| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Dell Laptop hat nicht mehr gebootetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.02.2012, 16:25
| #1 |
 |  Dell Laptop hat nicht mehr gebootet Hallo, das (DELL)Laptop meiner Tochter hat gestern nicht mehr gebootet (Windows7). Hat nur kurz aufgeflackert und dann war nur noch der Kursor oben links zu sehen. Ich habe mit F8 den sicheren Modus hochgefahren und eine Systemwiederherstellung auf den 11.02. gemacht. Nun fährt er wieder "normal" hoch. Dann habe ich Malewarebytes im Quick Scan ausgeführt. (Log Datei anbei). Ohne Befund. Wollte aber hier mal nachfragen um etwas mehr "Gewissheit" zu bekommen. Whats my line? Danke schonmal. Maxum |
|
14.02.2012, 22:22
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Dell Laptop hat nicht mehr gebootet Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
15.02.2012, 14:52
| #3 |
| | Dell Laptop hat nicht mehr gebootet ok, danke.
__________________hier die beiden logs Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.15.01 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Nele :: NELES-PC [Administrator] 15.02.2012 08:38:46 mbam-log-2012-02-15 (08-38-46).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 365422 Laufzeit: 2 Stunde(n), 5 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c1c89fb81140944fba50ef89973c00e5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-15 01:25:35
# local_time=2012-02-15 02:25:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5121 16777213 100 75 7162597 29793896 0 0
# compatibility_mode=5893 16776574 66 85 39857312 80932302 0 0
# compatibility_mode=8192 67108863 100 0 4100 4100 0 0
# scanned=201037
# found=0
# cleaned=0
# scan_time=9883
edit>: sehe gerade, dass sich McAfee nach 15min wieder aktiviert hat....ESET nochmal machen? |
|
15.02.2012, 16:27
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dell Laptop hat nicht mehr gebootet Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.02.2012, 20:00
| #5 |
| | Dell Laptop hat nicht mehr gebootetCode:
ATTFilter OTL logfile created on: 15.02.2012 17:19:14 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nele\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 56,13% Memory free 3,49 Gb Paging File | 1,90 Gb Available in Paging File | 54,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 218,14 Gb Total Space | 151,55 Gb Free Space | 69,47% Space Free | Partition Type: NTFS Drive D: | 300,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: NELES-PC | User Name: Nele | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.15 17:17:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nele\Desktop\OTL.exe PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.08.21 00:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2010.08.12 01:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe PRC - [2010.02.09 20:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2010.02.04 21:47:34 | 000,093,376 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\Olympus\ib\olycamdetect.exe PRC - [2009.10.15 10:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe PRC - [2009.10.15 10:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe PRC - [2009.06.09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe ========== Modules (No Company Name) ========== MOD - [2012.01.12 03:31:46 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\82ca215f115529e1372218a8ca377ddb\System.Web.Services.ni.dll MOD - [2011.10.19 15:33:44 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll MOD - [2011.10.15 08:26:40 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll MOD - [2011.10.15 08:26:24 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll MOD - [2011.10.15 08:25:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll MOD - [2011.10.15 08:25:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll MOD - [2011.10.15 08:25:24 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll MOD - [2011.10.15 08:25:09 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll MOD - [2011.09.21 15:22:04 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2010.11.11 05:11:18 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.11.11 05:11:14 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.08.12 01:19:34 | 000,077,024 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll MOD - [2010.08.12 01:19:32 | 000,109,792 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll MOD - [2010.08.12 01:19:32 | 000,072,928 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll MOD - [2010.08.12 01:19:30 | 000,232,672 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll MOD - [2010.08.12 01:19:30 | 000,126,176 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll MOD - [2010.08.12 01:19:30 | 000,119,008 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll MOD - [2010.08.12 01:19:26 | 001,121,504 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll MOD - [2010.08.12 01:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe MOD - [2010.02.09 20:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2010.02.09 20:34:00 | 000,365,888 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll MOD - [2010.02.09 20:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2010.02.09 20:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2010.02.09 20:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2010.02.09 20:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll MOD - [2010.02.09 20:34:00 | 000,046,400 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll MOD - [2010.02.09 20:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll MOD - [2009.10.15 10:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe MOD - [2009.10.15 10:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe MOD - [2009.10.15 10:10:16 | 000,588,272 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll MOD - [2009.09.28 07:52:34 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.10.18 14:23:24 | 000,208,536 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2011.10.18 14:23:06 | 000,199,272 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2011.06.23 14:23:52 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS) SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv) SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2010.04.28 07:12:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.02.03 07:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp) SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.08.21 00:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2010.06.18 06:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2009.06.06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.10.15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2011.10.15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2011.10.15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2011.10.15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2011.10.15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2011.10.15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2011.10.15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2011.10.15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.08.12 17:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2010.06.18 06:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010.04.28 07:46:04 | 006,790,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.04.28 06:22:50 | 000,220,672 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.04.08 13:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.03.17 22:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.03.17 22:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.03.17 22:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.02.03 07:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2010.02.03 07:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL) DRV:64bit: - [2010.02.03 07:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.12.22 00:56:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.09.09 09:13:26 | 000,024,208 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OlyCamComm.sys -- (OlyCamComm) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.09 10:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 19:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2006.11.01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-209138753-2892880750-3433556695-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.schuelervz.net/Login IE - HKU\S-1-5-21-209138753-2892880750-3433556695-1002\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-209138753-2892880750-3433556695-1002\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-209138753-2892880750-3433556695-1002\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-209138753-2892880750-3433556695-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.20 15:50:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.05 10:47:34 | 000,000,000 | ---D | M] [2010.11.21 14:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nele\AppData\Roaming\mozilla\Extensions [2011.08.20 10:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions [2010.11.21 17:56:01 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2011.02.13 12:53:17 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.02.13 12:53:03 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011.02.13 12:53:01 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\engine@conduit.com [2011.11.17 14:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.17 14:50:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.11.21 15:12:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.05.08 14:05:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011.11.06 15:19:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20111222155731.dll (McAfee, Inc.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111222155731.dll (McAfee, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-209138753-2892880750-3433556695-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-209138753-2892880750-3433556695-1002\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-209138753-2892880750-3433556695-1002\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-209138753-2892880750-3433556695-1002..\Run: [Olympus ib] C:\Program Files (x86)\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.) O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-209138753-2892880750-3433556695-1002..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ADILOOK Deutsche Version auf Laufwerk C.LNK = C:\COKTEL\ADDY4\ADILOOK.EXE () O4 - Startup: C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nele\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nele\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEE2F8B2-F3FB-434C-9513-C0D82171B5E7}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.04.11 11:37:55 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootMin:64bit: MCODS - C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet:64bit: MCODS - C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: mfevtp - C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.15 17:17:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nele\Desktop\OTL.exe [2012.02.15 11:32:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.02.15 08:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.02.14 15:37:40 | 000,000,000 | ---D | C] -- C:\Users\Nele\AppData\Roaming\Malwarebytes [2012.02.14 15:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.14 15:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.14 15:37:07 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.02.14 15:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.02.13 18:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ChemicalTransporter [2012.02.13 18:01:35 | 000,000,000 | ---D | C] -- C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bombus [2012.02.13 18:01:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bombus [2012.02.12 22:29:51 | 000,000,000 | ---D | C] -- C:\Users\Nele\Desktop\logikspiele [2012.02.12 22:25:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueLines [2012.02.12 20:55:52 | 000,000,000 | ---D | C] -- C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AdventuresofSheepy [2012.02.12 20:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AdventuresofSheepy [2012.02.12 20:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\36Cuber [2012.02.12 20:10:09 | 000,000,000 | ---D | C] -- C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ColorBoard [2012.02.12 20:10:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ColorBoard [2012.02.12 20:07:39 | 000,000,000 | ---D | C] -- C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BiLudo [2012.02.12 20:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BiLudo [2012.02.12 20:04:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmazingPegz [2012.02.12 18:21:47 | 000,000,000 | ---D | C] -- C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CountDown [2012.02.12 18:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CountDown [2012.02.12 18:21:44 | 000,000,000 | ---D | C] -- C:\Users\Nele\Desktop\CountDown [2012.02.12 18:16:56 | 000,000,000 | ---D | C] -- C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoinsSolitaire [2012.02.12 18:16:52 | 000,000,000 | ---D | C] -- C:\Users\Nele\Desktop\CoinsSolitaire [2012.02.12 17:35:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Catan [2012.02.07 14:21:55 | 000,000,000 | ---D | C] -- C:\Users\Nele\AppData\Roaming\.minecraft [2012.02.07 14:20:58 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Nele\Desktop\MinecraftSP (1).exe [2012.01.31 17:35:47 | 000,000,000 | ---D | C] -- C:\Users\Nele\AppData\Roaming\DVDVideoSoft [2012.01.22 20:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight ========== Files - Modified Within 30 Days ========== [2012.02.15 17:52:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.15 17:18:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.15 17:17:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nele\Desktop\OTL.exe [2012.02.15 17:13:46 | 000,024,064 | ---- | M] () -- C:\Users\Nele\Documents\Sam. Lucy. Betty. ich.wps [2012.02.15 17:13:46 | 000,000,630 | ---- | M] () -- C:\Users\Nele\AppData\Roaming\wklnhst.dat [2012.02.15 15:18:03 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.15 08:43:52 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.15 08:43:52 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.15 08:43:52 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.15 08:43:52 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.15 08:43:52 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.15 08:42:41 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.15 08:42:41 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.15 08:34:46 | 1406,091,264 | -HS- | M] () -- C:\hiberfil.sys [2012.02.14 15:37:20 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.07 14:21:16 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Nele\Desktop\MinecraftSP (1).exe [2012.02.01 14:40:28 | 000,105,472 | ---- | M] () -- C:\Users\Nele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.25 16:58:56 | 000,360,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.02.14 15:37:20 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.08.20 10:46:14 | 000,000,086 | ---- | C] () -- C:\Windows\WIWWI.ini [2011.05.25 16:37:50 | 000,000,630 | ---- | C] () -- C:\Users\Nele\AppData\Roaming\wklnhst.dat [2010.11.16 15:53:14 | 000,105,472 | ---- | C] () -- C:\Users\Nele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.16 15:42:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.11 04:55:51 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.11.11 04:54:17 | 000,000,035 | ---- | C] () -- C:\Windows\DELL_LANGCODE.ini [2010.11.11 04:54:17 | 000,000,033 | ---- | C] () -- C:\Windows\DELL_OSTYPE.ini [2010.11.11 04:54:17 | 000,000,023 | ---- | C] () -- C:\Windows\WisSysInfo.ini [2010.11.11 04:54:16 | 000,000,324 | ---- | C] () -- C:\Windows\Prelaunch.ini [2010.11.11 04:54:16 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini [2010.11.11 04:54:16 | 000,000,032 | ---- | C] () -- C:\Windows\WisHWDest.ini [2010.11.11 04:54:16 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2010.11.11 04:13:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2012.02.07 14:23:50 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\.minecraft [2012.01.31 17:35:51 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\DVDVideoSoft [2011.02.13 12:53:14 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.17 14:34:23 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\go [2011.12.05 14:47:39 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\ICQ [2011.09.21 15:27:12 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\OpenOffice.org [2011.03.07 09:13:44 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Opera [2011.05.25 16:37:53 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Template [2011.04.10 11:24:35 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.02.07 14:23:50 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\.minecraft [2011.05.25 16:38:04 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Adobe [2010.11.16 14:41:09 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\ATI [2010.11.16 14:41:12 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Creative [2010.11.16 14:41:39 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Dell [2012.01.31 17:35:51 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\DVDVideoSoft [2011.02.13 12:53:14 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.17 14:34:23 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\go [2011.12.05 14:47:39 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\ICQ [2010.11.16 14:40:19 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Identities [2011.03.07 20:36:55 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\InstallShield [2010.11.16 15:15:10 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Macromedia [2010.11.26 14:47:14 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Macrovision [2012.02.14 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Malwarebytes [2010.11.11 05:16:16 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Media Center Programs [2011.05.25 16:37:49 | 000,000,000 | --SD | M] -- C:\Users\Nele\AppData\Roaming\Microsoft [2010.11.21 14:57:44 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Mozilla [2011.09.21 15:27:12 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\OpenOffice.org [2011.03.07 09:13:44 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Opera [2010.11.21 17:37:26 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Reallusion [2010.11.16 14:41:12 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Roxio [2012.02.15 17:16:13 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Skype [2011.07.30 12:18:08 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\skypePM [2011.05.25 16:37:53 | 000,000,000 | ---D | M] -- C:\Users\Nele\AppData\Roaming\Template < %APPDATA%\*.exe /s > [2010.12.25 19:58:15 | 000,010,134 | R--- | M] () -- C:\Users\Nele\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2010.11.17 16:50:12 | 000,010,134 | R--- | M] () -- C:\Users\Nele\AppData\Roaming\Microsoft\Installer\{FA5E9826-466A-11D7-AA57-00E07DDCAF19}\HTML.exe [2010.11.17 16:50:12 | 000,001,078 | R--- | M] () -- C:\Users\Nele\AppData\Roaming\Microsoft\Installer\{FA5E9826-466A-11D7-AA57-00E07DDCAF19}\Readme.exe [2010.11.17 16:50:12 | 000,063,795 | R--- | M] (Macromedia, Inc.) -- C:\Users\Nele\AppData\Roaming\Microsoft\Installer\{FA5E9826-466A-11D7-AA57-00E07DDCAF19}\Zahlenteufel.exe [1997.09.04 13:58:18 | 000,370,688 | ---- | M] () -- C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\COKTEL\Deinstallation_Coktel.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1a38e2b78a3fe5b8\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2010.05.12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2010.05.12 09:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2010.05.12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2010.05.12 09:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.11 03:35:42 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.11.11 03:35:42 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2010.11.11 03:35:42 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
15.02.2012, 20:01
| #6 |
| | Dell Laptop hat nicht mehr gebootet EXTRAS auch noch, Code:
ATTFilter OTL Extras logfile created on: 15.02.2012 17:19:14 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nele\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 56,13% Memory free
3,49 Gb Paging File | 1,90 Gb Available in Paging File | 54,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,14 Gb Total Space | 151,55 Gb Free Space | 69,47% Space Free | Partition Type: NTFS
Drive D: | 300,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: NELES-PC | User Name: Nele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-209138753-2892880750-3433556695-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1CA13C06-309A-5F5A-3A3F-FDC8582698BD}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD6E8621-FD31-681C-C94F-68EC39EAED3D}" = ATI Catalyst Install Manager
"2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"Dell Support Center" = Dell Support Center
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{025B67D0-257E-29E3-72D4-674DF6FE7367}" = CCC Help Greek
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}" = Die ersten 10 Jahre
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{201AE255-3F42-9146-A8CE-A19EBC366D75}" = CCC Help Turkish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{35959A89-05D3-AEF4-2884-4FB406FFCD99}" = Catalyst Control Center InstallProxy
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{45837193-03FA-47D5-B7C8-A8C05383D5DA}" = Geograficus
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A21A06E-05A8-327E-0B24-F06575F9B6B0}" = CCC Help Russian
"{511C626A-66BB-4E4D-8A23-5E8D52B8FA32}" = Mathica
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CF2B6B9-AFDF-A0A6-CF1F-6ED89643506B}" = CCC Help Chinese Traditional
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{636B2BAF-8F5E-793D-4B5F-80176D01556C}" = CCC Help Finnish
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64F3B568-7134-95E4-9183-C1AED7CCD6E9}" = Catalyst Control Center Graphics Full Existing
"{6630F1F3-2B8A-098F-8BE8-10C8BFA4F6A9}" = Catalyst Control Center Graphics Light
"{667FF3E9-6EF0-0769-AB33-864C9ABCF925}" = CCC Help Dutch
"{6A4CADBF-3211-5AAA-92E2-C49B39ADB0A7}" = ccc-core-static
"{6F8A91CE-2F11-D176-7A8F-69E9ED4B44FE}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{798EA182-789D-B9C8-4DFE-A0173822AF20}" = Catalyst Control Center Localization All
"{7CB24AC4-56FB-CD85-83B2-8BE91B58C4F0}" = CCC Help Hungarian
"{7CF6A9A3-9017-5FC9-2994-58F86B64691C}" = CCC Help Korean
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7DF7595F-6DEB-4C0D-4FDC-B62399550BC3}" = Catalyst Control Center Core Implementation
"{7F2D2421-5265-62A8-ECCF-F55C5B2D1F91}" = CCC Help Italian
"{8196D7C1-72D0-6749-96CA-AC0BEFBF54D9}" = CCC Help Chinese Standard
"{878821BA-C2E1-BD88-0BB8-4D63C43BDD15}" = CCC Help Spanish
"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{912B2983-8F9F-8AB2-22AB-6EA5494796E6}" = CCC Help German
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9925D724-344F-B629-1370-AA73A7FE150F}" = Catalyst Control Center Graphics Previews Vista
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AA19A4F6-EFE6-64CB-FEB8-4DAFA0DDE2BB}" = CCC Help Swedish
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C07B302C-B494-DA93-8285-57AC54A7539A}" = CCC Help Thai
"{C2A5E915-588A-7746-3BE1-251A32909D1E}" = CCC Help Japanese
"{C354EA3B-3537-3E85-5CE9-4F52C23C4267}" = Catalyst Control Center Graphics Full New
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CC4DDF20-9318-9998-C71A-A7251AE38ED4}" = CCC Help Danish
"{D234FD43-C8E6-8D48-FE1C-E1D67EE1EC70}" = CCC Help French
"{DAE76241-A047-407E-9237-26120C7BA6CE}" = Sophies Freunde Mode-Designer
"{DD362236-5315-43DC-CCF8-2D24084D361C}" = Catalyst Control Center Graphics Previews Common
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E28D850E-B132-404C-21E3-76C9AD7CCEA2}" = CCC Help Polish
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4970BC1-6021-C498-909E-660F6F53E270}" = CCC Help English
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9DF122F-3A59-7B40-2EDB-B4E9D725CDBB}" = CCC Help Portuguese
"{FA5E9826-466A-11D7-AA57-00E07DDCAF19}" = Der Zahlenteufel
"{FE16A8D0-1E0A-8DB0-DC19-F36F734E2DD0}" = CCC Help Norwegian
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"conduitEngine" = Conduit Engine
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"Der Löwe ist los" = Der Löwe ist los
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
"LingoMaxx" = LingoMAXX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSC" = McAfee SecurityCenter
"Opera 11.61.1250" = Opera 11.61
"QuickTime" = QuickTime
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent dell Master Uninstall" = WildTangent-Spiele
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-209138753-2892880750-3433556695-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"GeoGebra WebStart" = GeoGebra WebStart
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.11.2011 12:34:30 | Computer Name = Neles-PC | Source = EventSystem | ID = 4621
Description =
Error - 01.12.2011 14:49:44 | Computer Name = Neles-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 01.12.2011 15:59:16 | Computer Name = Neles-PC | Source = EventSystem | ID = 4622
Description =
Error - 07.12.2011 14:00:03 | Computer Name = Neles-PC | Source = EventSystem | ID = 4622
Description =
Error - 08.12.2011 10:00:30 | Computer Name = Neles-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.6.59.110, Zeitstempel:
0x4e96c2e0 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850,
Zeitstempel: 0x4e211485 Ausnahmecode: 0xe0fafafa Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0xea8 Startzeit der fehlerhaften Anwendung: 0x01ccb5ac47581bff Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe Pfad des fehlerhaften
Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: fc61e9c0-21a4-11e1-a844-bbc3c0345e9d
Error - 15.12.2011 17:23:21 | Computer Name = Neles-PC | Source = EventSystem | ID = 4622
Description =
Error - 29.12.2011 06:42:32 | Computer Name = Neles-PC | Source = Application Hang | ID = 1002
Description = Programm TS3W.exe, Version 0.2.0.148 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1860 Startzeit:
01ccc613f976d434 Endzeit: 257 Anwendungspfad: C:\Program Files (x86)\Electronic Arts\Die
Sims 3\Game\Bin\TS3W.exe Berichts-ID:
Error - 29.12.2011 08:53:40 | Computer Name = Neles-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TS3W.exe, Version: 0.2.0.148, Zeitstempel:
0x4d84016e Name des fehlerhaften Moduls: TS3W.exe, Version: 0.2.0.148, Zeitstempel:
0x4d84016e Ausnahmecode: 0xc0000005 Fehleroffset: 0x002b7db2 ID des fehlerhaften Prozesses:
0x189c Startzeit der fehlerhaften Anwendung: 0x01ccc616b2d7cfef Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Electronic Arts\Die Sims 3\Game\Bin\TS3W.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Electronic Arts\Die Sims 3\Game\Bin\TS3W.exe
Berichtskennung:
20e9c6f0-321c-11e1-a737-ce64a290899d
Error - 08.01.2012 04:39:27 | Computer Name = Neles-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3228 (0xc9c) Thread address : 0x00000000772DF72A Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Windows\inf\ndisuio.inf
by C:\Windows\system32\taskhost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 10.01.2012 11:17:51 | Computer Name = Neles-PC | Source = EventSystem | ID = 4622
Description =
[ Dell Events ]
Error - 13.01.2011 10:40:16 | Computer Name = Neles-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
[ System Events ]
Error - 31.10.2011 03:24:29 | Computer Name = Neles-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 31.10.2011 03:24:29 | Computer Name = Neles-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 31.10.2011 09:36:49 | Computer Name = Neles-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 31.10.2011 09:36:51 | Computer Name = Neles-PC | Source = DCOM | ID = 10010
Description =
Error - 01.11.2011 12:13:30 | Computer Name = Neles-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 01.11.2011 12:13:31 | Computer Name = Neles-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 06.11.2011 10:05:06 | Computer Name = Neles-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 06.11.2011 10:05:07 | Computer Name = Neles-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 08.11.2011 09:57:27 | Computer Name = Neles-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 08.11.2011 09:57:27 | Computer Name = Neles-PC | Source = VDS Basic Provider | ID = 33554433
Description =
< End of report >
|
|
15.02.2012, 20:26
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dell Laptop hat nicht mehr gebootet Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
[2010.11.21 17:56:01 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011.02.13 12:53:17 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.02.13 12:53:03 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.02.13 12:53:01 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\engine@conduit.com
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-209138753-2892880750-3433556695-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-209138753-2892880750-3433556695-1002\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-209138753-2892880750-3433556695-1002\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.02.2012, 14:17
| #8 |
| | Dell Laptop hat nicht mehr gebootet ok. also erstmal trat heute früh vor dem OTL Fix wieder das Problem auf, dass nicht hochgefahren wurde. Nachdem ich mit F8 wieder abgesichert gebootet habe, habe ich das OTLFix durchgeführt. Hat danach neustarten müssen und ging auch wieder....hier die log datei: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Program Files (x86)\softonic-de3\tbsoft.dll moved successfully.
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}\defaults\preferences folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}\defaults folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}\components folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}\chrome folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\lib folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Nele\AppData\Roaming\mozilla\Firefox\Profiles\ez0w5ijv.default\extensions\engine@conduit.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files (x86)\softonic-de3\tbsoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_USERS\S-1-5-21-209138753-2892880750-3433556695-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-209138753-2892880750-3433556695-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_USERS\S-1-5-21-209138753-2892880750-3433556695-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Nele
->Temp folder emptied: 252316776 bytes
->Temporary Internet Files folder emptied: 127671390 bytes
->Java cache emptied: 44720867 bytes
->FireFox cache emptied: 114658813 bytes
->Opera cache emptied: 31280806 bytes
->Flash cache emptied: 96005 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 116594575 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 87394 bytes
RecycleBin emptied: 820172749 bytes
Total Files Cleaned = 1.438,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 02162012_135111
Files\Folders moved on Reboot...
C:\Users\Nele\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nele\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0XCNO7V\ShowMessageCAW0B83I.aspx moved successfully.
Registry entries deleted on Reboot...
|
|
16.02.2012, 14:51
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dell Laptop hat nicht mehr gebootet Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.02.2012, 15:21
| #10 |
| | Dell Laptop hat nicht mehr gebootet ok, hier das ergebnis Code:
ATTFilter 15:07:03.0769 1412 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
15:07:04.0099 1412 ============================================================
15:07:04.0099 1412 Current date / time: 2012/02/16 15:07:04.0099
15:07:04.0099 1412 SystemInfo:
15:07:04.0099 1412
15:07:04.0099 1412 OS Version: 6.1.7600 ServicePack: 0.0
15:07:04.0099 1412 Product type: Workstation
15:07:04.0099 1412 ComputerName: NELES-PC
15:07:04.0099 1412 UserName: Nele
15:07:04.0099 1412 Windows directory: C:\Windows
15:07:04.0099 1412 System windows directory: C:\Windows
15:07:04.0099 1412 Running under WOW64
15:07:04.0099 1412 Processor architecture: Intel x64
15:07:04.0099 1412 Number of processors: 1
15:07:04.0099 1412 Page size: 0x1000
15:07:04.0099 1412 Boot type: Normal boot
15:07:04.0099 1412 ============================================================
15:07:05.0394 1412 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:07:05.0394 1412 \Device\Harddisk0\DR0:
15:07:05.0394 1412 MBR used
15:07:05.0394 1412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
15:07:05.0394 1412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x1B446970
15:07:05.0434 1412 Initialize success
15:07:05.0434 1412 ============================================================
15:10:20.0054 0316 ============================================================
15:10:20.0054 0316 Scan started
15:10:20.0054 0316 Mode: Manual; SigCheck; TDLFS;
15:10:20.0054 0316 ============================================================
15:10:21.0552 0316 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
15:10:22.0316 0316 1394ohci - ok
15:10:22.0503 0316 ACPI (794ff35015209b9d44f1360c42c9776d) C:\Windows\system32\DRIVERS\ACPI.sys
15:10:22.0550 0316 ACPI - ok
15:10:22.0690 0316 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:10:22.0862 0316 AcpiPmi - ok
15:10:23.0034 0316 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:10:23.0065 0316 adp94xx - ok
15:10:23.0127 0316 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:10:23.0174 0316 adpahci - ok
15:10:23.0283 0316 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:10:23.0314 0316 adpu320 - ok
15:10:23.0502 0316 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
15:10:23.0626 0316 AFD - ok
15:10:23.0814 0316 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:10:23.0845 0316 agp440 - ok
15:10:23.0985 0316 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:10:24.0001 0316 aliide - ok
15:10:24.0157 0316 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:10:24.0188 0316 amdide - ok
15:10:24.0250 0316 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:10:24.0391 0316 AmdK8 - ok
15:10:24.0734 0316 amdkmdag (18ad9ad00ffad95dc820762fb7f4b80f) C:\Windows\system32\DRIVERS\atikmdag.sys
15:10:25.0015 0316 amdkmdag - ok
15:10:25.0186 0316 amdkmdap (dbf0db9a8b60a2c029eb70824afccbda) C:\Windows\system32\DRIVERS\atikmpag.sys
15:10:25.0311 0316 amdkmdap - ok
15:10:25.0467 0316 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:10:25.0530 0316 AmdPPM - ok
15:10:25.0717 0316 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
15:10:25.0873 0316 amdsata - ok
15:10:26.0013 0316 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:10:26.0044 0316 amdsbs - ok
15:10:26.0076 0316 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
15:10:26.0091 0316 amdxata - ok
15:10:26.0154 0316 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:10:26.0278 0316 AppID - ok
15:10:26.0419 0316 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:10:26.0450 0316 arc - ok
15:10:26.0481 0316 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:10:26.0528 0316 arcsas - ok
15:10:26.0684 0316 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:10:26.0934 0316 AsyncMac - ok
15:10:27.0058 0316 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:10:27.0090 0316 atapi - ok
15:10:27.0246 0316 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
15:10:27.0558 0316 AtiHdmiService - ok
15:10:27.0714 0316 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
15:10:27.0729 0316 AtiPcie - ok
15:10:27.0916 0316 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:10:28.0104 0316 b06bdrv - ok
15:10:28.0291 0316 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:10:28.0322 0316 b57nd60a - ok
15:10:28.0618 0316 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
15:10:28.0774 0316 BCM42RLY - ok
15:10:29.0040 0316 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:10:29.0149 0316 BCM43XX - ok
15:10:29.0305 0316 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
15:10:29.0336 0316 BcmVWL - ok
15:10:29.0492 0316 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:10:29.0570 0316 Beep - ok
15:10:29.0757 0316 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:10:29.0804 0316 blbdrive - ok
15:10:29.0851 0316 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:10:30.0038 0316 bowser - ok
15:10:30.0178 0316 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:10:30.0288 0316 BrFiltLo - ok
15:10:30.0319 0316 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:10:30.0366 0316 BrFiltUp - ok
15:10:30.0397 0316 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:10:30.0490 0316 Brserid - ok
15:10:30.0600 0316 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:10:30.0662 0316 BrSerWdm - ok
15:10:30.0693 0316 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:10:30.0787 0316 BrUsbMdm - ok
15:10:30.0802 0316 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:10:30.0818 0316 BrUsbSer - ok
15:10:30.0849 0316 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:10:30.0927 0316 BTHMODEM - ok
15:10:31.0036 0316 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:10:31.0130 0316 cdfs - ok
15:10:31.0255 0316 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:10:31.0302 0316 cdrom - ok
15:10:31.0473 0316 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
15:10:31.0504 0316 cfwids - ok
15:10:31.0567 0316 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:10:31.0629 0316 circlass - ok
15:10:31.0754 0316 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:10:31.0785 0316 CLFS - ok
15:10:31.0972 0316 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:10:32.0019 0316 CmBatt - ok
15:10:32.0160 0316 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:10:32.0191 0316 cmdide - ok
15:10:32.0238 0316 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
15:10:32.0300 0316 CNG - ok
15:10:32.0347 0316 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:10:32.0362 0316 Compbatt - ok
15:10:32.0518 0316 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:10:32.0565 0316 CompositeBus - ok
15:10:32.0737 0316 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:10:32.0768 0316 crcdisk - ok
15:10:32.0971 0316 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys
15:10:33.0158 0316 CtClsFlt - ok
15:10:33.0392 0316 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:10:33.0470 0316 DfsC - ok
15:10:33.0688 0316 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:10:33.0766 0316 discache - ok
15:10:33.0938 0316 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:10:33.0954 0316 Disk - ok
15:10:34.0156 0316 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:10:34.0219 0316 drmkaud - ok
15:10:34.0406 0316 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
15:10:34.0562 0316 DXGKrnl - ok
15:10:34.0780 0316 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:10:34.0936 0316 ebdrv - ok
15:10:35.0124 0316 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:10:35.0170 0316 elxstor - ok
15:10:35.0233 0316 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:10:35.0326 0316 ErrDev - ok
15:10:35.0498 0316 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:10:35.0592 0316 exfat - ok
15:10:35.0732 0316 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:10:35.0841 0316 fastfat - ok
15:10:35.0997 0316 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:10:36.0091 0316 fdc - ok
15:10:36.0262 0316 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:10:36.0294 0316 FileInfo - ok
15:10:36.0434 0316 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:10:36.0528 0316 Filetrace - ok
15:10:36.0652 0316 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:10:36.0699 0316 flpydisk - ok
15:10:36.0886 0316 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:10:36.0902 0316 FltMgr - ok
15:10:36.0996 0316 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:10:37.0027 0316 FsDepends - ok
15:10:37.0042 0316 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:10:37.0058 0316 Fs_Rec - ok
15:10:37.0214 0316 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:10:37.0230 0316 fvevol - ok
15:10:37.0386 0316 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:10:37.0417 0316 gagp30kx - ok
15:10:37.0588 0316 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:10:37.0713 0316 hcw85cir - ok
15:10:37.0885 0316 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
15:10:37.0978 0316 HdAudAddService - ok
15:10:38.0134 0316 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:10:38.0212 0316 HDAudBus - ok
15:10:38.0353 0316 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:10:38.0415 0316 HidBatt - ok
15:10:38.0571 0316 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:10:38.0634 0316 HidBth - ok
15:10:38.0758 0316 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:10:38.0852 0316 HidIr - ok
15:10:39.0024 0316 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:10:39.0070 0316 HidUsb - ok
15:10:39.0242 0316 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:10:39.0273 0316 HpSAMD - ok
15:10:39.0382 0316 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:10:39.0507 0316 HTTP - ok
15:10:39.0648 0316 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:10:39.0679 0316 hwpolicy - ok
15:10:39.0850 0316 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:10:39.0882 0316 i8042prt - ok
15:10:40.0038 0316 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
15:10:40.0162 0316 iaStorV - ok
15:10:40.0459 0316 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:10:40.0677 0316 igfx - ok
15:10:40.0818 0316 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:10:40.0864 0316 iirsp - ok
15:10:40.0911 0316 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:10:40.0927 0316 intelide - ok
15:10:40.0974 0316 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:10:41.0020 0316 intelppm - ok
15:10:41.0036 0316 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:10:41.0083 0316 IpFilterDriver - ok
15:10:41.0098 0316 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:10:41.0145 0316 IPMIDRV - ok
15:10:41.0161 0316 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:10:41.0208 0316 IPNAT - ok
15:10:41.0254 0316 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:10:41.0364 0316 IRENUM - ok
15:10:41.0520 0316 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:10:41.0551 0316 isapnp - ok
15:10:41.0566 0316 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:10:41.0582 0316 iScsiPrt - ok
15:10:41.0629 0316 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:10:41.0676 0316 kbdclass - ok
15:10:41.0816 0316 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:10:41.0878 0316 kbdhid - ok
15:10:42.0050 0316 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
15:10:42.0081 0316 KSecDD - ok
15:10:42.0159 0316 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
15:10:42.0175 0316 KSecPkg - ok
15:10:42.0237 0316 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:10:42.0346 0316 ksthunk - ok
15:10:42.0518 0316 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:10:42.0612 0316 lltdio - ok
15:10:42.0799 0316 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:10:42.0846 0316 LSI_FC - ok
15:10:42.0924 0316 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:10:42.0955 0316 LSI_SAS - ok
15:10:42.0970 0316 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:10:42.0986 0316 LSI_SAS2 - ok
15:10:43.0002 0316 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:10:43.0017 0316 LSI_SCSI - ok
15:10:43.0064 0316 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:10:43.0126 0316 luafv - ok
15:10:43.0392 0316 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:10:43.0438 0316 megasas - ok
15:10:43.0532 0316 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:10:43.0579 0316 MegaSR - ok
15:10:43.0719 0316 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
15:10:43.0875 0316 mfeapfk - ok
15:10:44.0062 0316 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
15:10:44.0094 0316 mfeavfk - ok
15:10:44.0265 0316 mfeavfk01 - ok
15:10:44.0359 0316 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
15:10:44.0484 0316 mfefirek - ok
15:10:44.0655 0316 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
15:10:44.0702 0316 mfehidk - ok
15:10:44.0889 0316 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
15:10:45.0014 0316 mfenlfk - ok
15:10:45.0170 0316 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
15:10:45.0279 0316 mferkdet - ok
15:10:45.0451 0316 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
15:10:45.0482 0316 mfewfpk - ok
15:10:45.0638 0316 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:10:45.0732 0316 Modem - ok
15:10:45.0919 0316 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:10:45.0966 0316 monitor - ok
15:10:46.0153 0316 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:10:46.0168 0316 mouclass - ok
15:10:46.0371 0316 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:10:46.0418 0316 mouhid - ok
15:10:46.0574 0316 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:10:46.0621 0316 mountmgr - ok
15:10:46.0777 0316 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:10:46.0808 0316 mpio - ok
15:10:46.0886 0316 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:10:46.0995 0316 mpsdrv - ok
15:10:47.0026 0316 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:10:47.0104 0316 MRxDAV - ok
15:10:47.0167 0316 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:10:47.0307 0316 mrxsmb - ok
15:10:47.0463 0316 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:10:47.0510 0316 mrxsmb10 - ok
15:10:47.0697 0316 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:10:47.0728 0316 mrxsmb20 - ok
15:10:47.0916 0316 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
15:10:47.0947 0316 msahci - ok
15:10:48.0118 0316 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:10:48.0150 0316 msdsm - ok
15:10:48.0337 0316 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:10:48.0384 0316 Msfs - ok
15:10:48.0571 0316 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:10:48.0633 0316 mshidkmdf - ok
15:10:48.0789 0316 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:10:48.0820 0316 msisadrv - ok
15:10:49.0039 0316 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:10:49.0132 0316 MSKSSRV - ok
15:10:49.0320 0316 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:10:49.0382 0316 MSPCLOCK - ok
15:10:49.0554 0316 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:10:49.0632 0316 MSPQM - ok
15:10:49.0725 0316 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:10:49.0772 0316 MsRPC - ok
15:10:49.0803 0316 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:10:49.0819 0316 mssmbios - ok
15:10:49.0866 0316 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:10:49.0944 0316 MSTEE - ok
15:10:50.0115 0316 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:10:50.0178 0316 MTConfig - ok
15:10:50.0318 0316 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:10:50.0365 0316 Mup - ok
15:10:50.0536 0316 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:10:50.0614 0316 NativeWifiP - ok
15:10:50.0786 0316 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:10:50.0848 0316 NDIS - ok
15:10:51.0004 0316 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:10:51.0082 0316 NdisCap - ok
15:10:51.0176 0316 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:10:51.0254 0316 NdisTapi - ok
15:10:51.0410 0316 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:10:51.0504 0316 Ndisuio - ok
15:10:51.0660 0316 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:10:51.0738 0316 NdisWan - ok
15:10:51.0894 0316 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:10:51.0972 0316 NDProxy - ok
15:10:52.0143 0316 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:10:52.0221 0316 NetBIOS - ok
15:10:52.0377 0316 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:10:52.0455 0316 NetBT - ok
15:10:52.0642 0316 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:10:52.0674 0316 nfrd960 - ok
15:10:52.0752 0316 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:10:52.0830 0316 Npfs - ok
15:10:52.0876 0316 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:10:52.0954 0316 nsiproxy - ok
15:10:53.0064 0316 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
15:10:53.0142 0316 Ntfs - ok
15:10:53.0173 0316 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:10:53.0204 0316 Null - ok
15:10:53.0251 0316 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
15:10:53.0360 0316 nvraid - ok
15:10:53.0407 0316 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
15:10:53.0532 0316 nvstor - ok
15:10:53.0734 0316 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:10:53.0766 0316 nv_agp - ok
15:10:53.0953 0316 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:10:54.0015 0316 ohci1394 - ok
15:10:54.0218 0316 OlyCamComm (fe8278bcf145404976d866d9a46e6bd8) C:\Windows\system32\DRIVERS\OlyCamComm.sys
15:10:54.0249 0316 OlyCamComm - ok
15:10:54.0436 0316 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:10:54.0468 0316 Parport - ok
15:10:54.0624 0316 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
15:10:54.0655 0316 partmgr - ok
15:10:54.0811 0316 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:10:54.0842 0316 pci - ok
15:10:54.0998 0316 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:10:55.0045 0316 pciide - ok
15:10:55.0232 0316 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:10:55.0263 0316 pcmcia - ok
15:10:55.0419 0316 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:10:55.0466 0316 pcw - ok
15:10:55.0638 0316 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:10:55.0762 0316 PEAUTH - ok
15:10:56.0012 0316 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:10:56.0074 0316 PptpMiniport - ok
15:10:56.0246 0316 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:10:56.0293 0316 Processor - ok
15:10:56.0511 0316 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:10:56.0589 0316 Psched - ok
15:10:56.0776 0316 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:10:56.0808 0316 PxHlpa64 - ok
15:10:57.0026 0316 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:10:57.0104 0316 ql2300 - ok
15:10:57.0276 0316 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:10:57.0307 0316 ql40xx - ok
15:10:57.0478 0316 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:10:57.0510 0316 QWAVEdrv - ok
15:10:57.0666 0316 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:10:57.0744 0316 RasAcd - ok
15:10:57.0931 0316 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:10:57.0993 0316 RasAgileVpn - ok
15:10:58.0196 0316 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:10:58.0258 0316 Rasl2tp - ok
15:10:58.0446 0316 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:10:58.0524 0316 RasPppoe - ok
15:10:58.0711 0316 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:10:58.0804 0316 RasSstp - ok
15:10:58.0976 0316 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:10:59.0054 0316 rdbss - ok
15:10:59.0210 0316 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:10:59.0272 0316 rdpbus - ok
15:10:59.0444 0316 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:10:59.0538 0316 RDPCDD - ok
15:10:59.0740 0316 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:10:59.0818 0316 RDPENCDD - ok
15:11:00.0006 0316 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:11:00.0068 0316 RDPREFMP - ok
15:11:00.0240 0316 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
15:11:00.0318 0316 RDPWD - ok
15:11:00.0520 0316 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:11:00.0552 0316 rdyboost - ok
15:11:00.0770 0316 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:11:00.0832 0316 rspndr - ok
15:11:01.0035 0316 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys
15:11:01.0129 0316 RSUSBSTOR - ok
15:11:01.0316 0316 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:11:01.0425 0316 RTL8167 - ok
15:11:01.0581 0316 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:11:01.0612 0316 sbp2port - ok
15:11:01.0784 0316 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:11:01.0878 0316 scfilter - ok
15:11:02.0080 0316 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:11:02.0143 0316 secdrv - ok
15:11:02.0330 0316 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:11:02.0346 0316 Serenum - ok
15:11:02.0533 0316 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:11:02.0580 0316 Serial - ok
15:11:02.0736 0316 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:11:02.0798 0316 sermouse - ok
15:11:03.0001 0316 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:11:03.0094 0316 sffdisk - ok
15:11:03.0266 0316 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:11:03.0328 0316 sffp_mmc - ok
15:11:03.0484 0316 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:11:03.0609 0316 sffp_sd - ok
15:11:03.0781 0316 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:11:03.0828 0316 sfloppy - ok
15:11:04.0030 0316 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:11:04.0046 0316 SiSRaid2 - ok
15:11:04.0202 0316 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:11:04.0233 0316 SiSRaid4 - ok
15:11:04.0405 0316 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:11:04.0514 0316 Smb - ok
15:11:04.0717 0316 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:11:04.0748 0316 spldr - ok
15:11:04.0935 0316 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:11:05.0044 0316 srv - ok
15:11:05.0216 0316 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:11:05.0419 0316 srv2 - ok
15:11:05.0590 0316 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:11:05.0637 0316 srvnet - ok
15:11:05.0793 0316 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:11:05.0824 0316 stexstor - ok
15:11:06.0012 0316 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
15:11:06.0183 0316 STHDA - ok
15:11:06.0339 0316 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:11:06.0355 0316 swenum - ok
15:11:06.0558 0316 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys
15:11:06.0636 0316 SynTP - ok
15:11:06.0870 0316 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
15:11:06.0963 0316 Tcpip - ok
15:11:07.0197 0316 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
15:11:07.0244 0316 TCPIP6 - ok
15:11:07.0416 0316 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:11:07.0509 0316 tcpipreg - ok
15:11:07.0681 0316 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:11:07.0728 0316 TDPIPE - ok
15:11:07.0884 0316 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:11:07.0930 0316 TDTCP - ok
15:11:08.0133 0316 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:11:08.0242 0316 tdx - ok
15:11:08.0414 0316 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:11:08.0461 0316 TermDD - ok
15:11:08.0664 0316 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:11:08.0742 0316 tssecsrv - ok
15:11:08.0944 0316 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:11:09.0054 0316 tunnel - ok
15:11:09.0225 0316 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:11:09.0272 0316 uagp35 - ok
15:11:09.0444 0316 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
15:11:09.0537 0316 udfs - ok
15:11:09.0740 0316 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:11:09.0771 0316 uliagpkx - ok
15:11:09.0943 0316 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:11:09.0990 0316 umbus - ok
15:11:10.0161 0316 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:11:10.0192 0316 UmPass - ok
15:11:10.0395 0316 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
15:11:10.0567 0316 usbccgp - ok
15:11:10.0754 0316 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:11:10.0832 0316 usbcir - ok
15:11:11.0004 0316 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
15:11:11.0113 0316 usbehci - ok
15:11:11.0331 0316 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
15:11:11.0440 0316 usbfilter - ok
15:11:11.0628 0316 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
15:11:11.0799 0316 usbhub - ok
15:11:11.0971 0316 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys
15:11:12.0111 0316 usbohci - ok
15:11:12.0298 0316 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:11:12.0376 0316 usbprint - ok
15:11:12.0579 0316 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:11:12.0642 0316 usbscan - ok
15:11:12.0813 0316 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:11:13.0016 0316 USBSTOR - ok
15:11:13.0172 0316 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
15:11:13.0234 0316 usbuhci - ok
15:11:13.0422 0316 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
15:11:13.0531 0316 usbvideo - ok
15:11:13.0702 0316 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:11:13.0734 0316 vdrvroot - ok
15:11:13.0905 0316 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:11:13.0952 0316 vga - ok
15:11:14.0092 0316 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:11:14.0202 0316 VgaSave - ok
15:11:14.0358 0316 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:11:14.0404 0316 vhdmp - ok
15:11:14.0560 0316 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:11:14.0576 0316 viaide - ok
15:11:14.0685 0316 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:11:14.0701 0316 volmgr - ok
15:11:14.0857 0316 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:11:14.0888 0316 volmgrx - ok
15:11:15.0075 0316 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:11:15.0122 0316 volsnap - ok
15:11:15.0325 0316 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:11:15.0356 0316 vsmraid - ok
15:11:15.0528 0316 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:11:15.0543 0316 vwifibus - ok
15:11:15.0730 0316 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:11:15.0793 0316 vwififlt - ok
15:11:15.0996 0316 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:11:16.0042 0316 WacomPen - ok
15:11:16.0245 0316 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:11:16.0339 0316 WANARP - ok
15:11:16.0370 0316 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:11:16.0401 0316 Wanarpv6 - ok
15:11:16.0604 0316 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:11:16.0651 0316 Wd - ok
15:11:16.0838 0316 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:11:16.0869 0316 Wdf01000 - ok
15:11:17.0088 0316 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:11:17.0150 0316 WfpLwf - ok
15:11:17.0353 0316 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
15:11:17.0446 0316 WimFltr - ok
15:11:17.0634 0316 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:11:17.0665 0316 WIMMount - ok
15:11:17.0914 0316 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
15:11:18.0070 0316 WinUsb - ok
15:11:18.0273 0316 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:11:18.0336 0316 WmiAcpi - ok
15:11:18.0538 0316 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:11:18.0616 0316 ws2ifsl - ok
15:11:18.0819 0316 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
15:11:18.0991 0316 WudfPf - ok
15:11:19.0178 0316 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:11:19.0194 0316 WUDFRd - ok
15:11:19.0381 0316 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
15:11:19.0443 0316 yukonw7 - ok
15:11:19.0490 0316 MBR (0x1B8) (c3220eb08add62e3ed9f72a1f4e4b1bb) \Device\Harddisk0\DR0
15:11:19.0740 0316 \Device\Harddisk0\DR0 - ok
15:11:19.0755 0316 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
15:11:19.0755 0316 \Device\Harddisk0\DR0\Partition0 - ok
15:11:19.0802 0316 Boot (0x1200) (96dadf33db005bf5e0ed646c868140be) \Device\Harddisk0\DR0\Partition1
15:11:19.0802 0316 \Device\Harddisk0\DR0\Partition1 - ok
15:11:19.0802 0316 ============================================================
15:11:19.0802 0316 Scan finished
15:11:19.0802 0316 ============================================================
15:11:19.0880 3940 Detected object count: 0
15:11:19.0880 3940 Actual detected object count: 0
|
|
16.02.2012, 15:33
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dell Laptop hat nicht mehr gebootet Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.02.2012, 21:08
| #12 |
| | Dell Laptop hat nicht mehr gebootet Hier nun ComboFix log Code:
ATTFilter ComboFix 12-02-16.02 - Nele 16.02.2012 17:24:33.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.1788.994 [GMT 1:00]
ausgeführt von:: c:\users\Nele\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-16 bis 2012-02-16 ))))))))))))))))))))))))))))))
.
.
2012-02-16 16:38 . 2012-02-16 16:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-16 12:51 . 2012-02-16 12:51 -------- d-----w- C:\_OTL
2012-02-15 10:32 . 2012-02-15 10:32 -------- d-----w- c:\program files (x86)\ESET
2012-02-14 14:37 . 2012-02-14 14:37 -------- d-----w- c:\users\Nele\AppData\Roaming\Malwarebytes
2012-02-14 14:37 . 2012-02-14 14:37 -------- d-----w- c:\programdata\Malwarebytes
2012-02-14 14:37 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-14 14:37 . 2012-02-14 14:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-13 17:04 . 2012-02-14 14:20 -------- d-----w- c:\program files (x86)\ChemicalTransporter
2012-02-13 17:01 . 2012-02-14 14:20 -------- d-----w- c:\program files (x86)\Bombus
2012-02-12 21:25 . 2012-02-14 14:20 -------- d-----w- c:\program files (x86)\BlueLines
2012-02-12 19:55 . 2012-02-14 14:20 -------- d-----w- c:\program files (x86)\AdventuresofSheepy
2012-02-12 19:53 . 2012-02-14 14:20 -------- d-----w- c:\program files (x86)\36Cuber
2012-02-12 19:10 . 2012-02-14 14:20 -------- d-----w- c:\program files (x86)\ColorBoard
2012-02-12 19:07 . 2012-02-14 14:20 -------- d-----w- c:\program files (x86)\BiLudo
2012-02-12 19:04 . 2012-02-14 14:20 -------- d-----w- c:\program files (x86)\AmazingPegz
2012-02-12 16:35 . 2012-02-12 17:11 -------- d-----w- c:\program files (x86)\Catan
2012-02-07 13:21 . 2012-02-07 13:23 -------- d-----w- c:\users\Nele\AppData\Roaming\.minecraft
2012-01-31 16:35 . 2012-01-31 16:35 -------- d-----w- c:\users\Nele\AppData\Roaming\DVDVideoSoft
2012-01-31 14:16 . 2011-11-17 07:10 340992 ----a-w- c:\windows\system32\schannel.dll
2012-01-31 14:16 . 2011-11-17 07:08 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-31 14:16 . 2011-11-17 07:17 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-31 14:16 . 2011-11-17 05:39 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-31 14:16 . 2011-11-17 07:17 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-31 14:16 . 2011-11-17 07:15 460296 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-31 14:15 . 2011-11-17 07:12 395776 ----a-w- c:\windows\system32\webio.dll
2012-01-31 14:15 . 2011-11-17 07:11 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-01-31 14:15 . 2011-11-17 05:39 314368 ----a-w- c:\windows\SysWow64\webio.dll
2012-01-31 14:15 . 2011-11-17 07:11 28160 ----a-w- c:\windows\system32\secur32.dll
2012-01-31 14:15 . 2011-11-17 07:05 31232 ----a-w- c:\windows\system32\lsass.exe
2012-01-31 14:15 . 2011-11-17 07:11 28672 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-31 14:15 . 2011-11-17 05:39 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-31 14:15 . 2011-11-17 05:35 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-01-24 20:28 . 2012-01-24 20:28 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 12:48 . 2011-05-16 05:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 05:00 . 2011-12-14 15:33 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 15:07 . 2012-01-11 14:43 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:06 . 2012-01-11 14:43 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Olympus ib"="c:\program files (x86)\Olympus\ib\olycamdetect.exe" [2010-02-04 93376]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19979400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-28 102400]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-05-15 98304]
"MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
.
c:\users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ADILOOK Deutsche Version auf Laufwerk C.LNK - c:\coktel\ADDY4\ADILOOK.EXE [1997-9-5 187904]
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\DRIVERS\OlyCamComm.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 161168]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01 17:13]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01 17:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.schuelervz.net/Login
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Nele\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\ez0w5ijv.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Photoshop Elements 1.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0407.exe
AddRemove-LingoMaxx - c:\progra~2\LINGOM~1\UNWISE32
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-16 18:09:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-02-16 17:09
.
Vor Suchlauf: 12 Verzeichnis(se), 160.840.220.672 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 160.713.056.256 Bytes frei
.
- - End Of File - - E5D8706B71B5B5D957664A87B82A3549
|
|
16.02.2012, 22:13
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dell Laptop hat nicht mehr gebootet Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.02.2012, 12:58
| #14 |
| | Dell Laptop hat nicht mehr gebootet soderle... Code:
ATTFilter aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-17 11:51:43
-----------------------------
11:51:43.426 OS Version: Windows x64 6.1.7600
11:51:43.426 Number of processors: 1 586 0x603
11:51:43.426 ComputerName: NELES-PC UserName: Nele
11:51:45.076 Initialize success
11:58:56.503 AVAST engine defs: 12021700
12:29:58.288 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:29:58.288 Disk 0 Vendor: WDC_WD2500BEVT-75A23T0 01.01A01 Size: 238475MB BusType: 11
12:29:58.320 Disk 0 MBR read successfully
12:29:58.320 Disk 0 MBR scan
12:29:58.398 Disk 0 Windows 7 default MBR code
12:29:58.429 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
12:29:58.444 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
12:29:58.460 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223373 MB offset 30926848
12:29:58.460 Service scanning
12:30:01.533 Modules scanning
12:30:01.533 Disk 0 trace - called modules:
12:30:01.549 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:30:01.549 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800210c060]
12:30:01.720 3 CLASSPNP.SYS[fffff880019bb43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80020c1060]
12:30:02.500 AVAST engine scan C:\Windows
12:30:05.827 AVAST engine scan C:\Windows\system32
12:33:38.113 AVAST engine scan C:\Windows\system32\drivers
12:33:51.646 AVAST engine scan C:\Users\Nele
12:36:54.757 AVAST engine scan C:\ProgramData
12:39:16.250 Scan finished successfully
12:56:37.054 Disk 0 MBR has been saved successfully to "C:\Users\Nele\Desktop\MBR.dat"
12:56:37.069 The log file has been saved successfully to "C:\Users\Nele\Desktop\aswMBR.txt"
|
|
17.02.2012, 14:18
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dell Laptop hat nicht mehr gebootet Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Dell Laptop hat nicht mehr gebootet |
| anbei, datei, ellung, gestern, hochgefahren, laptop, log, log datei, malewarebytes, modus, nachfrage, nicht mehr, quick, scan, sichere, sicheren, systemwiederherstellung, windows, windows7 |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
