cd4) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:33:43.0716 3292	IntcDAud - ok
21:33:43.0794 3292	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:33:43.0825 3292	intelide - ok
21:33:43.0903 3292	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:33:43.0934 3292	intelppm - ok
21:33:44.0028 3292	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:33:44.0106 3292	IpFilterDriver - ok
21:33:44.0215 3292	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:33:44.0277 3292	IPMIDRV - ok
21:33:44.0324 3292	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:33:44.0371 3292	IPNAT - ok
21:33:44.0449 3292	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:33:44.0480 3292	IRENUM - ok
21:33:44.0527 3292	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:33:44.0542 3292	isapnp - ok
21:33:44.0605 3292	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:33:44.0636 3292	iScsiPrt - ok
21:33:44.0698 3292	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:33:44.0730 3292	kbdclass - ok
21:33:44.0792 3292	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:33:44.0823 3292	kbdhid - ok
21:33:44.0886 3292	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:33:44.0917 3292	KSecDD - ok
21:33:44.0948 3292	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:33:44.0979 3292	KSecPkg - ok
21:33:45.0026 3292	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:33:45.0104 3292	ksthunk - ok
21:33:45.0229 3292	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:33:45.0307 3292	lltdio - ok
21:33:45.0463 3292	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:33:45.0494 3292	LSI_FC - ok
21:33:45.0510 3292	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:33:45.0525 3292	LSI_SAS - ok
21:33:45.0541 3292	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:33:45.0572 3292	LSI_SAS2 - ok
21:33:45.0603 3292	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:33:45.0619 3292	LSI_SCSI - ok
21:33:45.0650 3292	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:33:45.0712 3292	luafv - ok
21:33:45.0822 3292	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:33:45.0853 3292	megasas - ok
21:33:45.0900 3292	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:33:45.0931 3292	MegaSR - ok
21:33:45.0962 3292	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:33:46.0024 3292	Modem - ok
21:33:46.0118 3292	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:33:46.0165 3292	monitor - ok
21:33:46.0258 3292	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:33:46.0290 3292	mouclass - ok
21:33:46.0336 3292	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
21:33:46.0383 3292	mouhid - ok
21:33:46.0446 3292	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:33:46.0477 3292	mountmgr - ok
21:33:46.0508 3292	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:33:46.0555 3292	mpio - ok
21:33:46.0586 3292	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:33:46.0648 3292	mpsdrv - ok
21:33:46.0695 3292	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:33:46.0742 3292	MRxDAV - ok
21:33:46.0804 3292	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:33:46.0851 3292	mrxsmb - ok
21:33:46.0898 3292	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:33:46.0945 3292	mrxsmb10 - ok
21:33:47.0007 3292	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:33:47.0054 3292	mrxsmb20 - ok
21:33:47.0132 3292	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:33:47.0163 3292	msahci - ok
21:33:47.0210 3292	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:33:47.0257 3292	msdsm - ok
21:33:47.0319 3292	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:33:47.0382 3292	Msfs - ok
21:33:47.0444 3292	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:33:47.0506 3292	mshidkmdf - ok
21:33:47.0569 3292	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:33:47.0584 3292	msisadrv - ok
21:33:47.0709 3292	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:33:47.0772 3292	MSKSSRV - ok
21:33:47.0772 3292	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:33:47.0834 3292	MSPCLOCK - ok
21:33:47.0850 3292	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:33:47.0896 3292	MSPQM - ok
21:33:47.0959 3292	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:33:48.0006 3292	MsRPC - ok
21:33:48.0068 3292	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:33:48.0084 3292	mssmbios - ok
21:33:48.0146 3292	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:33:48.0224 3292	MSTEE - ok
21:33:48.0255 3292	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:33:48.0302 3292	MTConfig - ok
21:33:48.0349 3292	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:33:48.0380 3292	Mup - ok
21:33:48.0489 3292	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:33:48.0552 3292	NativeWifiP - ok
21:33:48.0614 3292	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:33:48.0676 3292	NDIS - ok
21:33:48.0708 3292	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:33:48.0770 3292	NdisCap - ok
21:33:48.0832 3292	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:33:48.0895 3292	NdisTapi - ok
21:33:48.0957 3292	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:33:49.0035 3292	Ndisuio - ok
21:33:49.0082 3292	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:33:49.0176 3292	NdisWan - ok
21:33:49.0191 3292	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:33:49.0254 3292	NDProxy - ok
21:33:49.0378 3292	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:33:49.0472 3292	NetBIOS - ok
21:33:49.0503 3292	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:33:49.0550 3292	NetBT - ok
21:33:49.0706 3292	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:33:49.0737 3292	nfrd960 - ok
21:33:49.0784 3292	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:33:49.0831 3292	Npfs - ok
21:33:49.0862 3292	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:33:49.0924 3292	nsiproxy - ok
21:33:49.0987 3292	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:33:50.0112 3292	Ntfs - ok
21:33:50.0221 3292	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:33:50.0314 3292	Null - ok
21:33:50.0392 3292	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:33:50.0424 3292	nvraid - ok
21:33:50.0470 3292	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:33:50.0502 3292	nvstor - ok
21:33:50.0548 3292	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:33:50.0564 3292	nv_agp - ok
21:33:50.0626 3292	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:33:50.0673 3292	ohci1394 - ok
21:33:50.0736 3292	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:33:50.0782 3292	Parport - ok
21:33:50.0829 3292	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:33:50.0860 3292	partmgr - ok
21:33:50.0923 3292	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:33:50.0954 3292	pci - ok
21:33:50.0985 3292	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:33:51.0001 3292	pciide - ok
21:33:51.0063 3292	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:33:51.0110 3292	pcmcia - ok
21:33:51.0157 3292	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:33:51.0188 3292	pcw - ok
21:33:51.0219 3292	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:33:51.0328 3292	PEAUTH - ok
21:33:51.0500 3292	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:33:51.0594 3292	PptpMiniport - ok
21:33:51.0625 3292	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:33:51.0656 3292	Processor - ok
21:33:51.0765 3292	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:33:51.0843 3292	Psched - ok
21:33:51.0968 3292	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:33:52.0077 3292	ql2300 - ok
21:33:52.0186 3292	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:33:52.0218 3292	ql40xx - ok
21:33:52.0249 3292	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:33:52.0296 3292	QWAVEdrv - ok
21:33:52.0311 3292	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:33:52.0358 3292	RasAcd - ok
21:33:52.0452 3292	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:33:52.0545 3292	RasAgileVpn - ok
21:33:52.0592 3292	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:33:52.0654 3292	Rasl2tp - ok
21:33:52.0779 3292	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:33:52.0857 3292	RasPppoe - ok
21:33:52.0888 3292	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:33:52.0951 3292	RasSstp - ok
21:33:52.0966 3292	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:33:53.0029 3292	rdbss - ok
21:33:53.0060 3292	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:33:53.0091 3292	rdpbus - ok
21:33:53.0122 3292	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:33:53.0185 3292	RDPCDD - ok
21:33:53.0263 3292	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:33:53.0341 3292	RDPENCDD - ok
21:33:53.0403 3292	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:33:53.0481 3292	RDPREFMP - ok
21:33:53.0528 3292	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:33:53.0575 3292	RDPWD - ok
21:33:53.0653 3292	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:33:53.0700 3292	rdyboost - ok
21:33:53.0793 3292	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:33:53.0840 3292	RFCOMM - ok
21:33:53.0934 3292	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:33:54.0012 3292	rspndr - ok
21:33:54.0043 3292	RSUSBSTOR - ok
21:33:54.0105 3292	RTL8167         (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:33:54.0136 3292	RTL8167 - ok
21:33:54.0152 3292	RtsUIR - ok
21:33:54.0214 3292	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:33:54.0246 3292	sbp2port - ok
21:33:54.0292 3292	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:33:54.0355 3292	scfilter - ok
21:33:54.0402 3292	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:33:54.0480 3292	secdrv - ok
21:33:54.0589 3292	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:33:54.0636 3292	Serenum - ok
21:33:54.0682 3292	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:33:54.0729 3292	Serial - ok
21:33:54.0807 3292	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:33:54.0854 3292	sermouse - ok
21:33:54.0932 3292	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:33:54.0979 3292	sffdisk - ok
21:33:55.0026 3292	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:33:55.0072 3292	sffp_mmc - ok
21:33:55.0135 3292	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:33:55.0182 3292	sffp_sd - ok
21:33:55.0228 3292	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:33:55.0260 3292	sfloppy - ok
21:33:55.0338 3292	Sftfs           (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
21:33:55.0369 3292	Sftfs - ok
21:33:55.0447 3292	Sftplay         (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:33:55.0462 3292	Sftplay - ok
21:33:55.0509 3292	Sftredir        (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:33:55.0525 3292	Sftredir - ok
21:33:55.0587 3292	Sftvol          (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
21:33:55.0618 3292	Sftvol - ok
21:33:55.0728 3292	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:33:55.0743 3292	SiSRaid2 - ok
21:33:55.0806 3292	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:33:55.0837 3292	SiSRaid4 - ok
21:33:55.0899 3292	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:33:55.0977 3292	Smb - ok
21:33:56.0071 3292	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:33:56.0102 3292	spldr - ok
21:33:56.0180 3292	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:33:56.0242 3292	srv - ok
21:33:56.0352 3292	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:33:56.0414 3292	srv2 - ok
21:33:56.0492 3292	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:33:56.0539 3292	srvnet - ok
21:33:56.0601 3292	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:33:56.0632 3292	stexstor - ok
21:33:56.0695 3292	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:33:56.0726 3292	swenum - ok
21:33:56.0820 3292	SynTP           (2f827bb08cc7f1a17df2ead7b424d731) C:\Windows\system32\DRIVERS\SynTP.sys
21:33:56.0851 3292	SynTP - ok
21:33:56.0976 3292	Tcpip           (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
21:33:57.0132 3292	Tcpip - ok
21:33:57.0288 3292	TCPIP6          (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
21:33:57.0350 3292	TCPIP6 - ok
21:33:57.0381 3292	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:33:57.0475 3292	tcpipreg - ok
21:33:57.0584 3292	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:33:57.0662 3292	TDPIPE - ok
21:33:57.0678 3292	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:33:57.0709 3292	TDTCP - ok
21:33:57.0724 3292	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:33:57.0771 3292	tdx - ok
21:33:57.0818 3292	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
21:33:57.0834 3292	TermDD - ok
21:33:57.0912 3292	TPM             (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
21:33:57.0958 3292	TPM - ok
21:33:58.0021 3292	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:33:58.0099 3292	tssecsrv - ok
21:33:58.0161 3292	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:33:58.0208 3292	TsUsbFlt - ok
21:33:58.0270 3292	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:33:58.0317 3292	TsUsbGD - ok
21:33:58.0395 3292	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:33:58.0473 3292	tunnel - ok
21:33:58.0536 3292	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:33:58.0567 3292	uagp35 - ok
21:33:58.0629 3292	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:33:58.0707 3292	udfs - ok
21:33:58.0754 3292	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:33:58.0785 3292	uliagpkx - ok
21:33:58.0863 3292	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:33:58.0910 3292	umbus - ok
21:33:59.0019 3292	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:33:59.0050 3292	UmPass - ok
21:33:59.0097 3292	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:33:59.0160 3292	usbccgp - ok
21:33:59.0238 3292	USBCCID - ok
21:33:59.0284 3292	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:33:59.0331 3292	usbcir - ok
21:33:59.0425 3292	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:33:59.0472 3292	usbehci - ok
21:33:59.0518 3292	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:33:59.0565 3292	usbhub - ok
21:33:59.0659 3292	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:33:59.0706 3292	usbohci - ok
21:33:59.0737 3292	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
21:33:59.0815 3292	usbprint - ok
21:33:59.0908 3292	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:33:59.0971 3292	USBSTOR - ok
21:34:00.0064 3292	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:34:00.0111 3292	usbuhci - ok
21:34:00.0189 3292	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
21:34:00.0236 3292	usbvideo - ok
21:34:00.0330 3292	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:34:00.0345 3292	vdrvroot - ok
21:34:00.0486 3292	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:34:00.0532 3292	vga - ok
21:34:00.0595 3292	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:34:00.0657 3292	VgaSave - ok
21:34:00.0720 3292	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:34:00.0766 3292	vhdmp - ok
21:34:00.0813 3292	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:34:00.0829 3292	viaide - ok
21:34:00.0876 3292	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:34:00.0907 3292	volmgr - ok
21:34:00.0938 3292	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:34:00.0969 3292	volmgrx - ok
21:34:01.0016 3292	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:34:01.0063 3292	volsnap - ok
21:34:01.0110 3292	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:34:01.0125 3292	vsmraid - ok
21:34:01.0172 3292	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:34:01.0203 3292	vwifibus - ok
21:34:01.0250 3292	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:34:01.0297 3292	vwififlt - ok
21:34:01.0359 3292	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:34:01.0390 3292	WacomPen - ok
21:34:01.0500 3292	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:34:01.0578 3292	WANARP - ok
21:34:01.0593 3292	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:34:01.0624 3292	Wanarpv6 - ok
21:34:01.0671 3292	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:34:01.0687 3292	Wd - ok
21:34:01.0718 3292	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:34:01.0749 3292	Wdf01000 - ok
21:34:01.0780 3292	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:34:01.0827 3292	WfpLwf - ok
21:34:01.0936 3292	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:34:01.0968 3292	WIMMount - ok
21:34:02.0061 3292	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:34:02.0124 3292	WinUsb - ok
21:34:02.0248 3292	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:34:02.0280 3292	WmiAcpi - ok
21:34:02.0404 3292	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:34:02.0498 3292	ws2ifsl - ok
21:34:02.0529 3292	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:34:02.0576 3292	WudfPf - ok
21:34:02.0685 3292	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:34:02.0763 3292	WUDFRd - ok
21:34:02.0810 3292	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:34:02.0904 3292	\Device\Harddisk0\DR0 - ok
21:34:02.0935 3292	Boot (0x1200)   (6e75ff767b303e5d8a197887379ef8b5) \Device\Harddisk0\DR0\Partition0
21:34:02.0935 3292	\Device\Harddisk0\DR0\Partition0 - ok
21:34:02.0966 3292	Boot (0x1200)   (e979d51d7db4e4ff71a6a8d2b7956e28) \Device\Harddisk0\DR0\Partition1
21:34:02.0966 3292	\Device\Harddisk0\DR0\Partition1 - ok
21:34:02.0966 3292	============================================================
21:34:02.0966 3292	Scan finished
21:34:02.0966 3292	============================================================
21:34:02.0982 3756	Detected object count: 0
21:34:02.0982 3756	Actual detected object count: 0

08.10.2011, 16:27	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizeivirus (Win 7) Dann boote von der OTLPE-CD bei deaktiviertem AHCI und mach da das OTLPE-Log. __________________ --> Bundespolizeivirus (Win 7)

Bundespolizeivirus (Win 7)

Plagegeister aller Art und deren Bekämpfung: Bundespolizeivirus (Win 7)