Seltsame Anwendung wollte bei Thunderbird-Setup Administratorrechte

schrauber · 14.05.2015, 17:08

Zitat:

HKU\S-1-5-21-2253816567-2930413787-4049114413-1000\...\RunOnce: [h7BgsM2Ns] => rundll32 "C:\Users\Thomas\AppData\Local\Temp\hG7JnB4dsPnhj5Rqew6L\gwNWQ7HbhamP01AhBowAs.dll" NRjmN2U4YTgwNWQ4YzlhNmM5ZTc1ODAxMGFjOTNiOTBf <===== ATTENTION

Der ist neu. Ganz frisch dazu gekommen. Irgendwas grundlegendes passt da nicht. Sichere mal alle deine Daten.

ThoWag · 14.05.2015, 17:18

Servus Schrauber,

Zitat:

Irgendwas grundlegendes passt da nicht.

was heißt das? Was bedeutet denn der Eintrag?

Zitat:

Sichere mal alle deine Daten.

Bin dabei. Darf ich einfach alles kopieren oder muss ich da aufpassen (z.B. keine Anwendungen o.Ä.)?

Viele Grüße
Thomas

schrauber · 15.05.2015, 18:26

Keine Anwendungen, einfach nur persönliche Daten wie Mails, Texte, Musik und Videos.
Dann müssen wir tiefer graben warum dieser neue Eintrag auf einmal da ist

ThoWag · 15.05.2015, 18:51

Servus Schrauber,

ok, die wichtigen Daten sind gesichert. Das meiste hatte ich eh schon extern gespeichert. :-)

Vielen, vielen Dank!
Viele Grüße, Thomas

schrauber · 16.05.2015, 13:23

hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

ThoWag · 16.05.2015, 13:51

Servus Schrauber,

keiner meiner USB-Sticks wird von der gebooteten Windows-DVD erkannt. Ich habe daher den FRST64 von der normalen Festplatte genutzt. Ich hoffe, das ist nicht sehr schlimm. :-(

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2015
Ran by SYSTEM on MININT-OSKICPE on 16-05-2015 14:35:09
Running from C:\Users\Thomas\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Thomas\...\RunOnce: [h7BgsM2Ns] => rundll32 "C:\Users\Thomas\AppData\Local\Temp\hG7JnB4dsPnhj5Rqew6L\gwNWQ7HbhamP01AhBowAs.dll" NjRmN2U4YTgwNWQ4YzlhNmM5ZTc1ODAxMGFjOTNiOTBf <===== ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-13 20:41 - 2015-05-16 14:35 - 00000000 _____ () C:\Users\Thomas\Downloads\Main.txt
2015-05-13 20:41 - 2015-05-13 20:41 - 00000000 ____D () C:\Users\Thomas\Downloads\FRST-OlderVersion
2015-05-08 14:17 - 2015-05-08 14:17 - 00268848 _____ () C:\Windows\Minidump\050815-13031-01.dmp
2015-05-08 14:16 - 2015-05-08 14:17 - 00000000 ____D () C:\Windows\Minidump
2015-05-08 14:16 - 2015-05-08 14:16 - 00268848 _____ () C:\Windows\Minidump\050815-12812-01.dmp
2015-05-05 14:08 - 2015-05-05 14:08 - 14179480 _____ (Microsoft Corporation) C:\Users\Thomas\Downloads\mseinstall.exe
2015-05-05 13:13 - 2015-05-05 12:33 - 00000000 ____D () C:\Windows\Panther
2015-05-05 13:12 - 2015-05-05 13:12 - 00262144 _____ () C:\Windows\system32\config\userdiff
2015-05-05 13:04 - 2015-05-05 13:04 - 00000000 ___HD () C:\$INPLACE.~TR
2015-05-05 13:04 - 2015-05-05 12:22 - 00000000 ___HD () C:\$WINDOWS.~Q
2015-05-05 12:50 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2015-05-05 12:50 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2015-05-05 12:50 - 2012-02-17 06:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-05-05 12:50 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2015-05-05 12:33 - 2015-05-05 12:33 - 00000020 ___SH () C:\Users\Thomas\ntuser.ini
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\ProgramData\Favoriten
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-05-05 12:30 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-05 12:30 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-05 12:30 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-05 12:30 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-05 12:30 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-05 12:30 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-05 12:30 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-05 12:30 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-05 12:24 - 2015-05-13 21:46 - 00967600 _____ () C:\Windows\WindowsUpdate.log
2015-05-05 12:21 - 2015-05-05 12:21 - 00022960 _____ () C:\Windows\system32\emptyregdb.dat
2015-05-05 12:16 - 2015-05-05 12:33 - 00000000 ____D () C:\Users\Thomas
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\Vorlagen
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\Startmenü
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\Netzwerkumgebung
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\Lokale Einstellungen
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\Eigene Dateien
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\Druckumgebung
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\Documents\Eigene Musik
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\Documents\Eigene Bilder
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\AppData\Local\Verlauf
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\AppData\Local\Anwendungsdaten
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\Anwendungsdaten
2015-05-05 12:16 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-05 12:16 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-05 12:15 - 2015-05-05 12:15 - 00001355 _____ () C:\Windows\TSSysprep.log
2015-05-05 12:15 - 2015-05-05 12:15 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-05-05 12:15 - 2015-05-05 12:15 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-05-05 11:54 - 2015-05-05 12:21 - 00006256 _____ () C:\Windows\comsetup.log
2015-05-05 10:59 - 2015-05-05 10:59 - 00000652 _____ () C:\Windows\CompatibilityIssues.txt
2015-05-05 10:56 - 2015-05-05 11:50 - 00002544 _____ () C:\Windows\diagwrn.xml
2015-05-05 10:56 - 2015-05-05 11:50 - 00001890 _____ () C:\Windows\diagerr.xml
2015-05-02 20:21 - 2015-05-05 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2015-05-02 20:21 - 2015-05-05 12:18 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2015-05-02 20:21 - 2015-05-02 20:21 - 03015656 _____ (Crystal Dew World ) C:\Users\Thomas\Downloads\CrystalDiskInfo6_3_2-en.exe
2015-05-02 20:21 - 2015-05-02 20:21 - 00001190 _____ () C:\Users\Thomas\Desktop\CrystalDiskInfo.lnk
2015-04-30 11:09 - 2015-04-30 11:09 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-THOMAS-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-30 11:09 - 2015-04-30 11:09 - 00000000 ____D () C:\RegBackup
2015-04-30 11:05 - 2015-05-05 12:19 - 00000000 ____D () C:\Users\Thomas\Downloads\Tweaking.com - Windows Repair
2015-04-30 11:05 - 2015-04-30 11:05 - 10654284 _____ () C:\Users\Thomas\Downloads\tweaking.com_windows_repair_aio.zip
2015-04-28 13:52 - 2015-05-05 12:19 - 00000000 ____D () C:\Users\Thomas\Downloads\bluescreenview_v1.55
2015-04-28 13:48 - 2015-04-28 13:50 - 00067310 _____ () C:\Users\Thomas\Downloads\bluescreenview_v1.55.zip
2015-04-28 10:11 - 2015-05-05 12:18 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-28 10:11 - 2015-05-05 12:18 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-28 10:11 - 2015-05-05 12:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-28 10:11 - 2015-05-05 12:18 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-27 19:54 - 2012-06-02 16:57 - 00000003 ____N () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-04-27 19:12 - 2015-05-05 12:19 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Macromedia
2015-04-27 19:12 - 2015-05-05 12:19 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Adobe
2015-04-27 19:12 - 2015-05-05 12:18 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Macromedia
2015-04-27 17:29 - 2015-05-08 14:17 - 240966187 _____ () C:\Windows\MEMORY.DMP
2015-04-27 15:56 - 2015-04-27 15:56 - 00001211 _____ () C:\Users\Thomas\Downloads\MBAM.txt
2015-04-27 15:51 - 2015-05-05 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-27 15:51 - 2015-05-05 12:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-27 15:51 - 2015-05-05 12:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-27 15:51 - 2015-04-27 15:51 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-27 15:51 - 2015-04-27 15:51 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-27 15:51 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-27 15:51 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-27 15:51 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-27 15:43 - 2015-04-27 15:43 - 00000778 _____ () C:\Users\Thomas\Downloads\gmer.log
2015-04-27 15:24 - 2015-04-27 16:27 - 00009745 _____ () C:\Users\Thomas\Downloads\Addition.txt
2015-04-27 15:23 - 2015-05-13 21:42 - 00025804 _____ () C:\Users\Thomas\Downloads\FRST.txt
2015-04-27 15:19 - 2015-05-13 21:47 - 00000000 ____D () C:\FRST
2015-04-27 15:19 - 2015-04-27 15:19 - 00000474 _____ () C:\Users\Thomas\Downloads\defogger_disable.log
2015-04-27 15:19 - 2015-04-27 15:19 - 00000000 _____ () C:\Users\Thomas\defogger_reenable
2015-04-27 15:18 - 2015-04-27 15:18 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-27 15:17 - 2015-05-13 21:41 - 02104832 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2015-04-27 15:17 - 2015-04-27 15:17 - 00050477 _____ () C:\Users\Thomas\Downloads\Defogger.exe
2015-04-27 15:16 - 2015-04-27 15:16 - 00380416 _____ () C:\Users\Thomas\Downloads\yed4cxii.exe
2015-04-27 12:40 - 2015-04-27 12:40 - 28745120 _____ (Mozilla) C:\Users\Thomas\Downloads\Thunderbird Setup 31.6.0.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-13 20:44 - 2011-04-12 08:43 - 00643628 _____ () C:\Windows\System32\perfh007.dat
2015-05-13 20:44 - 2011-04-12 08:43 - 00126188 _____ () C:\Windows\System32\perfc007.dat
2015-05-13 20:44 - 2009-07-14 06:13 - 01472002 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-05-13 20:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-13 20:39 - 2009-07-14 05:51 - 00039652 _____ () C:\Windows\setupact.log
2015-05-05 18:19 - 2009-07-14 05:45 - 00022336 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-05 18:19 - 2009-07-14 05:45 - 00022336 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-05 13:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-05-05 12:13 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\System32\config\BCD-Template.LOG
2015-05-05 12:13 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\System32\config\BCD-Template
2015-05-05 12:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\oobe
2015-05-05 12:12 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-05-05 12:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\Setup
2015-05-05 11:33 - 2009-07-14 04:20 - 00000000 __RHD () C:\users\Default
2015-05-05 11:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\Recovery
2015-05-05 11:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT
2015-05-05 11:30 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\System32\restore
2015-05-05 11:25 - 2010-11-21 04:47 - 00011286 _____ () C:\Windows\PFRO.log
2015-05-05 11:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Registration
2015-05-05 11:20 - 2009-07-14 05:45 - 00275912 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-05-05 11:19 - 2009-07-14 05:46 - 00005157 _____ () C:\Windows\DtcInstall.log
2015-05-05 11:18 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-05-05 11:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-05-05 11:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\sysprep
2015-04-30 10:18 - 2009-07-14 03:34 - 00000439 _____ () C:\Windows\win.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2015-05-05 11:30:10
Restore point made on: 2015-05-05 11:50:35
Restore point made on: 2015-05-13 20:46:26

==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 4095.55 MB
Available physical RAM: 3482.93 MB
Total Pagefile: 4093.75 MB
Available Pagefile: 3468.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.9 GB) (Free:97.26 GB) NTFS
Drive e: (GSP1RMCHPXFRER_DE_DVD) (CDROM) (Total:3.04 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 120 GB) (Disk ID: 4D8E3977)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.9 GB) - (Type=07 NTFS)


LastRegBack: 2015-05-05 13:39

==================== End Of Log ============================

--- --- ---

Viele Grüße!
Thomas

schrauber · 17.05.2015, 07:50

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\Thomas\...\RunOnce: [h7BgsM2Ns] => rundll32 "C:\Users\Thomas\AppData\Local\Temp\hG7JnB4dsPnhj5Rqew6L\gwNWQ7HbhamP01AhBowAs.dll" NjRmN2U4YTgwNWQ4YzlhNmM5ZTc1ODAxMGFjOTNiOTBf <===== ATTENTION
C:\Users\Thomas\AppData\Local\Temp\hG7JnB4dsPnhj5Rqew6L

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Jetzt bitte nochmal FRST aus dem normalen Modus.

ThoWag · 17.05.2015, 08:39

Servus Schrauber,

ok, hier das Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02
Ran by Thomas at 2015-05-17 09:20:18 Run:1
Running from C:\Users\Thomas\Downloads
Loaded Profiles: Thomas (Available profiles: Thomas)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\Thomas\...\RunOnce: [h7BgsM2Ns] => rundll32 "C:\Users\Thomas\AppData\Local\Temp\hG7JnB4dsPnhj5Rqew6L\gwNWQ7HbhamP01AhBowAs.dll" NjRmN2U4YTgwNWQ4YzlhNmM5ZTc1ODAxMGFjOTNiOTBf <===== ATTENTION
C:\Users\Thomas\AppData\Local\Temp\hG7JnB4dsPnhj5Rqew6L
*****************

HKU\Thomas\Software\Microsoft\Windows\CurrentVersion\RunOnce\\h7BgsM2Ns => Value not found.
"C:\Users\Thomas\AppData\Local\Temp\hG7JnB4dsPnhj5Rqew6L" => File/Directory not found.

==== End of Fixlog 09:20:19 ====

Und hier die anderen Logs:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by Thomas (administrator) on THOMAS-PC on 17-05-2015 09:24:45
Running from C:\Users\Thomas\Downloads
Loaded Profiles: Thomas (Available profiles: Thomas)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2253816567-2930413787-4049114413-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 83.169.184.161

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\svd3mpjz.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-27] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-27] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\svd3mpjz.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-04-27]
FF Extension: Adblock Edge - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\svd3mpjz.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-04-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-16 14:44 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-05-16 14:44 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-05-16 14:44 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-05-16 14:44 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-05-16 14:44 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-05-16 14:44 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-05-16 14:44 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-05-16 14:44 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-05-13 22:14 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 22:14 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 21:41 - 2015-05-17 09:20 - 00000000 ____D () C:\Users\Thomas\Downloads\FRST-OlderVersion
2015-05-13 21:41 - 2015-05-16 15:35 - 00022019 _____ () C:\Users\Thomas\Downloads\Main.txt
2015-05-08 14:17 - 2015-05-08 14:17 - 00268848 _____ () C:\Windows\Minidump\050815-13031-01.dmp
2015-05-08 14:16 - 2015-05-08 14:17 - 00000000 ____D () C:\Windows\Minidump
2015-05-08 14:16 - 2015-05-08 14:16 - 00268848 _____ () C:\Windows\Minidump\050815-12812-01.dmp
2015-05-05 14:08 - 2015-05-05 14:08 - 14179480 _____ (Microsoft Corporation) C:\Users\Thomas\Downloads\mseinstall.exe
2015-05-05 13:13 - 2015-05-05 12:33 - 00000000 ____D () C:\Windows\Panther
2015-05-05 13:12 - 2015-05-05 13:12 - 00262144 _____ () C:\Windows\system32\config\userdiff
2015-05-05 13:04 - 2015-05-05 13:04 - 00000000 ___HD () C:\$INPLACE.~TR
2015-05-05 13:04 - 2015-05-05 12:22 - 00000000 ___HD () C:\$WINDOWS.~Q
2015-05-05 12:50 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2015-05-05 12:50 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2015-05-05 12:50 - 2012-02-17 06:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-05-05 12:50 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2015-05-05 12:33 - 2015-05-05 12:33 - 00000020 ___SH () C:\Users\Thomas\ntuser.ini
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\ProgramData\Favoriten
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-05-05 12:33 - 2015-05-05 12:33 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-05-05 12:30 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-05 12:30 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-05 12:30 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-05 12:30 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-05 12:30 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-05 12:30 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-05 12:30 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-05 12:30 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-05 12:24 - 2015-05-13 21:46 - 00967600 _____ () C:\Windows\WindowsUpdate.log
2015-05-05 12:21 - 2015-05-05 12:21 - 00022960 _____ () C:\Windows\system32\emptyregdb.dat
2015-05-05 12:16 - 2015-05-05 12:33 - 00000000 ____D () C:\Users\Thomas
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\Vorlagen
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\Startmenü
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\Netzwerkumgebung
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\Lokale Einstellungen
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\Eigene Dateien
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\Druckumgebung
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\Documents\Eigene Musik
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\Documents\Eigene Bilder
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\AppData\Local\Verlauf
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\AppData\Local\Anwendungsdaten
2015-05-05 12:16 - 2015-05-05 12:16 - 00000000 _SHDL () C:\Users\Thomas\Anwendungsdaten
2015-05-05 12:16 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-05 12:16 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-05 12:15 - 2015-05-05 12:15 - 00001355 _____ () C:\Windows\TSSysprep.log
2015-05-05 12:15 - 2015-05-05 12:15 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-05-05 12:15 - 2015-05-05 12:15 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-05-05 11:54 - 2015-05-05 12:21 - 00006256 _____ () C:\Windows\comsetup.log
2015-05-05 10:59 - 2015-05-05 10:59 - 00000652 _____ () C:\Windows\CompatibilityIssues.txt
2015-05-05 10:56 - 2015-05-05 11:50 - 00002544 _____ () C:\Windows\diagwrn.xml
2015-05-05 10:56 - 2015-05-05 11:50 - 00001890 _____ () C:\Windows\diagerr.xml
2015-05-02 20:21 - 2015-05-05 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2015-05-02 20:21 - 2015-05-05 12:18 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2015-05-02 20:21 - 2015-05-02 20:21 - 03015656 _____ (Crystal Dew World ) C:\Users\Thomas\Downloads\CrystalDiskInfo6_3_2-en.exe
2015-05-02 20:21 - 2015-05-02 20:21 - 00001190 _____ () C:\Users\Thomas\Desktop\CrystalDiskInfo.lnk
2015-04-30 11:09 - 2015-04-30 11:09 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-THOMAS-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-30 11:09 - 2015-04-30 11:09 - 00000000 ____D () C:\RegBackup
2015-04-30 11:05 - 2015-05-05 12:19 - 00000000 ____D () C:\Users\Thomas\Downloads\Tweaking.com - Windows Repair
2015-04-30 11:05 - 2015-04-30 11:05 - 10654284 _____ () C:\Users\Thomas\Downloads\tweaking.com_windows_repair_aio.zip
2015-04-28 13:52 - 2015-05-05 12:19 - 00000000 ____D () C:\Users\Thomas\Downloads\bluescreenview_v1.55
2015-04-28 13:48 - 2015-04-28 13:50 - 00067310 _____ () C:\Users\Thomas\Downloads\bluescreenview_v1.55.zip
2015-04-28 10:11 - 2015-05-05 12:18 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-28 10:11 - 2015-05-05 12:18 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-28 10:11 - 2015-05-05 12:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-28 10:11 - 2015-05-05 12:18 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-27 19:54 - 2012-06-02 16:57 - 00000003 ____N () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-04-27 19:12 - 2015-05-05 12:19 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Macromedia
2015-04-27 19:12 - 2015-05-05 12:19 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Adobe
2015-04-27 19:12 - 2015-05-05 12:18 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Macromedia
2015-04-27 17:29 - 2015-05-08 14:17 - 240966187 _____ () C:\Windows\MEMORY.DMP
2015-04-27 15:56 - 2015-04-27 15:56 - 00001211 _____ () C:\Users\Thomas\Downloads\MBAM.txt
2015-04-27 15:51 - 2015-05-05 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-27 15:51 - 2015-05-05 12:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-27 15:51 - 2015-05-05 12:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-27 15:51 - 2015-04-27 15:51 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-27 15:51 - 2015-04-27 15:51 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-27 15:51 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-27 15:51 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-27 15:51 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-27 15:43 - 2015-04-27 15:43 - 00000778 _____ () C:\Users\Thomas\Downloads\gmer.log
2015-04-27 15:24 - 2015-04-27 16:27 - 00009745 _____ () C:\Users\Thomas\Downloads\Addition.txt
2015-04-27 15:23 - 2015-05-13 21:42 - 00025804 _____ () C:\Users\Thomas\Downloads\FRST.txt
2015-04-27 15:19 - 2015-05-13 21:47 - 00000000 ____D () C:\FRST
2015-04-27 15:19 - 2015-04-27 15:19 - 00000474 _____ () C:\Users\Thomas\Downloads\defogger_disable.log
2015-04-27 15:19 - 2015-04-27 15:19 - 00000000 _____ () C:\Users\Thomas\defogger_reenable
2015-04-27 15:18 - 2015-04-27 15:18 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-27 15:17 - 2015-05-13 21:41 - 02104832 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2015-04-27 15:17 - 2015-04-27 15:17 - 00050477 _____ () C:\Users\Thomas\Downloads\Defogger.exe
2015-04-27 15:16 - 2015-04-27 15:16 - 00380416 _____ () C:\Users\Thomas\Downloads\yed4cxii.exe
2015-04-27 12:40 - 2015-04-27 12:40 - 28745120 _____ (Mozilla) C:\Users\Thomas\Downloads\Thunderbird Setup 31.6.0.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 09:20 - 2011-04-12 09:43 - 00643628 _____ () C:\Windows\system32\perfh007.dat
2015-05-17 09:20 - 2011-04-12 09:43 - 00126188 _____ () C:\Windows\system32\perfc007.dat
2015-05-17 09:20 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-17 09:16 - 2009-07-14 06:45 - 00022336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-17 09:16 - 2009-07-14 06:45 - 00022336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-17 09:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-17 09:13 - 2009-07-14 06:51 - 00039764 _____ () C:\Windows\setupact.log
2015-05-05 14:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-05 13:13 - 2009-07-14 07:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-05-05 13:13 - 2009-07-14 07:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-05-05 13:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-05-05 13:12 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-05 13:12 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-05-05 13:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Setup
2015-05-05 12:33 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-05 12:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Recovery
2015-05-05 12:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Windows NT
2015-05-05 12:30 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore
2015-05-05 12:25 - 2010-11-21 05:47 - 00011286 _____ () C:\Windows\PFRO.log
2015-05-05 12:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration
2015-05-05 12:20 - 2009-07-14 06:45 - 00275912 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-05 12:19 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-05-05 12:19 - 2009-07-14 06:46 - 00005157 _____ () C:\Windows\DtcInstall.log
2015-05-05 12:19 - 2009-07-14 05:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-05 12:19 - 2009-07-14 05:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-05 12:19 - 2009-07-14 05:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-05 12:19 - 2009-07-14 05:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-05 12:18 - 2011-04-12 09:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-05-05 12:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-05-05 12:15 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-05 12:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-04-30 11:18 - 2009-07-14 04:34 - 00000439 _____ () C:\Windows\win.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-05 14:39

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by Thomas at 2015-05-17 09:25:02
Running from C:\Users\Thomas\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2253816567-2930413787-4049114413-500 - Administrator - Disabled)
Gast (S-1-5-21-2253816567-2930413787-4049114413-501 - Limited - Disabled)
Thomas (S-1-5-21-2253816567-2930413787-4049114413-1000 - Administrator - Enabled) => C:\Users\Thomas

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
CrystalDiskInfo 6.3.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.3.2 - Crystal Dew World)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-05-2015 12:30:06 Windows Update
05-05-2015 12:50:33 Windows Update
13-05-2015 21:46:15 Windows Update
16-05-2015 14:43:23 Windows Update
17-05-2015 09:17:29 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-30 11:18 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E2DACE6-91A8-407A-B987-1D8BA2DF6A10} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {3B092C92-3F4D-4E61-907C-839249096B0E} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {3DEBB22A-72EB-4432-BB7B-502A30F4B796} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {94FB1D75-EE74-449B-8566-1A559D53E4EF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {D6125483-61EA-4217-9C7D-5210D18FEA78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-27] (Adobe Systems Incorporated)
Task: {E4AFA089-81DE-45AE-972E-E8248D3F4732} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {EA2911B0-08AB-4603-801C-0CF1367AED0C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-27 15:02 - 2015-04-27 15:02 - 00514711 _____ () C:\Windows\System32\sakuya64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2253816567-2930413787-4049114413-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 83.169.184.161

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{B83D6681-0807-43DF-AC3B-E3DC3DBC185B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0AC118EF-43B9-400F-9FAC-16F00AE1BD50}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2015 09:22:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe_appraiser.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc9e0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c78c
Ausnahmecode: 0xc06d007f
Fehleroffset: 0x000000000000a49d
ID des fehlerhaften Prozesses: 0xa80
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe_appraiser.dll0
Pfad der fehlerhaften Anwendung: rundll32.exe_appraiser.dll1
Pfad des fehlerhaften Moduls: rundll32.exe_appraiser.dll2
Berichtskennung: rundll32.exe_appraiser.dll3

Error: (05/17/2015 09:15:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2015 02:47:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe_appraiser.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc9e0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c78c
Ausnahmecode: 0xc06d007f
Fehleroffset: 0x000000000000a49d
ID des fehlerhaften Prozesses: 0x8f8
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe_appraiser.dll0
Pfad der fehlerhaften Anwendung: rundll32.exe_appraiser.dll1
Pfad des fehlerhaften Moduls: rundll32.exe_appraiser.dll2
Berichtskennung: rundll32.exe_appraiser.dll3

Error: (05/16/2015 02:41:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 09:41:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2015 02:26:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe_appraiser.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc9e0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c78c
Ausnahmecode: 0xc06d007f
Fehleroffset: 0x000000000000a49d
ID des fehlerhaften Prozesses: 0x844
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe_appraiser.dll0
Pfad der fehlerhaften Anwendung: rundll32.exe_appraiser.dll1
Pfad des fehlerhaften Moduls: rundll32.exe_appraiser.dll2
Berichtskennung: rundll32.exe_appraiser.dll3

Error: (05/08/2015 02:19:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/05/2015 05:19:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/05/2015 00:34:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe_appraiser.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc9e0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c78c
Ausnahmecode: 0xc06d007f
Fehleroffset: 0x000000000000a49d
ID des fehlerhaften Prozesses: 0x838
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe_appraiser.dll0
Pfad der fehlerhaften Anwendung: rundll32.exe_appraiser.dll1
Pfad des fehlerhaften Moduls: rundll32.exe_appraiser.dll2
Berichtskennung: rundll32.exe_appraiser.dll3

Error: (05/05/2015 00:33:43 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (1324) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.


System errors:
=============
Error: (05/17/2015 09:18:34 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (05/17/2015 09:17:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2978668)

Error: (05/17/2015 09:17:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3035126)

Error: (05/17/2015 09:17:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme (KB2852386)

Error: (05/17/2015 09:17:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2862152)

Error: (05/17/2015 09:17:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 SP1 für x64-basierte Systeme (KB2736422)

Error: (05/17/2015 09:17:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3031432)

Error: (05/17/2015 09:17:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-Systeme (KB2698365)

Error: (05/17/2015 09:17:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 SP1 für x64-basierte Systeme (KB2836943)

Error: (05/17/2015 09:17:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3006226)


Microsoft Office Sessions:
=========================
Error: (05/17/2015 09:22:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_appraiser.dll6.1.7600.163854a5bc9e0KERNELBASE.dll6.1.7601.175144ce7c78cc06d007f000000000000a49da8001d0907234523a60C:\Windows\system32\rundll32.exeC:\Windows\system32\KERNELBASE.dll7649e24c-fc65-11e4-a94b-08002710536d

Error: (05/17/2015 09:15:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2015 02:47:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_appraiser.dll6.1.7600.163854a5bc9e0KERNELBASE.dll6.1.7601.175144ce7c78cc06d007f000000000000a49d8f801d08fd67fba91e3C:\Windows\system32\rundll32.exeC:\Windows\system32\KERNELBASE.dllc3478993-fbc9-11e4-ae78-08002710536d

Error: (05/16/2015 02:41:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 09:41:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2015 02:26:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_appraiser.dll6.1.7600.163854a5bc9e0KERNELBASE.dll6.1.7601.175144ce7c78cc06d007f000000000000a49d84401d0898a2b61fb2dC:\Windows\system32\rundll32.exeC:\Windows\system32\KERNELBASE.dll6e0ed5d1-f57d-11e4-a30b-08002710536d

Error: (05/08/2015 02:19:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/05/2015 05:19:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/05/2015 00:34:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_appraiser.dll6.1.7600.163854a5bc9e0KERNELBASE.dll6.1.7601.175144ce7c78cc06d007f000000000000a49d83801d0871f0e5bafecC:\Windows\system32\rundll32.exeC:\Windows\system32\KERNELBASE.dll524340f8-f312-11e4-88c7-08002710536d

Error: (05/05/2015 00:33:43 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail1324WindowsMail0:


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 970 @ 3.20GHz
Percentage of memory in use: 41%
Total physical RAM: 4095.55 MB
Available physical RAM: 2395.24 MB
Total Pagefile: 8189.31 MB
Available Pagefile: 6332.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.9 GB) (Free:96.17 GB) NTFS
Drive d: (GSP1RMCHPXFRER_DE_DVD) (CDROM) (Total:3.04 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 120 GB) (Disk ID: 4D8E3977)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Die Probleme sind noch da, der Rechner wollte sich nach dem FRST-Durchlauf wegen Updates neu starten => Bluescreen.

Viele Grüße
Thomas

schrauber · 17.05.2015, 11:54

Lade Dir bitte Bluescreenview und installiere es:
BlueScreenView - Download - Filepony

Öffnen und den aktuellsten Dump analysieren lassen (macht das Tool automatisch).
Output hier posten.

ThoWag · 17.05.2015, 12:13

Analysieren lassen? Was meinst du damit? Welcher Output? Das hier?

Code:

ATTFilter

==================================================
Dump File         : 051715-11703-01.dmp
Crash Time        : 17.05.2015 09:29:47
Bug Check String  : CRITICAL_OBJECT_TERMINATION
Bug Check Code    : 0x000000f4
Parameter 1       : 00000000`00000003
Parameter 2       : fffffa80`03a96060
Parameter 3       : fffffa80`03a96340
Parameter 4       : fffff800`02fa0db0
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+80640
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Processor         : x64
Crash Address     : ntoskrnl.exe+80640
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\051715-11703-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 268.848
Dump File Time    : 17.05.2015 09:30:20
==================================================

Oder das hier?

Code:

ATTFilter

==================================================
Filename          : ntoskrnl.exe
Address In Stack  : ntoskrnl.exe+383db0
From Address      : fffff800`02c1d000
To Address        : fffff800`03207000
Size              : 0x005ea000
Time Stamp        : 0x4ce7951a
Time String       : 20.11.2010 11:30:02
Product Name      : Microsoft® Windows® Operating System
File Description  : NT Kernel & System
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\ntoskrnl.exe
==================================================

==================================================
Filename          : hal.dll
Address In Stack  : 
From Address      : fffff800`03207000
To Address        : fffff800`03250000
Size              : 0x00049000
Time Stamp        : 0x4ce7c669
Time String       : 20.11.2010 15:00:25
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : kdcom.dll
Address In Stack  : 
From Address      : fffff800`00bb8000
To Address        : fffff800`00bc2000
Size              : 0x0000a000
Time Stamp        : 0x4a5bdfdb
Time String       : 14.07.2009 03:31:07
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : mcupdate_GenuineIntel.dll
Address In Stack  : 
From Address      : fffff880`00ca6000
To Address        : fffff880`00cf5000
Size              : 0x0004f000
Time Stamp        : 0x4ce7c737
Time String       : 20.11.2010 15:03:51
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : PSHED.dll
Address In Stack  : 
From Address      : fffff880`00cf5000
To Address        : fffff880`00d09000
Size              : 0x00014000
Time Stamp        : 0x4a5be027
Time String       : 14.07.2009 03:32:23
Product Name      : Betriebssystem Microsoft® Windows®
File Description  : Plattformspezifischer Hardwarefehlertreiber
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\PSHED.dll
==================================================

==================================================
Filename          : CLFS.SYS
Address In Stack  : 
From Address      : fffff880`00d09000
To Address        : fffff880`00d67000
Size              : 0x0005e000
Time Stamp        : 0x4a5bc11d
Time String       : 14.07.2009 01:19:57
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : CI.dll
Address In Stack  : 
From Address      : fffff880`00eb4000
To Address        : fffff880`00f74000
Size              : 0x000c0000
Time Stamp        : 0x4ce7c944
Time String       : 20.11.2010 15:12:36
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : Wdf01000.sys
Address In Stack  : 
From Address      : fffff880`00e00000
To Address        : fffff880`00ea4000
Size              : 0x000a4000
Time Stamp        : 0x4a5bc19f
Time String       : 14.07.2009 01:22:07
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : WDFLDR.SYS
Address In Stack  : 
From Address      : fffff880`00ea4000
To Address        : fffff880`00eb3000
Size              : 0x0000f000
Time Stamp        : 0x4a5bc11a
Time String       : 14.07.2009 01:19:54
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : ACPI.sys
Address In Stack  : 
From Address      : fffff880`00f74000
To Address        : fffff880`00fcb000
Size              : 0x00057000
Time Stamp        : 0x4ce79294
Time String       : 20.11.2010 11:19:16
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : WMILIB.SYS
Address In Stack  : 
From Address      : fffff880`00fcb000
To Address        : fffff880`00fd4000
Size              : 0x00009000
Time Stamp        : 0x4a5bc117
Time String       : 14.07.2009 01:19:51
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : msisadrv.sys
Address In Stack  : 
From Address      : fffff880`00fd4000
To Address        : fffff880`00fde000
Size              : 0x0000a000
Time Stamp        : 0x4a5bc0fe
Time String       : 14.07.2009 01:19:26
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : pci.sys
Address In Stack  : 
From Address      : fffff880`00d67000
To Address        : fffff880`00d9a000
Size              : 0x00033000
Time Stamp        : 0x4ce7928f
Time String       : 20.11.2010 11:19:11
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : vdrvroot.sys
Address In Stack  : 
From Address      : fffff880`00fde000
To Address        : fffff880`00feb000
Size              : 0x0000d000
Time Stamp        : 0x4a5bcadb
Time String       : 14.07.2009 02:01:31
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : partmgr.sys
Address In Stack  : 
From Address      : fffff880`00feb000
To Address        : fffff880`01000000
Size              : 0x00015000
Time Stamp        : 0x4ce792c0
Time String       : 20.11.2010 11:20:00
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : compbatt.sys
Address In Stack  : 
From Address      : fffff880`00d9a000
To Address        : fffff880`00da3000
Size              : 0x00009000
Time Stamp        : 0x4a5bc3b6
Time String       : 14.07.2009 01:31:02
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : BATTC.SYS
Address In Stack  : 
From Address      : fffff880`00da3000
To Address        : fffff880`00daf000
Size              : 0x0000c000
Time Stamp        : 0x4a5bc3b5
Time String       : 14.07.2009 01:31:01
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : volmgr.sys
Address In Stack  : 
From Address      : fffff880`00daf000
To Address        : fffff880`00dc4000
Size              : 0x00015000
Time Stamp        : 0x4ce792a0
Time String       : 20.11.2010 11:19:28
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : volmgrx.sys
Address In Stack  : 
From Address      : fffff880`00c00000
To Address        : fffff880`00c5c000
Size              : 0x0005c000
Time Stamp        : 0x4ce792eb
Time String       : 20.11.2010 11:20:43
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : intelide.sys
Address In Stack  : 
From Address      : fffff880`00c5c000
To Address        : fffff880`00c64000
Size              : 0x00008000
Time Stamp        : 0x4a5bc114
Time String       : 14.07.2009 01:19:48
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : PCIIDEX.SYS
Address In Stack  : 
From Address      : fffff880`00c64000
To Address        : fffff880`00c74000
Size              : 0x00010000
Time Stamp        : 0x4a5bc114
Time String       : 14.07.2009 01:19:48
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : mountmgr.sys
Address In Stack  : 
From Address      : fffff880`00c74000
To Address        : fffff880`00c8e000
Size              : 0x0001a000
Time Stamp        : 0x4ce79299
Time String       : 20.11.2010 11:19:21
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : atapi.sys
Address In Stack  : 
From Address      : fffff880`00c8e000
To Address        : fffff880`00c97000
Size              : 0x00009000
Time Stamp        : 0x4a5bc113
Time String       : 14.07.2009 01:19:47
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : ataport.SYS
Address In Stack  : 
From Address      : fffff880`00dc4000
To Address        : fffff880`00dee000
Size              : 0x0002a000
Time Stamp        : 0x4ce79293
Time String       : 20.11.2010 11:19:15
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : msahci.sys
Address In Stack  : 
From Address      : fffff880`00dee000
To Address        : fffff880`00df9000
Size              : 0x0000b000
Time Stamp        : 0x4ce7a416
Time String       : 20.11.2010 12:33:58
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : amdxata.sys
Address In Stack  : 
From Address      : fffff880`00c97000
To Address        : fffff880`00ca2000
Size              : 0x0000b000
Time Stamp        : 0x4ba3a3ca
Time String       : 19.03.2010 18:18:18
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : fltmgr.sys
Address In Stack  : 
From Address      : fffff880`01089000
To Address        : fffff880`010d5000
Size              : 0x0004c000
Time Stamp        : 0x4ce7929c
Time String       : 20.11.2010 11:19:24
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : fileinfo.sys
Address In Stack  : 
From Address      : fffff880`010d5000
To Address        : fffff880`010e9000
Size              : 0x00014000
Time Stamp        : 0x4a5bc481
Time String       : 14.07.2009 01:34:25
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : Ntfs.sys
Address In Stack  : 
From Address      : fffff880`01254000
To Address        : fffff880`013f7000
Size              : 0x001a3000
Time Stamp        : 0x4ce792f9
Time String       : 20.11.2010 11:20:57
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : msrpc.sys
Address In Stack  : 
From Address      : fffff880`010e9000
To Address        : fffff880`01147000
Size              : 0x0005e000
Time Stamp        : 0x4ce79334
Time String       : 20.11.2010 11:21:56
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : ksecdd.sys
Address In Stack  : 
From Address      : fffff880`01200000
To Address        : fffff880`0121b000
Size              : 0x0001b000
Time Stamp        : 0x4ce7930b
Time String       : 20.11.2010 11:21:15
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : cng.sys
Address In Stack  : 
From Address      : fffff880`01147000
To Address        : fffff880`011b9000
Size              : 0x00072000
Time Stamp        : 0x4ce79e2d
Time String       : 20.11.2010 12:08:45
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : pcw.sys
Address In Stack  : 
From Address      : fffff880`0121b000
To Address        : fffff880`0122c000
Size              : 0x00011000
Time Stamp        : 0x4a5bc0ff
Time String       : 14.07.2009 01:19:27
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : Fs_Rec.sys
Address In Stack  : 
From Address      : fffff880`0122c000
To Address        : fffff880`01236000
Size              : 0x0000a000
Time Stamp        : 0x4a5bc111
Time String       : 14.07.2009 01:19:45
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : ndis.sys
Address In Stack  : 
From Address      : fffff880`014c0000
To Address        : fffff880`015b3000
Size              : 0x000f3000
Time Stamp        : 0x4ce79392
Time String       : 20.11.2010 11:23:30
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : NETIO.SYS
Address In Stack  : 
From Address      : fffff880`01400000
To Address        : fffff880`01460000
Size              : 0x00060000
Time Stamp        : 0x4ce79381
Time String       : 20.11.2010 11:23:13
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : ksecpkg.sys
Address In Stack  : 
From Address      : fffff880`01460000
To Address        : fffff880`0148b000
Size              : 0x0002b000
Time Stamp        : 0x4ce79e9a
Time String       : 20.11.2010 12:10:34
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : tcpip.sys
Address In Stack  : 
From Address      : fffff880`01684000
To Address        : fffff880`01888000
Size              : 0x00204000
Time Stamp        : 0x4ce79420
Time String       : 20.11.2010 11:25:52
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : fwpkclnt.sys
Address In Stack  : 
From Address      : fffff880`01888000
To Address        : fffff880`018d2000
Size              : 0x0004a000
Time Stamp        : 0x4ce79321
Time String       : 20.11.2010 11:21:37
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : volsnap.sys
Address In Stack  : 
From Address      : fffff880`018d2000
To Address        : fffff880`0191e000
Size              : 0x0004c000
Time Stamp        : 0x4ce792c8
Time String       : 20.11.2010 11:20:08
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : spldr.sys
Address In Stack  : 
From Address      : fffff880`0191e000
To Address        : fffff880`01926000
Size              : 0x00008000
Time Stamp        : 0x4a0858bb
Time String       : 11.05.2009 18:56:27
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : rdyboost.sys
Address In Stack  : 
From Address      : fffff880`01926000
To Address        : fffff880`01960000
Size              : 0x0003a000
Time Stamp        : 0x4ce7982e
Time String       : 20.11.2010 11:43:10
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : mup.sys
Address In Stack  : 
From Address      : fffff880`01960000
To Address        : fffff880`01972000
Size              : 0x00012000
Time Stamp        : 0x4a5bc201
Time String       : 14.07.2009 01:23:45
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : hwpolicy.sys
Address In Stack  : 
From Address      : fffff880`01972000
To Address        : fffff880`0197b000
Size              : 0x00009000
Time Stamp        : 0x4ce7927e
Time String       : 20.11.2010 11:18:54
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : fvevol.sys
Address In Stack  : 
From Address      : fffff880`0197b000
To Address        : fffff880`019b5000
Size              : 0x0003a000
Time Stamp        : 0x4ce793b6
Time String       : 20.11.2010 11:24:06
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : disk.sys
Address In Stack  : 
From Address      : fffff880`019b5000
To Address        : fffff880`019cb000
Size              : 0x00016000
Time Stamp        : 0x4a5bc11d
Time String       : 14.07.2009 01:19:57
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : CLASSPNP.SYS
Address In Stack  : 
From Address      : fffff880`019cb000
To Address        : fffff880`019fb000
Size              : 0x00030000
Time Stamp        : 0x4ce7929b
Time String       : 20.11.2010 11:19:23
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : cdrom.sys
Address In Stack  : 
From Address      : fffff880`01638000
To Address        : fffff880`01662000
Size              : 0x0002a000
Time Stamp        : 0x4ce79298
Time String       : 20.11.2010 11:19:20
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : Null.SYS
Address In Stack  : 
From Address      : fffff880`01662000
To Address        : fffff880`0166b000
Size              : 0x00009000
Time Stamp        : 0x4a5bc109
Time String       : 14.07.2009 01:19:37
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : Beep.SYS
Address In Stack  : 
From Address      : fffff880`0166b000
To Address        : fffff880`01672000
Size              : 0x00007000
Time Stamp        : 0x4a5bca8d
Time String       : 14.07.2009 02:00:13
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : vga.sys
Address In Stack  : 
From Address      : fffff880`01672000
To Address        : fffff880`01680000
Size              : 0x0000e000
Time Stamp        : 0x4a5bc587
Time String       : 14.07.2009 01:38:47
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : VIDEOPRT.SYS
Address In Stack  : 
From Address      : fffff880`0148b000
To Address        : fffff880`014b0000
Size              : 0x00025000
Time Stamp        : 0x4a5bc58b
Time String       : 14.07.2009 01:38:51
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : watchdog.sys
Address In Stack  : 
From Address      : fffff880`014b0000
To Address        : fffff880`014c0000
Size              : 0x00010000
Time Stamp        : 0x4a5bc53f
Time String       : 14.07.2009 01:37:35
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : RDPCDD.sys
Address In Stack  : 
From Address      : fffff880`015b3000
To Address        : fffff880`015bc000
Size              : 0x00009000
Time Stamp        : 0x4a5bce62
Time String       : 14.07.2009 02:16:34
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : rdpencdd.sys
Address In Stack  : 
From Address      : fffff880`015bc000
To Address        : fffff880`015c5000
Size              : 0x00009000
Time Stamp        : 0x4a5bce62
Time String       : 14.07.2009 02:16:34
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : rdprefmp.sys
Address In Stack  : 
From Address      : fffff880`015c5000
To Address        : fffff880`015ce000
Size              : 0x00009000
Time Stamp        : 0x4a5bce63
Time String       : 14.07.2009 02:16:35
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : Msfs.SYS
Address In Stack  : 
From Address      : fffff880`015ce000
To Address        : fffff880`015d9000
Size              : 0x0000b000
Time Stamp        : 0x4a5bc113
Time String       : 14.07.2009 01:19:47
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : Npfs.SYS
Address In Stack  : 
From Address      : fffff880`015d9000
To Address        : fffff880`015ea000
Size              : 0x00011000
Time Stamp        : 0x4a5bc114
Time String       : 14.07.2009 01:19:48
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : tdx.sys
Address In Stack  : 
From Address      : fffff880`011b9000
To Address        : fffff880`011db000
Size              : 0x00022000
Time Stamp        : 0x4ce79332
Time String       : 20.11.2010 11:21:54
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : TDI.SYS
Address In Stack  : 
From Address      : fffff880`015ea000
To Address        : fffff880`015f7000
Size              : 0x0000d000
Time Stamp        : 0x4ce7933e
Time String       : 20.11.2010 11:22:06
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : afd.sys
Address In Stack  : 
From Address      : fffff880`01000000
To Address        : fffff880`01089000
Size              : 0x00089000
Time Stamp        : 0x4ce7938f
Time String       : 20.11.2010 11:23:27
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : netbt.sys
Address In Stack  : 
From Address      : fffff880`03a4c000
To Address        : fffff880`03a91000
Size              : 0x00045000
Time Stamp        : 0x4ce79386
Time String       : 20.11.2010 11:23:18
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : wfplwf.sys
Address In Stack  : 
From Address      : fffff880`03a91000
To Address        : fffff880`03a9a000
Size              : 0x00009000
Time Stamp        : 0x4a5bccb6
Time String       : 14.07.2009 02:09:26
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : pacer.sys
Address In Stack  : 
From Address      : fffff880`03a9a000
To Address        : fffff880`03ac0000
Size              : 0x00026000
Time Stamp        : 0x4ce7a862
Time String       : 20.11.2010 12:52:18
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : netbios.sys
Address In Stack  : 
From Address      : fffff880`03ac0000
To Address        : fffff880`03acf000
Size              : 0x0000f000
Time Stamp        : 0x4a5bccb6
Time String       : 14.07.2009 02:09:26
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : wanarp.sys
Address In Stack  : 
From Address      : fffff880`03acf000
To Address        : fffff880`03aea000
Size              : 0x0001b000
Time Stamp        : 0x4ce7a874
Time String       : 20.11.2010 12:52:36
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : termdd.sys
Address In Stack  : 
From Address      : fffff880`03aea000
To Address        : fffff880`03afe000
Size              : 0x00014000
Time Stamp        : 0x4ce7ab0c
Time String       : 20.11.2010 13:03:40
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : rdbss.sys
Address In Stack  : 
From Address      : fffff880`03afe000
To Address        : fffff880`03b4f000
Size              : 0x00051000
Time Stamp        : 0x4ce79497
Time String       : 20.11.2010 11:27:51
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : nsiproxy.sys
Address In Stack  : 
From Address      : fffff880`03b4f000
To Address        : fffff880`03b5b000
Size              : 0x0000c000
Time Stamp        : 0x4a5bc15e
Time String       : 14.07.2009 01:21:02
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : mssmbios.sys
Address In Stack  : 
From Address      : fffff880`03b5b000
To Address        : fffff880`03b66000
Size              : 0x0000b000
Time Stamp        : 0x4a5bc3be
Time String       : 14.07.2009 01:31:10
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : discache.sys
Address In Stack  : 
From Address      : fffff880`03b66000
To Address        : fffff880`03b75000
Size              : 0x0000f000
Time Stamp        : 0x4a5bc52e
Time String       : 14.07.2009 01:37:18
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : dfsc.sys
Address In Stack  : 
From Address      : fffff880`03b75000
To Address        : fffff880`03b93000
Size              : 0x0001e000
Time Stamp        : 0x4ce79447
Time String       : 20.11.2010 11:26:31
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : blbdrive.sys
Address In Stack  : 
From Address      : fffff880`03b93000
To Address        : fffff880`03ba4000
Size              : 0x00011000
Time Stamp        : 0x4a5bc4df
Time String       : 14.07.2009 01:35:59
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : tunnel.sys
Address In Stack  : 
From Address      : fffff880`03ba4000
To Address        : fffff880`03bca000
Size              : 0x00026000
Time Stamp        : 0x4ce7a846
Time String       : 20.11.2010 12:51:50
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : i8042prt.sys
Address In Stack  : 
From Address      : fffff880`03bca000
To Address        : fffff880`03be8000
Size              : 0x0001e000
Time Stamp        : 0x4a5bc11d
Time String       : 14.07.2009 01:19:57
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : kbdclass.sys
Address In Stack  : 
From Address      : fffff880`03be8000
To Address        : fffff880`03bf7000
Size              : 0x0000f000
Time Stamp        : 0x4a5bc116
Time String       : 14.07.2009 01:19:50
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : mouclass.sys
Address In Stack  : 
From Address      : fffff880`03a00000
To Address        : fffff880`03a0f000
Size              : 0x0000f000
Time Stamp        : 0x4a5bc116
Time String       : 14.07.2009 01:19:50
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : parport.sys
Address In Stack  : 
From Address      : fffff880`03a0f000
To Address        : fffff880`03a2c000
Size              : 0x0001d000
Time Stamp        : 0x4a5bcaa8
Time String       : 14.07.2009 02:00:40
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : vgapnp.sys
Address In Stack  : 
From Address      : fffff880`03a2c000
To Address        : fffff880`03a3a000
Size              : 0x0000e000
Time Stamp        : 0x4a5bc587
Time String       : 14.07.2009 01:38:47
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : E1G6032E.sys
Address In Stack  : 
From Address      : fffff880`011db000
To Address        : fffff880`011fe980
Size              : 0x00023980
Time Stamp        : 0x483de76b
Time String       : 29.05.2008 01:14:51
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : HDAudBus.sys
Address In Stack  : 
From Address      : fffff880`02cd1000
To Address        : fffff880`02cf5000
Size              : 0x00024000
Time Stamp        : 0x4ce7a65e
Time String       : 20.11.2010 12:43:42
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : usbohci.sys
Address In Stack  : 
From Address      : fffff880`02cf5000
To Address        : fffff880`02d00000
Size              : 0x0000b000
Time Stamp        : 0x4a5bcc06
Time String       : 14.07.2009 02:06:30
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : USBPORT.SYS
Address In Stack  : 
From Address      : fffff880`02d00000
To Address        : fffff880`02d56000
Size              : 0x00056000
Time Stamp        : 0x4ce7a670
Time String       : 20.11.2010 12:44:00
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : CmBatt.sys
Address In Stack  : 
From Address      : fffff880`02d56000
To Address        : fffff880`02d5a500
Size              : 0x00004500
Time Stamp        : 0x4a5bc3b7
Time String       : 14.07.2009 01:31:03
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : intelppm.sys
Address In Stack  : 
From Address      : fffff880`02d5b000
To Address        : fffff880`02d71000
Size              : 0x00016000
Time Stamp        : 0x4a5bc0fd
Time String       : 14.07.2009 01:19:25
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : CompositeBus.sys
Address In Stack  : 
From Address      : fffff880`02d71000
To Address        : fffff880`02d81000
Size              : 0x00010000
Time Stamp        : 0x4ce7a3ed
Time String       : 20.11.2010 12:33:17
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : AgileVpn.sys
Address In Stack  : 
From Address      : fffff880`02d81000
To Address        : fffff880`02d97000
Size              : 0x00016000
Time Stamp        : 0x4a5bccf0
Time String       : 14.07.2009 02:10:24
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : rasl2tp.sys
Address In Stack  : 
From Address      : fffff880`02d97000
To Address        : fffff880`02dbb000
Size              : 0x00024000
Time Stamp        : 0x4ce7a872
Time String       : 20.11.2010 12:52:34
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : ndistapi.sys
Address In Stack  : 
From Address      : fffff880`02dbb000
To Address        : fffff880`02dc7000
Size              : 0x0000c000
Time Stamp        : 0x4a5bccd8
Time String       : 14.07.2009 02:10:00
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : ndiswan.sys
Address In Stack  : 
From Address      : fffff880`02dc7000
To Address        : fffff880`02df6000
Size              : 0x0002f000
Time Stamp        : 0x4ce7a870
Time String       : 20.11.2010 12:52:32
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : raspppoe.sys
Address In Stack  : 
From Address      : fffff880`02c00000
To Address        : fffff880`02c1b000
Size              : 0x0001b000
Time Stamp        : 0x4a5bcce9
Time String       : 14.07.2009 02:10:17
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : raspptp.sys
Address In Stack  : 
From Address      : fffff880`02c1b000
To Address        : fffff880`02c3c000
Size              : 0x00021000
Time Stamp        : 0x4ce7a86f
Time String       : 20.11.2010 12:52:31
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : rassstp.sys
Address In Stack  : 
From Address      : fffff880`02c3c000
To Address        : fffff880`02c56000
Size              : 0x0001a000
Time Stamp        : 0x4a5bccf1
Time String       : 14.07.2009 02:10:25
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : swenum.sys
Address In Stack  : 
From Address      : fffff880`02c56000
To Address        : fffff880`02c57480
Size              : 0x00001480
Time Stamp        : 0x4a5bca92
Time String       : 14.07.2009 02:00:18
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : ks.sys
Address In Stack  : 
From Address      : fffff880`02c58000
To Address        : fffff880`02c9b000
Size              : 0x00043000
Time Stamp        : 0x4ce7a3f3
Time String       : 20.11.2010 12:33:23
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : umbus.sys
Address In Stack  : 
From Address      : fffff880`02c9b000
To Address        : fffff880`02cad000
Size              : 0x00012000
Time Stamp        : 0x4ce7a695
Time String       : 20.11.2010 12:44:37
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : usbhub.sys
Address In Stack  : 
From Address      : fffff880`048f9000
To Address        : fffff880`04953000
Size              : 0x0005a000
Time Stamp        : 0x4ce7a68e
Time String       : 20.11.2010 12:44:30
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : NDProxy.SYS
Address In Stack  : 
From Address      : fffff880`04953000
To Address        : fffff880`04968000
Size              : 0x00015000
Time Stamp        : 0x4ce7a864
Time String       : 20.11.2010 12:52:20
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : HdAudio.sys
Address In Stack  : 
From Address      : fffff880`04968000
To Address        : fffff880`049c4000
Size              : 0x0005c000
Time Stamp        : 0x4ce7a687
Time String       : 20.11.2010 12:44:23
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : portcls.sys
Address In Stack  : 
From Address      : fffff880`04800000
To Address        : fffff880`0483d000
Size              : 0x0003d000
Time Stamp        : 0x4a5bcc03
Time String       : 14.07.2009 02:06:27
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : drmk.sys
Address In Stack  : 
From Address      : fffff880`0483d000
To Address        : fffff880`0485f000
Size              : 0x00022000
Time Stamp        : 0x4a5bd8e5
Time String       : 14.07.2009 03:01:25
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : ksthunk.sys
Address In Stack  : 
From Address      : fffff880`0485f000
To Address        : fffff880`04864200
Size              : 0x00005200
Time Stamp        : 0x4a5bca93
Time String       : 14.07.2009 02:00:19
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : hidusb.sys
Address In Stack  : 
From Address      : fffff880`04865000
To Address        : fffff880`04873000
Size              : 0x0000e000
Time Stamp        : 0x4ce7a665
Time String       : 20.11.2010 12:43:49
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : HIDCLASS.SYS
Address In Stack  : 
From Address      : fffff880`04873000
To Address        : fffff880`0488c000
Size              : 0x00019000
Time Stamp        : 0x4ce7a665
Time String       : 20.11.2010 12:43:49
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : HIDPARSE.SYS
Address In Stack  : 
From Address      : fffff880`0488c000
To Address        : fffff880`04894080
Size              : 0x00008080
Time Stamp        : 0x4a5bcbf9
Time String       : 14.07.2009 02:06:17
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : USBD.SYS
Address In Stack  : 
From Address      : fffff880`04895000
To Address        : fffff880`04896f00
Size              : 0x00001f00
Time Stamp        : 0x4a5bcbff
Time String       : 14.07.2009 02:06:23
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : udfs.sys
Address In Stack  : 
From Address      : fffff880`04897000
To Address        : fffff880`048ec000
Size              : 0x00055000
Time Stamp        : 0x4ce79433
Time String       : 20.11.2010 11:26:11
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : mouhid.sys
Address In Stack  : 
From Address      : fffff880`048ec000
To Address        : fffff880`048f9000
Size              : 0x0000d000
Time Stamp        : 0x4a5bca94
Time String       : 14.07.2009 02:00:20
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : crashdmp.sys
Address In Stack  : 
From Address      : fffff880`049c4000
To Address        : fffff880`049d2000
Size              : 0x0000e000
Time Stamp        : 0x4a5bcabd
Time String       : 14.07.2009 02:01:01
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : dump_dumpata.sys
Address In Stack  : 
From Address      : fffff880`049d2000
To Address        : fffff880`049de000
Size              : 0x0000c000
Time Stamp        : 0x4a5bc113
Time String       : 14.07.2009 01:19:47
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : dump_msahci.sys
Address In Stack  : 
From Address      : fffff880`049de000
To Address        : fffff880`049e9000
Size              : 0x0000b000
Time Stamp        : 0x4ce7a416
Time String       : 20.11.2010 12:33:58
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : dump_dumpfve.sys
Address In Stack  : 
From Address      : fffff880`049e9000
To Address        : fffff880`049fc000
Size              : 0x00013000
Time Stamp        : 0x4a5bc18f
Time String       : 14.07.2009 01:21:51
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : win32k.sys
Address In Stack  : 
From Address      : fffff960`000a0000
To Address        : fffff960`003b0000
Size              : 0x00310000
Time Stamp        : 0x4ce79a73
Time String       : 20.11.2010 11:52:51
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : Dxapi.sys
Address In Stack  : 
From Address      : fffff880`02cad000
To Address        : fffff880`02cb9000
Size              : 0x0000c000
Time Stamp        : 0x4a5bc574
Time String       : 14.07.2009 01:38:28
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : dxg.sys
Address In Stack  : 
From Address      : fffff960`00590000
To Address        : fffff960`005ae000
Size              : 0x0001e000
Time Stamp        : 0x4a5bc574
Time String       : 14.07.2009 01:38:28
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : monitor.sys
Address In Stack  : 
From Address      : fffff880`02cb9000
To Address        : fffff880`02cc7000
Size              : 0x0000e000
Time Stamp        : 0x4a5bc58c
Time String       : 14.07.2009 01:38:52
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : TSDDD.dll
Address In Stack  : 
From Address      : fffff960`007f0000
To Address        : fffff960`007fa000
Size              : 0x0000a000
Time Stamp        : 0x00000000
Time String       : 
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : framebuf.dll
Address In Stack  : 
From Address      : fffff960`00970000
To Address        : fffff960`00979000
Size              : 0x00009000
Time Stamp        : 0x4a5bc587
Time String       : 14.07.2009 01:38:47
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : luafv.sys
Address In Stack  : 
From Address      : fffff880`01600000
To Address        : fffff880`01623000
Size              : 0x00023000
Time Stamp        : 0x4a5bc295
Time String       : 14.07.2009 01:26:13
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : mbam.sys
Address In Stack  : 
From Address      : fffff880`02cc7000
To Address        : fffff880`02cd1000
Size              : 0x0000a000
Time Stamp        : 0x540754e1
Time String       : 03.09.2014 19:50:25
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : lltdio.sys
Address In Stack  : 
From Address      : fffff880`01623000
To Address        : fffff880`01638000
Size              : 0x00015000
Time Stamp        : 0x4a5bcc92
Time String       : 14.07.2009 02:08:50
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : rspndr.sys
Address In Stack  : 
From Address      : fffff880`01236000
To Address        : fffff880`0124e000
Size              : 0x00018000
Time Stamp        : 0x4a5bcc92
Time String       : 14.07.2009 02:08:50
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : HTTP.sys
Address In Stack  : 
From Address      : fffff880`02893000
To Address        : fffff880`0295c000
Size              : 0x000c9000
Time Stamp        : 0x4ce793ce
Time String       : 20.11.2010 11:24:30
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : bowser.sys
Address In Stack  : 
From Address      : fffff880`0295c000
To Address        : fffff880`0297a000
Size              : 0x0001e000
Time Stamp        : 0x4a5bc206
Time String       : 14.07.2009 01:23:50
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : mpsdrv.sys
Address In Stack  : 
From Address      : fffff880`0297a000
To Address        : fffff880`02992000
Size              : 0x00018000
Time Stamp        : 0x4a5bcc79
Time String       : 14.07.2009 02:08:25
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : mrxsmb.sys
Address In Stack  : 
From Address      : fffff880`02992000
To Address        : fffff880`029bf000
Size              : 0x0002d000
Time Stamp        : 0x4ce7948d
Time String       : 20.11.2010 11:27:41
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : mrxsmb10.sys
Address In Stack  : 
From Address      : fffff880`02800000
To Address        : fffff880`0284d000
Size              : 0x0004d000
Time Stamp        : 0x4ce7945d
Time String       : 20.11.2010 11:26:53
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : mrxsmb20.sys
Address In Stack  : 
From Address      : fffff880`0284d000
To Address        : fffff880`02871000
Size              : 0x00024000
Time Stamp        : 0x4ce79457
Time String       : 20.11.2010 11:26:47
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : peauth.sys
Address In Stack  : 
From Address      : fffff880`038e5000
To Address        : fffff880`0398b000
Size              : 0x000a6000
Time Stamp        : 0x4a5bd8df
Time String       : 14.07.2009 03:01:19
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : secdrv.SYS
Address In Stack  : 
From Address      : fffff880`0398b000
To Address        : fffff880`03996000
Size              : 0x0000b000
Time Stamp        : 0x4508052e
Time String       : 13.09.2006 15:18:38
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : srvnet.sys
Address In Stack  : 
From Address      : fffff880`03996000
To Address        : fffff880`039c7000
Size              : 0x00031000
Time Stamp        : 0x4ce79478
Time String       : 20.11.2010 11:27:20
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : tcpipreg.sys
Address In Stack  : 
From Address      : fffff880`039c7000
To Address        : fffff880`039d9000
Size              : 0x00012000
Time Stamp        : 0x4ce7a844
Time String       : 20.11.2010 12:51:48
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : srv2.sys
Address In Stack  : 
From Address      : fffff880`03800000
To Address        : fffff880`0386b000
Size              : 0x0006b000
Time Stamp        : 0x4ce7948f
Time String       : 20.11.2010 11:27:43
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : srv.sys
Address In Stack  : 
From Address      : fffff880`03e33000
To Address        : fffff880`03ecc000
Size              : 0x00099000
Time Stamp        : 0x4ce794a5
Time String       : 20.11.2010 11:28:05
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

==================================================
Filename          : spsys.sys
Address In Stack  : 
From Address      : fffff880`03ecc000
To Address        : fffff880`03f3d000
Size              : 0x00071000
Time Stamp        : 0x4a085e7a
Time String       : 11.05.2009 19:20:58
Product Name      : 
File Description  : 
File Version      : 
Company           : 
Full Path         : 
==================================================

Viele Grüße
Thomas

schrauber · 18.05.2015, 08:25

https://social.technet.microsoft.com...w7itprogeneral

Bitte mal die Lösungsvorschläge hier abarbeiten

15.05.2015, 18:26	#33
schrauber /// the machine /// TB-Ausbilder	Seltsame Anwendung wollte bei Thunderbird-Setup Administratorrechte Keine Anwendungen, einfach nur persönliche Daten wie Mails, Texte, Musik und Videos. Dann müssen wir tiefer graben warum dieser neue Eintrag auf einmal da ist __________________ __________________

18.05.2015, 08:25	#41
schrauber /// the machine /// TB-Ausbilder	Seltsame Anwendung wollte bei Thunderbird-Setup Administratorrechte https://social.technet.microsoft.com...w7itprogeneral Bitte mal die Lösungsvorschläge hier abarbeiten __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Seltsame Anwendung wollte bei Thunderbird-Setup Administratorrechte

Plagegeister aller Art und deren Bekämpfung: Seltsame Anwendung wollte bei Thunderbird-Setup Administratorrechte