Startfenster.com - mich hat es auch erwischt, grrr.

Kuss80 · 31.08.2012, 21:01

Abend,

da hat man ein neues Notebook und möchte "nur" ein paar freeware Programme installieren und dann DAS.

Anbei die Log von Malwarebytes:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.31.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
sofiab :: SOFIAB-PC [Administrator]

31.08.2012 21:27:10
mbam-log-2012-08-31 (21-27-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 284107
Laufzeit: 23 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Ich vermute mal, dass es wohl nun mit OTL weitergehen wird, jedoch bitte ich für die nächsten Schritte dann doch lieber um eure Mithilfe.

Vorab schon einmal 1.000-Dank.

Hat den wirklich keiner einer Tipp wie ich nun weiterverfahren sollte?

Hat den wirklich keiner einer Tipp wie ich nun weiterverfahren sollte?

Hier nun mal die ESET-LOG:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b2ee0ccc87e6b44eade9b27e2d4b728b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-01 10:43:19
# local_time=2012-09-01 12:43:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 154101 154101 0 0
# compatibility_mode=5893 16776573 100 94 2421 98123369 0 0
# compatibility_mode=8192 67108863 100 0 276 276 0 0
# scanned=117419
# found=0
# cleaned=0
# scan_time=2680

cosinus · 01.09.2012, 13:26

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Kuss80 · 01.09.2012, 13:30

Mahlzeit und Danke für die Hilfestellung.

1. Nein, war mein erster Scan mit Malwarebytes.

2. Hier die adwCleaner-LOG:

Code:

ATTFilter

# AdwCleaner v2.000 - Datei am 09/01/2012 um 14:27:36 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : sofiab - SOFIAB-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\sofiab\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\ProgramData\Partner

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\sofiab\AppData\Roaming\Mozilla\Firefox\Profiles\jnze214t.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1891 octets] - [01/09/2012 14:27:36]

########## EOF - C:\AdwCleaner[R1].txt - [1951 octets] ##########

cosinus · 01.09.2012, 13:32

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Kuss80 · 01.09.2012, 13:41

bitte sehr:

Code:

ATTFilter

# AdwCleaner v2.000 - Datei am 09/01/2012 um 14:36:44 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : sofiab - SOFIAB-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\sofiab\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Partner

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\sofiab\AppData\Roaming\Mozilla\Firefox\Profiles\jnze214t.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2608 octets] - [01/09/2012 14:36:44]

########## EOF - C:\AdwCleaner[S1].txt - [2668 octets] ##########

cosinus · 01.09.2012, 13:53

Hätte da mal drei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
3.) Das Startfenster ist nun weg?

Kuss80 · 01.09.2012, 13:57

1. Der normale Modus funktioniert.
2. Nein, scheint alles vorhanden zu sein.

3. Nein, wenn ich den IE öffne, dann wird dort die Seite "startfenster.de" angezeigt. Zudem habe ich noch die zugehörige Verknüpfung auf dem Desktop.

cosinus · 01.09.2012, 14:02

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Kuss80 · 01.09.2012, 14:25

hier isse:

Code:

ATTFilter

OTL logfile created on: 9/1/2012 3:13:12 PM - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\sofiab\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.91 Gb Total Physical Memory | 6.12 Gb Available Physical Memory | 77.35% Memory free
15.83 Gb Paging File | 13.91 Gb Available in Paging File | 87.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 251.00 Gb Total Space | 203.10 Gb Free Space | 80.92% Space Free | Partition Type: NTFS
Drive D: | 427.01 Gb Total Space | 426.80 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
 
Computer Name: SOFIAB-PC | User Name: sofiab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/09/01 15:11:01 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\sofiab\Desktop\OTL.exe
PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011/02/01 23:24:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 23:24:38 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/03 21:01:34 | 000,983,104 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2010/11/03 21:01:20 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2010/11/03 20:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2010/11/03 20:53:06 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2010/10/13 13:04:22 | 000,097,560 | ---- | M] (Fujitsu Technology Solutions) -- C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
PRC - [2010/09/30 03:05:32 | 000,048,752 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2009/08/13 15:06:00 | 000,662,016 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe
PRC - [2009/07/08 21:58:26 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/09/01 13:59:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/09/01 13:59:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/09/01 13:59:16 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/09/01 13:59:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/09/01 13:59:09 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/09/01 13:58:39 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2010/11/17 22:54:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011/01/05 22:41:38 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/01/05 22:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/01/05 22:26:56 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/10/08 00:58:14 | 000,331,776 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService)
SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/18 00:47:12 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011/02/01 23:24:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 23:24:38 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/03 21:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010/11/03 21:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2010/11/03 20:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/08/30 17:10:10 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/15 04:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/24 06:47:02 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/03/24 06:47:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/02/18 01:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/04 04:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/28 20:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/17 22:54:00 | 000,025,576 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010/11/04 14:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/11/04 12:31:44 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2010/10/20 03:12:58 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2010/10/20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/10/09 14:35:38 | 001,801,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010/05/07 04:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/19 14:45:08 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 07:31:30 | 000,021,104 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FBIOSDRV.sys -- (FBIOSDRV)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 12:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
DRV:64bit: - [2006/11/01 12:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{C0630AEE-4BAC-43B7-A18E-B2EBC79040D8}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{C0630AEE-4BAC-43B7-A18E-B2EBC79040D8}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1765999781-1637744850-3706973165-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
IE - HKU\S-1-5-21-1765999781-1637744850-3706973165-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1765999781-1637744850-3706973165-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1765999781-1637744850-3706973165-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
IE - HKU\S-1-5-21-1765999781-1637744850-3706973165-1001\..\SearchScopes,DefaultScope = {C0630AEE-4BAC-43B7-A18E-B2EBC79040D8}
IE - HKU\S-1-5-21-1765999781-1637744850-3706973165-1001\..\SearchScopes\{C0630AEE-4BAC-43B7-A18E-B2EBC79040D8}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG_deSE499
IE - HKU\S-1-5-21-1765999781-1637744850-3706973165-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/08/30 17:43:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/08/30 17:43:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/08/30 17:43:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/31 20:48:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/08/31 20:49:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sofiab\AppData\Roaming\mozilla\Extensions
[2012/08/31 20:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sofiab\AppData\Roaming\mozilla\Firefox\Profiles\jnze214t.default\extensions
[2012/08/31 20:48:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/08/25 04:00:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/08/25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/08/25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/08/25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1765999781-1637744850-3706973165-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk =  File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1765999781-1637744850-3706973165-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{550FB206-83ED-47EA-BD6C-C0B590A722D8}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/09/01 15:10:58 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\sofiab\Desktop\OTL.exe
[2012/09/01 14:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/01 14:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/09/01 14:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/09/01 14:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/09/01 14:14:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/01 13:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/09/01 13:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/01 13:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/01 11:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/09/01 11:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012/09/01 11:10:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2012/08/31 21:22:57 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Roaming\Malwarebytes
[2012/08/31 21:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/31 21:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/31 21:20:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/31 21:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/31 20:49:13 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Roaming\Mozilla
[2012/08/31 20:49:13 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Local\Mozilla
[2012/08/31 20:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/08/31 20:42:56 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Roaming\vlc
[2012/08/31 20:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/08/31 20:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/08/31 20:36:15 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Roaming\calibre
[2012/08/31 20:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2012/08/31 20:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012/08/31 20:26:11 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Local\Intel WiDi
[2012/08/31 15:46:09 | 000,000,000 | ---D | C] -- C:\Users\sofiab\Documents\My Kindle Content
[2012/08/31 15:45:56 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/08/31 15:45:50 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Local\Amazon
[2012/08/31 15:31:41 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Local\Adobe
[2012/08/31 15:31:40 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Roaming\Adobe
[2012/08/31 15:30:17 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Local\Microsoft Games
[2012/08/31 09:33:49 | 000,000,000 | ---D | C] -- C:\Users\sofiab\Application Data
[2012/08/31 09:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/08/31 09:31:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012/08/31 09:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012/08/31 09:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/08/31 09:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/08/31 09:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
[2012/08/31 09:29:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/08/31 09:28:54 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Local\Microsoft Help
[2012/08/31 09:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/08/31 09:28:41 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/08/31 08:07:49 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Local\Diagnostics
[2012/08/31 01:29:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2012/08/31 01:29:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2012/08/31 00:58:42 | 000,662,016 | ---- | C] (Sonix) -- C:\Windows\vsnp2uvc.exe
[2012/08/31 00:58:42 | 000,375,808 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysNative\vsnp2uvc.dll
[2012/08/31 00:58:42 | 000,306,176 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysWow64\vsnp2uvc.dll
[2012/08/31 00:58:42 | 000,242,176 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysNative\csnp2uvc.dll
[2012/08/31 00:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SNP2UVC
[2012/08/31 00:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FJ Camera
[2012/08/31 00:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2012/08/31 00:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2012/08/31 00:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012/08/31 00:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012/08/31 00:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012/08/31 00:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/08/31 00:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/08/31 00:54:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/08/31 00:54:00 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/08/31 00:54:00 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/08/31 00:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/08/30 17:20:57 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Roaming\Google
[2012/08/30 17:20:56 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Local\Google
[2012/08/30 17:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012/08/30 17:10:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/08/30 17:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/08/30 17:10:10 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/08/30 16:53:05 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Roaming\Fujitsu Launch Center
[2012/08/30 16:52:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/30 16:50:51 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Local\VirtualStore
[2012/08/30 16:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
[2012/08/30 16:50:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel Corporation
[2012/08/30 16:50:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2012/08/30 16:50:27 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2012/08/30 16:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2012/08/30 16:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012/08/30 16:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LifeBook Application Panel
[2012/08/30 16:48:34 | 000,000,000 | ---D | C] -- C:\Windows\qsacfg
[2012/08/30 16:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Fujitsu
[2012/08/30 16:44:51 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Local\PackageAware
[2012/08/30 16:44:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eBay
[2012/08/30 16:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/30 16:33:18 | 000,000,000 | -HSD | C] -- C:\Users\sofiab\Vorlagen
[2012/08/30 16:33:18 | 000,000,000 | -HSD | C] -- C:\Users\sofiab\AppData\Local\Verlauf
[2012/08/30 16:33:18 | 000,000,000 | -HSD | C] -- C:\Users\sofiab\AppData\Local\Temporary Internet Files
[2012/08/30 16:33:18 | 000,000,000 | -HSD | C] -- C:\Users\sofiab\Startmenü
[2012/08/30 16:33:18 | 000,000,000 | -HSD | C] -- C:\Users\sofiab\SendTo
[2012/08/30 16:33:18 | 000,000,000 | -HSD | C] -- C:\Users\sofiab\Recent
[2012/08/30 16:33:18 | 000,000,000 | -HSD | C] -- C:\Users\sofiab\Netzwerkumgebung
[2012/08/30 16:33:18 | 000,000,000 | -HSD | C] -- C:\Users\sofiab\Lokale Einstellungen
[2012/08/30 16:33:18 | 000,000,000 | -HSD | C] -- C:\Users\sofiab\Documents\Eigene Videos
[2012/08/30 16:33:18 | 000,000,000 | -HSD | C] -- C:\Users\sofiab\Documents\Eigene Musik
[2012/08/30 16:33:18 | 000,000,000 | -HSD | C] -- C:\Users\sofiab\Eigene Dateien
[2012/08/30 16:33:18 | 000,000,000 | -HSD | C] -- C:\Users\sofiab\Documents\Eigene Bilder
[2012/08/30 16:33:18 | 000,000,000 | -HSD | C] -- C:\Users\sofiab\Druckumgebung
[2012/08/30 16:33:18 | 000,000,000 | -HSD | C] -- C:\Users\sofiab\Cookies
[2012/08/30 16:33:18 | 000,000,000 | -HSD | C] -- C:\Users\sofiab\AppData\Local\Anwendungsdaten
[2012/08/30 16:33:18 | 000,000,000 | -HSD | C] -- C:\Users\sofiab\Anwendungsdaten
[2012/08/30 16:33:17 | 000,000,000 | --SD | C] -- C:\Users\sofiab\AppData\Roaming\Microsoft
[2012/08/30 16:33:17 | 000,000,000 | R--D | C] -- C:\Users\sofiab\Videos
[2012/08/30 16:33:17 | 000,000,000 | R--D | C] -- C:\Users\sofiab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/08/30 16:33:17 | 000,000,000 | R--D | C] -- C:\Users\sofiab\Searches
[2012/08/30 16:33:17 | 000,000,000 | R--D | C] -- C:\Users\sofiab\Saved Games
[2012/08/30 16:33:17 | 000,000,000 | R--D | C] -- C:\Users\sofiab\Pictures
[2012/08/30 16:33:17 | 000,000,000 | R--D | C] -- C:\Users\sofiab\Music
[2012/08/30 16:33:17 | 000,000,000 | R--D | C] -- C:\Users\sofiab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/30 16:33:17 | 000,000,000 | R--D | C] -- C:\Users\sofiab\Links
[2012/08/30 16:33:17 | 000,000,000 | R--D | C] -- C:\Users\sofiab\Favorites
[2012/08/30 16:33:17 | 000,000,000 | R--D | C] -- C:\Users\sofiab\Downloads
[2012/08/30 16:33:17 | 000,000,000 | R--D | C] -- C:\Users\sofiab\Documents
[2012/08/30 16:33:17 | 000,000,000 | R--D | C] -- C:\Users\sofiab\Desktop
[2012/08/30 16:33:17 | 000,000,000 | R--D | C] -- C:\Users\sofiab\Contacts
[2012/08/30 16:33:17 | 000,000,000 | R--D | C] -- C:\Users\sofiab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/08/30 16:33:17 | 000,000,000 | R--D | C] -- C:\Users\sofiab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/30 16:33:17 | 000,000,000 | -H-D | C] -- C:\Users\sofiab\AppData
[2012/08/30 16:33:17 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Local\Windows Live
[2012/08/30 16:33:17 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Local\Temp
[2012/08/30 16:33:17 | 000,000,000 | ---D | C] -- C:\Users\sofiab\Roaming
[2012/08/30 16:33:17 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Local\Microsoft
[2012/08/30 16:33:17 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Roaming\Intel
[2012/08/30 16:33:17 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Roaming\Identities
[2012/08/30 16:33:17 | 000,000,000 | ---D | C] -- C:\Users\sofiab\AppData\Roaming\Fujitsu
[2012/08/30 16:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/08/30 16:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/08/30 16:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/08/30 16:31:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/01 15:11:01 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\sofiab\Desktop\OTL.exe
[2012/09/01 14:44:59 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/01 14:44:59 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/01 14:44:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/01 14:41:33 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/01 14:41:33 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/09/01 14:41:33 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/01 14:41:33 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/09/01 14:41:33 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/01 14:38:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/01 14:37:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/01 14:37:28 | 2078,765,055 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/01 14:36:09 | 000,511,265 | ---- | M] () -- C:\Users\sofiab\Desktop\adwcleaner.exe
[2012/09/01 14:14:32 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/09/01 13:57:12 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/01 13:22:58 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/01 11:19:26 | 001,589,650 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/31 21:20:49 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/08/31 20:48:57 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/31 20:41:14 | 000,001,190 | ---- | M] () -- C:\Users\sofiab\Desktop\Startfenster.lnk
[2012/08/31 20:36:09 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/08/31 15:46:01 | 000,002,245 | ---- | M] () -- C:\Users\sofiab\Desktop\Kindle.lnk
[2012/08/31 01:30:58 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/08/31 01:30:58 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/08/31 00:57:42 | 000,000,083 | ---- | M] () -- C:\Windows\SysNative\IHV_Install.bat
[2012/08/30 17:43:12 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/08/30 17:43:12 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/08/30 17:14:11 | 000,017,408 | ---- | M] () -- C:\Users\sofiab\AppData\Local\WebpageIcons.db
[2012/08/30 17:10:10 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/08/30 16:53:01 | 000,001,127 | ---- | M] () -- C:\Users\sofiab\Desktop\CyberLink YouCam.lnk
[2012/08/30 16:51:20 | 000,000,012 | ---- | M] () -- C:\Windows\SysWow64\drivers\10CF_FUJITSU_FTS_LIFEBOOK AH531 GFO_PI_FUJITSU_FJNBB10_Default System BIOS_FUJ - 1_1.24_Intel(R) HD Graphics Family_NVIDIA GeForce GT 525M .MRK
[2012/08/30 16:51:20 | 000,000,012 | ---- | M] () -- C:\Windows\SysNative\drivers\10CF_FUJITSU_FTS_LIFEBOOK AH531 GFO_PI_FUJITSU_FJNBB10_Default System BIOS_FUJ - 1_1.24_Intel(R) HD Graphics Family_NVIDIA GeForce GT 525M .MRK
[2012/08/30 16:50:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iwdbus_01009.Wdf
[2012/08/30 16:50:44 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\Intel(R) WiDi.lnk
[2012/08/30 16:43:50 | 000,001,280 | ---- | M] () -- C:\Windows\SysWow64\TRACE.trace
[2012/08/30 16:33:42 | 000,015,866 | ---- | M] () -- C:\Windows\SysNative\results.xml
 
========== Files Created - No Company Name ==========
 
[2012/09/01 14:36:03 | 000,511,265 | ---- | C] () -- C:\Users\sofiab\Desktop\adwcleaner.exe
[2012/09/01 14:14:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/09/01 14:14:32 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/09/01 13:22:58 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/31 21:20:49 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/08/31 20:48:57 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/31 20:48:57 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/31 20:40:49 | 000,001,190 | ---- | C] () -- C:\Users\sofiab\Desktop\Startfenster.lnk
[2012/08/31 20:36:09 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/08/31 15:46:01 | 000,002,245 | ---- | C] () -- C:\Users\sofiab\Desktop\Kindle.lnk
[2012/08/31 00:58:42 | 001,801,216 | ---- | C] () -- C:\Windows\SysNative\drivers\snp2uvc.sys
[2012/08/31 00:58:42 | 000,245,760 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2012/08/31 00:58:42 | 000,240,640 | ---- | C] ( ) -- C:\Windows\SysNative\rsnp2uvc.dll
[2012/08/31 00:58:42 | 000,035,456 | ---- | C] () -- C:\Windows\SysNative\drivers\sncduvc.sys
[2012/08/31 00:58:42 | 000,024,576 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2012/08/31 00:58:42 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2012/08/31 00:58:42 | 000,013,021 | ---- | C] () -- C:\Windows\snp2uvc.src
[2012/08/31 00:57:42 | 000,000,083 | ---- | C] () -- C:\Windows\SysNative\IHV_Install.bat
[2012/08/31 00:56:45 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2012/08/31 00:54:01 | 000,007,624 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/08/31 00:51:27 | 2078,765,055 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/30 17:14:11 | 000,017,408 | ---- | C] () -- C:\Users\sofiab\AppData\Local\WebpageIcons.db
[2012/08/30 17:13:03 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/08/30 17:13:03 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/08/30 16:51:20 | 000,000,012 | ---- | C] () -- C:\Windows\SysWow64\drivers\10CF_FUJITSU_FTS_LIFEBOOK AH531 GFO_PI_FUJITSU_FJNBB10_Default System BIOS_FUJ - 1_1.24_Intel(R) HD Graphics Family_NVIDIA GeForce GT 525M .MRK
[2012/08/30 16:51:20 | 000,000,012 | ---- | C] () -- C:\Windows\SysNative\drivers\10CF_FUJITSU_FTS_LIFEBOOK AH531 GFO_PI_FUJITSU_FJNBB10_Default System BIOS_FUJ - 1_1.24_Intel(R) HD Graphics Family_NVIDIA GeForce GT 525M .MRK
[2012/08/30 16:50:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iwdbus_01009.Wdf
[2012/08/30 16:50:44 | 000,002,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) WiDi.lnk
[2012/08/30 16:50:44 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\Intel(R) WiDi.lnk
[2012/08/30 16:50:27 | 000,001,127 | ---- | C] () -- C:\Users\sofiab\Desktop\CyberLink YouCam.lnk
[2012/08/30 16:33:54 | 000,001,280 | ---- | C] () -- C:\Windows\SysWow64\TRACE.trace
[2012/08/30 16:33:17 | 000,001,449 | ---- | C] () -- C:\Users\sofiab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/30 16:33:17 | 000,001,415 | ---- | C] () -- C:\Users\sofiab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/08/30 16:33:00 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/30 16:32:59 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/07 19:16:59 | 001,589,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/02 02:21:18 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/05/02 02:21:15 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/05/02 02:21:12 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/05/02 02:21:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/05/02 02:21:06 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2010/11/25 06:43:32 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
 
========== LOP Check ==========
 
[2011/05/07 21:24:53 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Fujitsu
[2011/05/07 21:24:53 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Fujitsu
[2012/08/31 20:39:05 | 000,000,000 | ---D | M] -- C:\Users\sofiab\AppData\Roaming\calibre
[2011/05/07 21:24:53 | 000,000,000 | ---D | M] -- C:\Users\sofiab\AppData\Roaming\Fujitsu
[2012/08/30 16:53:11 | 000,000,000 | ---D | M] -- C:\Users\sofiab\AppData\Roaming\Fujitsu Launch Center
[2009/07/14 07:08:49 | 000,011,908 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012/08/31 15:31:40 | 000,000,000 | ---D | M] -- C:\Users\sofiab\AppData\Roaming\Adobe
[2012/08/31 20:39:05 | 000,000,000 | ---D | M] -- C:\Users\sofiab\AppData\Roaming\calibre
[2011/05/07 21:24:53 | 000,000,000 | ---D | M] -- C:\Users\sofiab\AppData\Roaming\Fujitsu
[2012/08/30 16:53:11 | 000,000,000 | ---D | M] -- C:\Users\sofiab\AppData\Roaming\Fujitsu Launch Center
[2012/08/31 08:11:36 | 000,000,000 | ---D | M] -- C:\Users\sofiab\AppData\Roaming\Google
[2010/11/21 04:51:08 | 000,000,000 | ---D | M] -- C:\Users\sofiab\AppData\Roaming\Identities
[2012/08/31 00:57:48 | 000,000,000 | ---D | M] -- C:\Users\sofiab\AppData\Roaming\Intel
[2012/08/31 21:22:57 | 000,000,000 | ---D | M] -- C:\Users\sofiab\AppData\Roaming\Malwarebytes
[2012/08/31 20:09:34 | 000,000,000 | --SD | M] -- C:\Users\sofiab\AppData\Roaming\Microsoft
[2012/08/31 20:49:19 | 000,000,000 | ---D | M] -- C:\Users\sofiab\AppData\Roaming\Mozilla
[2012/08/31 20:44:33 | 000,000,000 | ---D | M] -- C:\Users\sofiab\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_8d262bb914685338\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.21642_none_18a01f1dee8824aa\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\drivers\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\drivers\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011/02/18 01:11:54 | 000,439,320 | ---- | M] (Intel Corporation) MD5=53CC5BF8B5A219119953C7ABB19A7705 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_52b32c0ad3e84c62\iaStor.sys
[2011/02/18 01:11:54 | 000,439,320 | ---- | M] (Intel Corporation) MD5=53CC5BF8B5A219119953C7ABB19A7705 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_4ca1adddb76532a1\iaStor.sys
[2011/02/18 01:11:54 | 000,439,320 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\drivers\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\drivers\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

cosinus · 02.09.2012, 20:48

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - user.js - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk =  File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Kuss80 · 02.09.2012, 22:21

Bitte sehr:

Code:

ATTFilter

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk moved successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk scheduled to be moved on reboot.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\sofiab\Desktop\cmd.bat deleted successfully.
C:\Users\sofiab\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: sofiab
->Temp folder emptied: 172155287 bytes
->Temporary Internet Files folder emptied: 1396394 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 991891111 bytes
->Flash cache emptied: 2383 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4938265 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 114156385 bytes
 
Total Files Cleaned = 1,225.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: sofiab
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.59.1 log created on 09022012_231316

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk not found!
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk not found!
C:\Users\sofiab\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 03.09.2012, 19:51

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Kuss80 · 08.09.2012, 14:31

War die Woche geschäftlich unterwegs, daher jetzt erst das gewünschte Log:

Code:

ATTFilter

15:26:15.0651 3704  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:26:15.0713 3704  ============================================================
15:26:15.0713 3704  Current date / time: 2012/09/08 15:26:15.0713
15:26:15.0713 3704  SystemInfo:
15:26:15.0713 3704  
15:26:15.0713 3704  OS Version: 6.1.7601 ServicePack: 1.0
15:26:15.0713 3704  Product type: Workstation
15:26:15.0713 3704  ComputerName: SOFIAB-PC
15:26:15.0713 3704  UserName: sofiab
15:26:15.0713 3704  Windows directory: C:\Windows
15:26:15.0713 3704  System windows directory: C:\Windows
15:26:15.0713 3704  Running under WOW64
15:26:15.0713 3704  Processor architecture: Intel x64
15:26:15.0713 3704  Number of processors: 4
15:26:15.0713 3704  Page size: 0x1000
15:26:15.0713 3704  Boot type: Normal boot
15:26:15.0713 3704  ============================================================
15:26:16.0072 3704  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:26:16.0072 3704  ============================================================
15:26:16.0072 3704  \Device\Harddisk0\DR0:
15:26:16.0072 3704  MBR partitions:
15:26:16.0087 3704  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x424000, BlocksNum 0x1F600800
15:26:16.0103 3704  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1FA25000, BlocksNum 0x35603000
15:26:16.0134 3704  ============================================================
15:26:16.0181 3704  C: <-> \Device\Harddisk0\DR0\Partition1
15:26:16.0212 3704  D: <-> \Device\Harddisk0\DR0\Partition2
15:26:16.0212 3704  ============================================================
15:26:16.0212 3704  Initialize success
15:26:16.0212 3704  ============================================================
15:26:47.0927 2948  ============================================================
15:26:47.0927 2948  Scan started
15:26:47.0927 2948  Mode: Manual; SigCheck; TDLFS; 
15:26:47.0927 2948  ============================================================
15:26:48.0192 2948  ================ Scan services =============================
15:26:48.0395 2948  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:26:48.0489 2948  1394ohci - ok
15:26:48.0535 2948  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:26:48.0551 2948  ACPI - ok
15:26:48.0582 2948  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:26:48.0629 2948  AcpiPmi - ok
15:26:48.0738 2948  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:26:48.0754 2948  AdobeARMservice - ok
15:26:48.0832 2948  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:26:48.0847 2948  adp94xx - ok
15:26:48.0894 2948  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:26:48.0910 2948  adpahci - ok
15:26:48.0957 2948  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:26:48.0972 2948  adpu320 - ok
15:26:48.0988 2948  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:26:49.0050 2948  AeLookupSvc - ok
15:26:49.0081 2948  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:26:49.0113 2948  AFD - ok
15:26:49.0159 2948  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:26:49.0191 2948  agp440 - ok
15:26:49.0206 2948  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:26:49.0269 2948  ALG - ok
15:26:49.0300 2948  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:26:49.0331 2948  aliide - ok
15:26:49.0347 2948  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:26:49.0362 2948  amdide - ok
15:26:49.0409 2948  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:26:49.0440 2948  AmdK8 - ok
15:26:49.0456 2948  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:26:49.0503 2948  AmdPPM - ok
15:26:49.0534 2948  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:26:49.0549 2948  amdsata - ok
15:26:49.0581 2948  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:26:49.0596 2948  amdsbs - ok
15:26:49.0612 2948  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:26:49.0612 2948  amdxata - ok
15:26:49.0674 2948  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:26:49.0737 2948  AppID - ok
15:26:49.0768 2948  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:26:49.0815 2948  AppIDSvc - ok
15:26:49.0830 2948  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
15:26:49.0861 2948  Appinfo - ok
15:26:49.0908 2948  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
15:26:49.0939 2948  arc - ok
15:26:49.0971 2948  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:26:50.0002 2948  arcsas - ok
15:26:50.0095 2948  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:26:50.0127 2948  aspnet_state - ok
15:26:50.0158 2948  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:26:50.0205 2948  AsyncMac - ok
15:26:50.0236 2948  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:26:50.0236 2948  atapi - ok
15:26:50.0283 2948  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:26:50.0361 2948  AudioEndpointBuilder - ok
15:26:50.0376 2948  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:26:50.0407 2948  AudioSrv - ok
15:26:50.0579 2948  [ 2718DC27571BD1E37813F5759D2DC118 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
15:26:50.0626 2948  AVP - ok
15:26:50.0657 2948  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:26:50.0704 2948  AxInstSV - ok
15:26:50.0735 2948  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:26:50.0766 2948  b06bdrv - ok
15:26:50.0813 2948  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:26:50.0844 2948  b57nd60a - ok
15:26:50.0891 2948  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:26:50.0938 2948  BDESVC - ok
15:26:50.0938 2948  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:26:51.0000 2948  Beep - ok
15:26:51.0063 2948  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:26:51.0141 2948  BFE - ok
15:26:51.0172 2948  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:26:51.0203 2948  BITS - ok
15:26:51.0250 2948  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:26:51.0297 2948  blbdrive - ok
15:26:51.0406 2948  [ 093B1B419EF25B15D3A1CA6953F41AFB ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
15:26:51.0437 2948  Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
15:26:51.0437 2948  Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
15:26:51.0468 2948  [ 03A7341E94ACD92E0831336D4F3ACE92 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
15:26:51.0515 2948  Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
15:26:51.0515 2948  Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
15:26:51.0593 2948  [ A2EBF384ED105FED7D05C5465500EF2E ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
15:26:51.0624 2948  Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning
15:26:51.0624 2948  Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)
15:26:51.0671 2948  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:26:51.0702 2948  bowser - ok
15:26:51.0733 2948  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:26:51.0765 2948  BrFiltLo - ok
15:26:51.0796 2948  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:26:51.0827 2948  BrFiltUp - ok
15:26:51.0858 2948  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:26:51.0889 2948  Browser - ok
15:26:51.0936 2948  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:26:51.0983 2948  Brserid - ok
15:26:51.0999 2948  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:26:52.0045 2948  BrSerWdm - ok
15:26:52.0092 2948  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:26:52.0139 2948  BrUsbMdm - ok
15:26:52.0155 2948  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:26:52.0186 2948  BrUsbSer - ok
15:26:52.0217 2948  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
15:26:52.0264 2948  BthEnum - ok
15:26:52.0295 2948  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:26:52.0342 2948  BTHMODEM - ok
15:26:52.0373 2948  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:26:52.0420 2948  BthPan - ok
15:26:52.0482 2948  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
15:26:52.0545 2948  BTHPORT - ok
15:26:52.0576 2948  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:26:52.0607 2948  bthserv - ok
15:26:52.0623 2948  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
15:26:52.0654 2948  BTHUSB - ok
15:26:52.0701 2948  [ 16C1BAC9760C9FA85A30F3FA0FBB1B7A ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
15:26:52.0716 2948  btmaux - ok
15:26:52.0747 2948  [ 0C468D8DA95BE16BFDD380BB9DE88259 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
15:26:52.0794 2948  btmhsf - ok
15:26:52.0825 2948  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:26:52.0903 2948  cdfs - ok
15:26:52.0935 2948  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:26:52.0966 2948  cdrom - ok
15:26:52.0981 2948  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:26:53.0059 2948  CertPropSvc - ok
15:26:53.0106 2948  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
15:26:53.0153 2948  circlass - ok
15:26:53.0169 2948  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:26:53.0200 2948  CLFS - ok
15:26:53.0247 2948  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:26:53.0262 2948  clr_optimization_v2.0.50727_32 - ok
15:26:53.0293 2948  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:26:53.0309 2948  clr_optimization_v2.0.50727_64 - ok
15:26:53.0356 2948  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:26:53.0387 2948  clr_optimization_v4.0.30319_32 - ok
15:26:53.0387 2948  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:26:53.0403 2948  clr_optimization_v4.0.30319_64 - ok
15:26:53.0434 2948  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:26:53.0434 2948  CmBatt - ok
15:26:53.0465 2948  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:26:53.0465 2948  cmdide - ok
15:26:53.0496 2948  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
15:26:53.0527 2948  CNG - ok
15:26:53.0574 2948  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:26:53.0574 2948  Compbatt - ok
15:26:53.0637 2948  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:26:53.0668 2948  CompositeBus - ok
15:26:53.0683 2948  COMSysApp - ok
15:26:53.0715 2948  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:26:53.0715 2948  crcdisk - ok
15:26:53.0761 2948  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:26:53.0777 2948  CryptSvc - ok
15:26:53.0808 2948  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:26:53.0871 2948  DcomLaunch - ok
15:26:53.0902 2948  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:26:53.0964 2948  defragsvc - ok
15:26:53.0995 2948  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:26:54.0089 2948  DfsC - ok
15:26:54.0136 2948  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:26:54.0229 2948  Dhcp - ok
15:26:54.0261 2948  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:26:54.0323 2948  discache - ok
15:26:54.0370 2948  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
15:26:54.0385 2948  Disk - ok
15:26:54.0417 2948  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:26:54.0463 2948  Dnscache - ok
15:26:54.0479 2948  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:26:54.0526 2948  dot3svc - ok
15:26:54.0526 2948  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:26:54.0588 2948  DPS - ok
15:26:54.0619 2948  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:26:54.0666 2948  drmkaud - ok
15:26:54.0744 2948  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:26:54.0775 2948  DXGKrnl - ok
15:26:54.0807 2948  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:26:54.0869 2948  EapHost - ok
15:26:54.0947 2948  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:26:54.0994 2948  ebdrv - ok
15:26:55.0025 2948  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:26:55.0056 2948  EFS - ok
15:26:55.0119 2948  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:26:55.0165 2948  ehRecvr - ok
15:26:55.0181 2948  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:26:55.0243 2948  ehSched - ok
15:26:55.0259 2948  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:26:55.0290 2948  elxstor - ok
15:26:55.0321 2948  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:26:55.0353 2948  ErrDev - ok
15:26:55.0399 2948  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:26:55.0462 2948  EventSystem - ok
15:26:55.0602 2948  [ 7EE9F35BC1DD0CE1A4976032F9AC5162 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:26:55.0649 2948  EvtEng - ok
15:26:55.0680 2948  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:26:55.0727 2948  exfat - ok
15:26:55.0743 2948  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:26:55.0774 2948  fastfat - ok
15:26:55.0821 2948  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:26:55.0867 2948  Fax - ok
15:26:55.0914 2948  [ 9955BF48FD2FA8D481848CD3024EDD0B ] FBIOSDRV        C:\Windows\system32\Drivers\FBIOSDRV.sys
15:26:55.0914 2948  FBIOSDRV - ok
15:26:55.0945 2948  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
15:26:55.0977 2948  fdc - ok
15:26:55.0992 2948  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:26:56.0055 2948  fdPHost - ok
15:26:56.0055 2948  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:26:56.0086 2948  FDResPub - ok
15:26:56.0101 2948  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:26:56.0117 2948  FileInfo - ok
15:26:56.0133 2948  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:26:56.0179 2948  Filetrace - ok
15:26:56.0211 2948  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:26:56.0226 2948  flpydisk - ok
15:26:56.0257 2948  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:26:56.0289 2948  FltMgr - ok
15:26:56.0335 2948  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
15:26:56.0367 2948  FontCache - ok
15:26:56.0413 2948  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:26:56.0429 2948  FontCache3.0.0.0 - ok
15:26:56.0445 2948  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:26:56.0460 2948  FsDepends - ok
15:26:56.0491 2948  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:26:56.0507 2948  Fs_Rec - ok
15:26:56.0538 2948  [ BA0C1FFDA496D8BCBCAC63F8D98D20E3 ] FUJ02B1         C:\Windows\system32\DRIVERS\FUJ02B1.sys
15:26:56.0554 2948  FUJ02B1 - ok
15:26:56.0585 2948  [ 7135030CBF87D724B6037BB023923730 ] FUJ02E3         C:\Windows\system32\drivers\FUJ02E3.sys
15:26:56.0616 2948  FUJ02E3 - ok
15:26:56.0647 2948  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:26:56.0679 2948  fvevol - ok
15:26:56.0710 2948  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:26:56.0725 2948  gagp30kx - ok
15:26:56.0772 2948  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:26:56.0835 2948  gpsvc - ok
15:26:56.0928 2948  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:26:56.0944 2948  gupdate - ok
15:26:56.0991 2948  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:26:57.0022 2948  gupdatem - ok
15:26:57.0069 2948  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:26:57.0084 2948  gusvc - ok
15:26:57.0100 2948  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:26:57.0131 2948  hcw85cir - ok
15:26:57.0162 2948  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:26:57.0193 2948  HdAudAddService - ok
15:26:57.0209 2948  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:26:57.0225 2948  HDAudBus - ok
15:26:57.0256 2948  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:26:57.0271 2948  HidBatt - ok
15:26:57.0287 2948  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:26:57.0303 2948  HidBth - ok
15:26:57.0318 2948  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:26:57.0334 2948  HidIr - ok
15:26:57.0365 2948  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:26:57.0427 2948  hidserv - ok
15:26:57.0459 2948  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
15:26:57.0459 2948  HidUsb - ok
15:26:57.0490 2948  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:26:57.0568 2948  hkmsvc - ok
15:26:57.0583 2948  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:26:57.0599 2948  HomeGroupListener - ok
15:26:57.0630 2948  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:26:57.0661 2948  HomeGroupProvider - ok
15:26:57.0693 2948  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:26:57.0708 2948  HpSAMD - ok
15:26:57.0739 2948  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:26:57.0786 2948  HTTP - ok
15:26:57.0802 2948  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:26:57.0802 2948  hwpolicy - ok
15:26:57.0849 2948  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:26:57.0880 2948  i8042prt - ok
15:26:57.0911 2948  [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
15:26:57.0927 2948  iaStor - ok
15:26:57.0958 2948  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:26:57.0989 2948  iaStorV - ok
15:26:58.0005 2948  [ FC85972037815FA7B413E790B426ACB2 ] iBtFltCoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
15:26:58.0036 2948  iBtFltCoex - ok
15:26:58.0067 2948  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:26:58.0098 2948  idsvc - ok
15:26:58.0332 2948  [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:26:58.0629 2948  igfx - ok
15:26:58.0660 2948  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:26:58.0675 2948  iirsp - ok
15:26:58.0707 2948  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:26:58.0785 2948  IKEEXT - ok
15:26:58.0831 2948  [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
15:26:58.0863 2948  intaud_WaveExtensible - ok
15:26:58.0956 2948  [ D492D3B5A8DDDE1D6621A8C53855EABF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:26:59.0003 2948  IntcAzAudAddService - ok
15:26:59.0034 2948  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
15:26:59.0050 2948  IntcDAud - ok
15:26:59.0081 2948  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:26:59.0081 2948  intelide - ok
15:26:59.0128 2948  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:26:59.0159 2948  intelppm - ok
15:26:59.0190 2948  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:26:59.0268 2948  IPBusEnum - ok
15:26:59.0284 2948  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:26:59.0315 2948  IpFilterDriver - ok
15:26:59.0346 2948  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:26:59.0424 2948  iphlpsvc - ok
15:26:59.0440 2948  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:26:59.0455 2948  IPMIDRV - ok
15:26:59.0487 2948  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:26:59.0549 2948  IPNAT - ok
15:26:59.0565 2948  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:26:59.0565 2948  IRENUM - ok
15:26:59.0596 2948  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:26:59.0596 2948  isapnp - ok
15:26:59.0627 2948  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:26:59.0643 2948  iScsiPrt - ok
15:26:59.0674 2948  [ 716F66336F10885D935B08174DC54242 ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
15:26:59.0674 2948  iwdbus - ok
15:26:59.0721 2948  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:26:59.0736 2948  kbdclass - ok
15:26:59.0783 2948  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:26:59.0814 2948  kbdhid - ok
15:26:59.0830 2948  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:26:59.0845 2948  KeyIso - ok
15:26:59.0892 2948  [ E656FE10D6D27794AFA08136685A69E8 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
15:26:59.0908 2948  KL1 - ok
15:26:59.0955 2948  [ D865DD8B0448E3F963D68C04C532858F ] kl2             C:\Windows\system32\DRIVERS\kl2.sys
15:26:59.0970 2948  kl2 - ok
15:27:00.0048 2948  [ C7D4F357C482DD37E2B05F34093B7B0C ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
15:27:00.0064 2948  KLIF - ok
15:27:00.0095 2948  [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
15:27:00.0126 2948  KLIM6 - ok
15:27:00.0142 2948  [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
15:27:00.0157 2948  klmouflt - ok
15:27:00.0173 2948  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:27:00.0189 2948  KSecDD - ok
15:27:00.0204 2948  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:27:00.0220 2948  KSecPkg - ok
15:27:00.0251 2948  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:27:00.0298 2948  ksthunk - ok
15:27:00.0329 2948  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:27:00.0360 2948  KtmRm - ok
15:27:00.0423 2948  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:27:00.0501 2948  LanmanServer - ok
15:27:00.0516 2948  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:27:00.0563 2948  LanmanWorkstation - ok
15:27:00.0594 2948  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:27:00.0672 2948  lltdio - ok
15:27:00.0703 2948  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:27:00.0750 2948  lltdsvc - ok
15:27:00.0766 2948  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:27:00.0781 2948  lmhosts - ok
15:27:00.0844 2948  [ 50C7CE53EF461870410355F1F2E7D515 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:27:00.0859 2948  LMS - ok
15:27:00.0906 2948  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:27:00.0937 2948  LSI_FC - ok
15:27:00.0953 2948  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:27:00.0969 2948  LSI_SAS - ok
15:27:00.0969 2948  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:27:00.0984 2948  LSI_SAS2 - ok
15:27:01.0000 2948  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:27:01.0015 2948  LSI_SCSI - ok
15:27:01.0031 2948  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:27:01.0062 2948  luafv - ok
15:27:01.0093 2948  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:27:01.0109 2948  Mcx2Svc - ok
15:27:01.0203 2948  [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
15:27:01.0249 2948  MDM ( UnsignedFile.Multi.Generic ) - warning
15:27:01.0249 2948  MDM - detected UnsignedFile.Multi.Generic (1)
15:27:01.0281 2948  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:27:01.0296 2948  megasas - ok
15:27:01.0327 2948  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:27:01.0343 2948  MegaSR - ok
15:27:01.0374 2948  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
15:27:01.0390 2948  MEIx64 - ok
15:27:01.0561 2948  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:27:01.0593 2948  Microsoft Office Groove Audit Service - ok
15:27:01.0624 2948  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:27:01.0686 2948  MMCSS - ok
15:27:01.0717 2948  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:27:01.0795 2948  Modem - ok
15:27:01.0795 2948  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:27:01.0827 2948  monitor - ok
15:27:01.0842 2948  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
15:27:01.0858 2948  mouclass - ok
15:27:01.0873 2948  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
15:27:01.0905 2948  mouhid - ok
15:27:01.0920 2948  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:27:01.0936 2948  mountmgr - ok
15:27:01.0998 2948  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:27:02.0014 2948  MozillaMaintenance - ok
15:27:02.0045 2948  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:27:02.0061 2948  mpio - ok
15:27:02.0076 2948  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:27:02.0107 2948  mpsdrv - ok
15:27:02.0139 2948  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:27:02.0185 2948  MpsSvc - ok
15:27:02.0185 2948  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:27:02.0232 2948  MRxDAV - ok
15:27:02.0248 2948  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:27:02.0279 2948  mrxsmb - ok
15:27:02.0295 2948  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:27:02.0295 2948  mrxsmb10 - ok
15:27:02.0310 2948  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:27:02.0341 2948  mrxsmb20 - ok
15:27:02.0357 2948  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:27:02.0373 2948  msahci - ok
15:27:02.0388 2948  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:27:02.0404 2948  msdsm - ok
15:27:02.0419 2948  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:27:02.0435 2948  MSDTC - ok
15:27:02.0451 2948  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:27:02.0497 2948  Msfs - ok
15:27:02.0497 2948  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:27:02.0529 2948  mshidkmdf - ok
15:27:02.0544 2948  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:27:02.0560 2948  msisadrv - ok
15:27:02.0591 2948  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:27:02.0653 2948  MSiSCSI - ok
15:27:02.0669 2948  msiserver - ok
15:27:02.0685 2948  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:27:02.0716 2948  MSKSSRV - ok
15:27:02.0731 2948  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:27:02.0763 2948  MSPCLOCK - ok
15:27:02.0778 2948  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:27:02.0809 2948  MSPQM - ok
15:27:02.0825 2948  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:27:02.0841 2948  MsRPC - ok
15:27:02.0872 2948  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:27:02.0872 2948  mssmbios - ok
15:27:02.0903 2948  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:27:02.0950 2948  MSTEE - ok
15:27:02.0981 2948  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:27:03.0012 2948  MTConfig - ok
15:27:03.0028 2948  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:27:03.0043 2948  Mup - ok
15:27:03.0090 2948  [ 0CF5580F27918FFD2E165ECAFA734103 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
15:27:03.0106 2948  MyWiFiDHCPDNS - ok
15:27:03.0153 2948  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:27:03.0231 2948  napagent - ok
15:27:03.0277 2948  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:27:03.0324 2948  NativeWifiP - ok
15:27:03.0371 2948  [ C38B8AE57F78915905064A9A24DC1586 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:27:03.0402 2948  NDIS - ok
15:27:03.0433 2948  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:27:03.0465 2948  NdisCap - ok
15:27:03.0480 2948  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:27:03.0527 2948  NdisTapi - ok
15:27:03.0527 2948  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:27:03.0558 2948  Ndisuio - ok
15:27:03.0558 2948  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:27:03.0589 2948  NdisWan - ok
15:27:03.0605 2948  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:27:03.0621 2948  NDProxy - ok
15:27:03.0652 2948  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:27:03.0699 2948  NetBIOS - ok
15:27:03.0714 2948  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:27:03.0745 2948  NetBT - ok
15:27:03.0761 2948  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:27:03.0761 2948  Netlogon - ok
15:27:03.0808 2948  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:27:03.0870 2948  Netman - ok
15:27:03.0901 2948  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:27:03.0917 2948  NetMsmqActivator - ok
15:27:03.0917 2948  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:27:03.0933 2948  NetPipeActivator - ok
15:27:03.0948 2948  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:27:03.0979 2948  netprofm - ok
15:27:03.0979 2948  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:27:03.0995 2948  NetTcpActivator - ok
15:27:03.0995 2948  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:27:03.0995 2948  NetTcpPortSharing - ok
15:27:04.0167 2948  [ B9C587BDAA61A689883439D5AE6FE7F3 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
15:27:04.0401 2948  NETwNs64 - ok
15:27:04.0416 2948  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:27:04.0432 2948  nfrd960 - ok
15:27:04.0463 2948  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:27:04.0494 2948  NlaSvc - ok
15:27:04.0525 2948  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:27:04.0541 2948  Npfs - ok
15:27:04.0572 2948  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:27:04.0603 2948  nsi - ok
15:27:04.0619 2948  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:27:04.0650 2948  nsiproxy - ok
15:27:04.0681 2948  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:27:04.0713 2948  Ntfs - ok
15:27:04.0744 2948  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:27:04.0822 2948  Null - ok
15:27:05.0103 2948  [ 5BC23061D726C76F6A11F91E95216D89 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:27:05.0243 2948  nvlddmkm - ok
15:27:05.0259 2948  [ E04C0F26690DEBC5B33F180951B046A8 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
15:27:05.0274 2948  nvpciflt - ok
15:27:05.0274 2948  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:27:05.0290 2948  nvraid - ok
15:27:05.0305 2948  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:27:05.0305 2948  nvstor - ok
15:27:05.0352 2948  [ 392D78BDE7924BC255833071B290C74F ] NVSvc           C:\Windows\system32\nvvsvc.exe
15:27:05.0399 2948  NVSvc - ok
15:27:05.0430 2948  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:27:05.0430 2948  nv_agp - ok
15:27:05.0508 2948  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:27:05.0539 2948  odserv - ok
15:27:05.0586 2948  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:27:05.0617 2948  ohci1394 - ok
15:27:05.0664 2948  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:27:05.0680 2948  ose - ok
15:27:05.0711 2948  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:27:05.0727 2948  p2pimsvc - ok
15:27:05.0773 2948  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:27:05.0820 2948  p2psvc - ok
15:27:05.0836 2948  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
15:27:05.0867 2948  Parport - ok
15:27:05.0898 2948  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:27:05.0914 2948  partmgr - ok
15:27:05.0945 2948  Partner Service - ok
15:27:05.0976 2948  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:27:06.0039 2948  PcaSvc - ok
15:27:06.0054 2948  [ B26E102E0F54773119B162F56C9DD994 ] pci             C:\Windows\system32\drivers\pci.sys
15:27:06.0070 2948  pci - ok
15:27:06.0085 2948  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:27:06.0101 2948  pciide - ok
15:27:06.0117 2948  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:27:06.0132 2948  pcmcia - ok
15:27:06.0148 2948  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:27:06.0163 2948  pcw - ok
15:27:06.0163 2948  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:27:06.0210 2948  PEAUTH - ok
15:27:06.0273 2948  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:27:06.0304 2948  PerfHost - ok
15:27:06.0397 2948  [ 6CE8BB00A615A4F3FA2F36FDB2EF4EFA ] PFNService      C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
15:27:06.0413 2948  PFNService ( UnsignedFile.Multi.Generic ) - warning
15:27:06.0413 2948  PFNService - detected UnsignedFile.Multi.Generic (1)
15:27:06.0460 2948  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:27:06.0522 2948  pla - ok
15:27:06.0569 2948  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:27:06.0600 2948  PlugPlay - ok
15:27:06.0631 2948  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:27:06.0663 2948  PNRPAutoReg - ok
15:27:06.0663 2948  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:27:06.0694 2948  PNRPsvc - ok
15:27:06.0709 2948  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:27:06.0756 2948  PolicyAgent - ok
15:27:06.0787 2948  [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power           C:\Windows\system32\umpo.dll
15:27:06.0819 2948  Power - ok
15:27:06.0850 2948  [ 76FF4836EFA78DBF3F39F612D88CA7E7 ] PowerSavingUtilityService C:\Program Files\Fujitsu\PSUtility\PSUService.exe
15:27:06.0865 2948  PowerSavingUtilityService - ok
15:27:06.0912 2948  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:27:06.0975 2948  PptpMiniport - ok
15:27:06.0990 2948  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
15:27:07.0006 2948  Processor - ok
15:27:07.0037 2948  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:27:07.0053 2948  ProfSvc - ok
15:27:07.0068 2948  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:27:07.0068 2948  ProtectedStorage - ok
15:27:07.0115 2948  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:27:07.0177 2948  Psched - ok
15:27:07.0224 2948  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:27:07.0255 2948  ql2300 - ok
15:27:07.0271 2948  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:27:07.0287 2948  ql40xx - ok
15:27:07.0318 2948  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:27:07.0333 2948  QWAVE - ok
15:27:07.0349 2948  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:27:07.0396 2948  QWAVEdrv - ok
15:27:07.0411 2948  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:27:07.0443 2948  RasAcd - ok
15:27:07.0489 2948  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:27:07.0536 2948  RasAgileVpn - ok
15:27:07.0567 2948  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:27:07.0645 2948  RasAuto - ok
15:27:07.0661 2948  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:27:07.0708 2948  Rasl2tp - ok
15:27:07.0723 2948  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:27:07.0755 2948  RasMan - ok
15:27:07.0770 2948  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:27:07.0801 2948  RasPppoe - ok
15:27:07.0801 2948  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:27:07.0848 2948  RasSstp - ok
15:27:07.0864 2948  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:27:07.0895 2948  rdbss - ok
15:27:07.0911 2948  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
15:27:07.0942 2948  rdpbus - ok
15:27:07.0957 2948  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:27:08.0004 2948  RDPCDD - ok
15:27:08.0035 2948  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:27:08.0082 2948  RDPENCDD - ok
15:27:08.0082 2948  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:27:08.0113 2948  RDPREFMP - ok
15:27:08.0145 2948  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:27:08.0176 2948  RDPWD - ok
15:27:08.0191 2948  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:27:08.0207 2948  rdyboost - ok
15:27:08.0285 2948  [ AA9FD849C028CCB441A78061B57DB734 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:27:08.0316 2948  RegSrvc - ok
15:27:08.0347 2948  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:27:08.0441 2948  RemoteAccess - ok
15:27:08.0472 2948  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:27:08.0519 2948  RemoteRegistry - ok
15:27:08.0550 2948  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:27:08.0597 2948  RFCOMM - ok
15:27:08.0644 2948  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:27:08.0691 2948  RpcEptMapper - ok
15:27:08.0706 2948  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:27:08.0722 2948  RpcLocator - ok
15:27:08.0737 2948  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:27:08.0769 2948  RpcSs - ok
15:27:08.0815 2948  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:27:08.0878 2948  rspndr - ok
15:27:08.0940 2948  [ 22D6B47D004A6568C500680BE2972854 ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
15:27:08.0971 2948  RSUSBSTOR - ok
15:27:09.0003 2948  [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:27:09.0018 2948  RTL8167 - ok
15:27:09.0034 2948  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:27:09.0049 2948  SamSs - ok
15:27:09.0065 2948  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:27:09.0065 2948  sbp2port - ok
15:27:09.0096 2948  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:27:09.0159 2948  SCardSvr - ok
15:27:09.0190 2948  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:27:09.0221 2948  scfilter - ok
15:27:09.0252 2948  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:27:09.0299 2948  Schedule - ok
15:27:09.0315 2948  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:27:09.0330 2948  SCPolicySvc - ok
15:27:09.0361 2948  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:27:09.0377 2948  SDRSVC - ok
15:27:09.0408 2948  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:27:09.0439 2948  secdrv - ok
15:27:09.0439 2948  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:27:09.0471 2948  seclogon - ok
15:27:09.0486 2948  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:27:09.0517 2948  SENS - ok
15:27:09.0533 2948  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:27:09.0549 2948  SensrSvc - ok
15:27:09.0595 2948  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:27:09.0627 2948  Serenum - ok
15:27:09.0642 2948  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
15:27:09.0673 2948  Serial - ok
15:27:09.0689 2948  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:27:09.0720 2948  sermouse - ok
15:27:09.0751 2948  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:27:09.0798 2948  SessionEnv - ok
15:27:09.0814 2948  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:27:09.0829 2948  sffdisk - ok
15:27:09.0845 2948  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:27:09.0861 2948  sffp_mmc - ok
15:27:09.0876 2948  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:27:09.0907 2948  sffp_sd - ok
15:27:09.0939 2948  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:27:09.0970 2948  sfloppy - ok
15:27:10.0001 2948  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:27:10.0095 2948  SharedAccess - ok
15:27:10.0126 2948  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:27:10.0188 2948  ShellHWDetection - ok
15:27:10.0204 2948  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:27:10.0219 2948  SiSRaid2 - ok
15:27:10.0235 2948  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:27:10.0251 2948  SiSRaid4 - ok
15:27:10.0266 2948  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:27:10.0297 2948  Smb - ok
15:27:10.0344 2948  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:27:10.0344 2948  SNMPTRAP - ok
15:27:10.0422 2948  [ 9CD1C53490EB5601870A69A8E40F7B12 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
15:27:10.0469 2948  SNP2UVC - ok
15:27:10.0485 2948  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:27:10.0485 2948  spldr - ok
15:27:10.0531 2948  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:27:10.0547 2948  Spooler - ok
15:27:10.0656 2948  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:27:10.0734 2948  sppsvc - ok
15:27:10.0734 2948  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:27:10.0765 2948  sppuinotify - ok
15:27:10.0797 2948  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:27:10.0828 2948  srv - ok
15:27:10.0843 2948  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:27:10.0875 2948  srv2 - ok
15:27:10.0890 2948  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:27:10.0906 2948  srvnet - ok
15:27:10.0937 2948  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:27:10.0968 2948  SSDPSRV - ok
15:27:10.0999 2948  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:27:11.0015 2948  SstpSvc - ok
15:27:11.0046 2948  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:27:11.0062 2948  stexstor - ok
15:27:11.0109 2948  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:27:11.0155 2948  stisvc - ok
15:27:11.0155 2948  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:27:11.0171 2948  swenum - ok
15:27:11.0187 2948  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:27:11.0233 2948  swprv - ok
15:27:11.0296 2948  [ 3C08FB2829A5304825F974B1631DEDFA ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
15:27:11.0327 2948  SynTP - ok
15:27:11.0374 2948  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:27:11.0436 2948  SysMain - ok
15:27:11.0452 2948  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:27:11.0467 2948  TabletInputService - ok
15:27:11.0499 2948  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:27:11.0545 2948  TapiSrv - ok
15:27:11.0561 2948  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:27:11.0592 2948  TBS - ok
15:27:11.0655 2948  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:27:11.0717 2948  Tcpip - ok
15:27:11.0748 2948  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:27:11.0779 2948  TCPIP6 - ok
15:27:11.0795 2948  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:27:11.0826 2948  tcpipreg - ok
15:27:11.0826 2948  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:27:11.0857 2948  TDPIPE - ok
15:27:11.0873 2948  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:27:11.0889 2948  TDTCP - ok
15:27:11.0904 2948  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:27:11.0935 2948  tdx - ok
15:27:11.0982 2948  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:27:11.0998 2948  TermDD - ok
15:27:12.0029 2948  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:27:12.0076 2948  TermService - ok
15:27:12.0091 2948  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:27:12.0107 2948  Themes - ok
15:27:12.0138 2948  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:27:12.0154 2948  THREADORDER - ok
15:27:12.0185 2948  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:27:12.0263 2948  TrkWks - ok
15:27:12.0310 2948  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:27:12.0372 2948  TrustedInstaller - ok
15:27:12.0388 2948  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:27:12.0435 2948  tssecsrv - ok
15:27:12.0450 2948  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:27:12.0466 2948  TsUsbFlt - ok
15:27:12.0497 2948  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:27:12.0528 2948  TsUsbGD - ok
15:27:12.0575 2948  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:27:12.0637 2948  tunnel - ok
15:27:12.0653 2948  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:27:12.0669 2948  uagp35 - ok
15:27:12.0700 2948  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:27:12.0762 2948  udfs - ok
15:27:12.0793 2948  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:27:12.0809 2948  UI0Detect - ok
15:27:12.0825 2948  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:27:12.0840 2948  uliagpkx - ok
15:27:12.0871 2948  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:27:12.0903 2948  umbus - ok
15:27:12.0949 2948  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:27:12.0981 2948  UmPass - ok
15:27:13.0121 2948  [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:27:13.0168 2948  UNS - ok
15:27:13.0215 2948  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:27:13.0277 2948  upnphost - ok
15:27:13.0308 2948  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:27:13.0324 2948  usbccgp - ok
15:27:13.0371 2948  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:27:13.0402 2948  usbcir - ok
15:27:13.0417 2948  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:27:13.0464 2948  usbehci - ok
15:27:13.0511 2948  [ 8B892002D7B79312821169A14317AB86 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:27:13.0542 2948  usbhub - ok
15:27:13.0558 2948  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:27:13.0589 2948  usbohci - ok
15:27:13.0605 2948  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
15:27:13.0636 2948  usbprint - ok
15:27:13.0651 2948  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:27:13.0683 2948  USBSTOR - ok
15:27:13.0698 2948  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:27:13.0729 2948  usbuhci - ok
15:27:13.0745 2948  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
15:27:13.0776 2948  usbvideo - ok
15:27:13.0792 2948  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:27:13.0870 2948  UxSms - ok
15:27:13.0885 2948  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:27:13.0901 2948  VaultSvc - ok
15:27:13.0917 2948  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:27:13.0932 2948  vdrvroot - ok
15:27:13.0963 2948  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:27:13.0995 2948  vds - ok
15:27:14.0026 2948  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:27:14.0041 2948  vga - ok
15:27:14.0041 2948  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:27:14.0088 2948  VgaSave - ok
15:27:14.0104 2948  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:27:14.0119 2948  vhdmp - ok
15:27:14.0151 2948  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:27:14.0151 2948  viaide - ok
15:27:14.0182 2948  [ 071E1B172D49154EE1D23A2ACC472EFB ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:27:14.0182 2948  volmgr - ok
15:27:14.0197 2948  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:27:14.0213 2948  volmgrx - ok
15:27:14.0244 2948  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:27:14.0275 2948  volsnap - ok
15:27:14.0291 2948  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:27:14.0307 2948  vsmraid - ok
15:27:14.0369 2948  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:27:14.0431 2948  VSS - ok
15:27:14.0463 2948  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:27:14.0509 2948  vwifibus - ok
15:27:14.0509 2948  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:27:14.0541 2948  vwififlt - ok
15:27:14.0572 2948  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:27:14.0587 2948  vwifimp - ok
15:27:14.0603 2948  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:27:14.0650 2948  W32Time - ok
15:27:14.0681 2948  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:27:14.0697 2948  WacomPen - ok
15:27:14.0743 2948  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:27:14.0759 2948  WANARP - ok
15:27:14.0759 2948  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:27:14.0790 2948  Wanarpv6 - ok
15:27:14.0853 2948  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:27:14.0899 2948  wbengine - ok
15:27:14.0899 2948  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:27:14.0915 2948  WbioSrvc - ok
15:27:14.0946 2948  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:27:14.0962 2948  wcncsvc - ok
15:27:14.0993 2948  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:27:15.0009 2948  WcsPlugInService - ok
15:27:15.0040 2948  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
15:27:15.0040 2948  Wd - ok
15:27:15.0071 2948  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:27:15.0087 2948  Wdf01000 - ok
15:27:15.0102 2948  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:27:15.0165 2948  WdiServiceHost - ok
15:27:15.0165 2948  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:27:15.0180 2948  WdiSystemHost - ok
15:27:15.0196 2948  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:27:15.0211 2948  WebClient - ok
15:27:15.0227 2948  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:27:15.0258 2948  Wecsvc - ok
15:27:15.0274 2948  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:27:15.0305 2948  wercplsupport - ok
15:27:15.0336 2948  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:27:15.0367 2948  WerSvc - ok
15:27:15.0399 2948  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:27:15.0430 2948  WfpLwf - ok
15:27:15.0430 2948  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:27:15.0430 2948  WIMMount - ok
15:27:15.0461 2948  WinDefend - ok
15:27:15.0461 2948  WinHttpAutoProxySvc - ok
15:27:15.0508 2948  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:27:15.0555 2948  Winmgmt - ok
15:27:15.0601 2948  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:27:15.0648 2948  WinRM - ok
15:27:15.0695 2948  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:27:15.0726 2948  Wlansvc - ok
15:27:15.0757 2948  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:27:15.0789 2948  wlcrasvc - ok
15:27:15.0867 2948  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:27:15.0913 2948  wlidsvc - ok
15:27:15.0945 2948  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:27:15.0960 2948  WmiAcpi - ok
15:27:15.0991 2948  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:27:15.0991 2948  wmiApSrv - ok
15:27:16.0023 2948  WMPNetworkSvc - ok
15:27:16.0054 2948  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:27:16.0069 2948  WPCSvc - ok
15:27:16.0085 2948  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:27:16.0101 2948  WPDBusEnum - ok
15:27:16.0132 2948  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:27:16.0163 2948  ws2ifsl - ok
15:27:16.0179 2948  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:27:16.0194 2948  wscsvc - ok
15:27:16.0210 2948  WSearch - ok
15:27:16.0257 2948  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:27:16.0303 2948  wuauserv - ok
15:27:16.0319 2948  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:27:16.0350 2948  WudfPf - ok
15:27:16.0381 2948  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:27:16.0428 2948  WUDFRd - ok
15:27:16.0459 2948  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:27:16.0491 2948  wudfsvc - ok
15:27:16.0491 2948  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:27:16.0506 2948  WwanSvc - ok
15:27:16.0537 2948  ================ Scan global ===============================
15:27:16.0553 2948  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:27:16.0584 2948  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:27:16.0600 2948  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:27:16.0615 2948  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:27:16.0647 2948  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:27:16.0662 2948  [Global] - ok
15:27:16.0662 2948  ================ Scan MBR ==================================
15:27:16.0678 2948  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:27:17.0629 2948  \Device\Harddisk0\DR0 - ok
15:27:17.0629 2948  ================ Scan VBR ==================================
15:27:17.0645 2948  [ 5F25F7D9C5245ED1DA3898FD0A5C2141 ] \Device\Harddisk0\DR0\Partition1
15:27:17.0645 2948  \Device\Harddisk0\DR0\Partition1 - ok
15:27:17.0676 2948  [ 65ED4CC91EAE42785AA0F39B977E5538 ] \Device\Harddisk0\DR0\Partition2
15:27:17.0676 2948  \Device\Harddisk0\DR0\Partition2 - ok
15:27:17.0676 2948  ============================================================
15:27:17.0676 2948  Scan finished
15:27:17.0676 2948  ============================================================
15:27:17.0676 1568  Detected object count: 5
15:27:17.0676 1568  Actual detected object count: 5
15:27:41.0341 1568  Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:41.0341 1568  Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:27:41.0341 1568  Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:41.0341 1568  Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:27:41.0341 1568  Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:41.0341 1568  Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:27:41.0341 1568  MDM ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:41.0341 1568  MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:27:41.0357 1568  PFNService ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:41.0357 1568  PFNService ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 10.09.2012, 15:02

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Kuss80 · 14.09.2012, 17:34

Hier nun die combo.txt:

Code:

ATTFilter

ComboFix 12-09-14.03 - sofiab 14.09.2012  18:22:39.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8105.6495 [GMT 2:00]
ausgeführt von:: c:\users\sofiab\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\SysWow64\drivers\10CF_FUJITSU_FTS_LIFEBOOK AH531 GFO_PI_FUJITSU_FJNBB10_Default System BIOS_FUJ - 1_1.24_Intel(R) HD Graphics Family_NVIDIA GeForce GT 525M .MRK
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-14 bis 2012-09-14  ))))))))))))))))))))))))))))))
.
.
2012-09-14 16:27 . 2012-09-14 16:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-14 15:45 . 2012-09-14 15:45	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3247092E-1645-46B9-AFD9-3AED79BCD935}\offreg.dll
2012-09-12 17:24 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-12 17:24 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 17:24 . 2012-08-02 17:58	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-12 17:24 . 2012-08-02 16:57	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-09-12 17:23 . 2012-08-22 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-12 17:23 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-12 17:23 . 2012-08-22 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 19:32 . 2012-08-27 23:49	9310152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3247092E-1645-46B9-AFD9-3AED79BCD935}\mpengine.dll
2012-09-08 13:17 . 2012-09-08 13:17	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-09-02 21:13 . 2012-09-02 21:13	--------	d-----w-	C:\_OTL
2012-09-02 12:59 . 2012-07-06 20:07	552960	----a-w-	c:\windows\system32\drivers\bthport.sys
2012-09-01 14:12 . 2012-09-01 14:12	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-01 14:12 . 2012-09-01 14:12	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-01 14:12 . 2012-09-01 14:12	--------	d-----w-	c:\windows\SysWow64\Macromed
2012-09-01 14:12 . 2012-09-01 14:12	--------	d-----w-	c:\windows\system32\Macromed
2012-09-01 12:16 . 2012-09-01 12:16	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-09-01 12:16 . 2012-09-01 12:16	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-01 12:16 . 2012-09-01 12:16	--------	d-----w-	c:\program files (x86)\Java
2012-09-01 12:14 . 2012-09-01 12:14	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2012-09-01 11:53 . 2012-09-01 12:07	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-01 11:53 . 2012-09-01 12:07	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-01 11:39 . 2012-09-01 12:16	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-01 11:39 . 2012-09-01 11:39	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-01 11:22 . 2012-09-01 11:22	--------	d-----w-	c:\program files\CCleaner
2012-09-01 09:28 . 2012-09-01 09:28	--------	d-----w-	c:\program files (x86)\Microsoft
2012-09-01 09:10 . 2012-09-01 09:10	--------	d-----w-	c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-09-01 09:08 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2012-09-01 08:46 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-09-01 08:46 . 2012-03-01 06:38	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-09-01 08:46 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2012-09-01 08:46 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2012-09-01 08:46 . 2012-03-01 05:37	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-09-01 08:46 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-09-01 08:46 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-09-01 08:38 . 2012-09-13 05:41	64462936	----a-w-	c:\windows\system32\MRT.exe
2012-09-01 08:29 . 2011-10-26 05:21	43520	----a-w-	c:\windows\system32\csrsrv.dll
2012-09-01 08:28 . 2012-07-04 22:16	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-09-01 08:20 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-09-01 08:20 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-09-01 08:20 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-08-31 19:20 . 2012-08-31 19:20	--------	d-----w-	c:\programdata\Malwarebytes
2012-08-31 19:20 . 2012-08-31 19:20	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-31 19:20 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-31 18:42 . 2012-08-31 18:42	--------	d-----w-	c:\program files\VideoLAN
2012-08-31 18:35 . 2012-08-31 18:36	--------	d-----w-	c:\program files (x86)\Calibre2
2012-08-31 09:07 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-08-31 09:07 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-08-31 09:07 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-08-31 09:07 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-08-31 09:06 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-08-31 09:06 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-08-31 09:06 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-08-31 09:05 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-08-31 09:05 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-08-31 07:31 . 2012-09-01 08:54	--------	d-----w-	c:\program files (x86)\Microsoft Works
2012-08-31 07:29 . 2012-08-31 07:29	--------	d-----w-	c:\program files\Microsoft Office
2012-08-31 07:29 . 2012-08-31 07:29	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2012-08-31 07:28 . 2012-09-13 05:43	--------	d-----w-	c:\programdata\Microsoft Help
2012-08-31 07:28 . 2012-08-31 07:28	--------	d-----r-	C:\MSOCache
2012-08-30 23:29 . 2012-08-30 14:32	--------	d-----w-	c:\windows\SysWow64\NV
2012-08-30 23:29 . 2012-08-30 14:32	--------	d-----w-	c:\windows\system32\NV
2012-08-30 22:58 . 2012-08-30 22:58	--------	d-----w-	c:\program files (x86)\Common Files\SNP2UVC
2012-08-30 22:58 . 2010-10-09 12:35	1801216	----a-w-	c:\windows\system32\drivers\snp2uvc.sys
2012-08-30 22:58 . 2010-10-09 11:40	242176	----a-w-	c:\windows\system32\csnp2uvc.dll
2012-08-30 22:58 . 2010-09-30 08:35	306176	----a-w-	c:\windows\SysWow64\vsnp2uvc.dll
2012-08-30 22:58 . 2010-09-30 08:35	375808	----a-w-	c:\windows\system32\vsnp2uvc.dll
2012-08-30 22:58 . 2009-08-13 13:06	662016	----a-w-	c:\windows\vsnp2uvc.exe
2012-08-30 22:58 . 2009-05-23 08:37	24576	----a-w-	c:\windows\snuvcdsm.exe
2012-08-30 22:58 . 2009-04-10 06:11	245760	----a-w-	c:\windows\SysWow64\rsnp2uvc.dll
2012-08-30 22:58 . 2009-04-10 06:10	240640	----a-w-	c:\windows\system32\rsnp2uvc.dll
2012-08-30 22:58 . 2008-12-31 06:14	35456	----a-w-	c:\windows\system32\drivers\sncduvc.sys
2012-08-30 22:57 . 2012-08-30 22:57	--------	d-----w-	c:\users\Default\AppData\Roaming\Intel
2012-08-30 22:57 . 2012-08-30 22:57	83	------w-	c:\windows\system32\IHV_Install.bat
2012-08-30 22:57 . 2012-08-30 22:57	--------	d-----w-	c:\users\Public\Roaming
2012-08-30 22:57 . 2012-08-30 22:57	--------	d-----w-	c:\users\Default\Roaming
2012-08-30 22:56 . 2012-08-30 22:56	--------	d-----w-	c:\program files (x86)\Cisco
2012-08-30 22:56 . 2012-08-30 14:50	--------	d-----w-	c:\programdata\Intel
2012-08-30 22:56 . 2011-02-01 21:06	8192	----a-w-	c:\windows\system32\drivers\IntelMEFWVer.dll
2012-08-30 22:56 . 2012-08-30 22:56	--------	d-----w-	c:\program files (x86)\Common Files\postureAgent
2012-08-30 22:53 . 2011-05-07 19:24	--------	d-----w-	c:\users\Default\AppData\Roaming\Fujitsu
2012-08-30 22:53 . 2011-05-07 17:29	--------	d-----w-	c:\users\Default\AppData\Local\Windows Live
2012-08-30 15:10 . 2012-08-30 15:10	--------	d-----w-	c:\program files (x86)\Kaspersky Lab
2012-08-30 15:10 . 2012-09-14 15:46	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-08-30 15:10 . 2012-08-30 15:10	615728	----a-w-	c:\windows\system32\drivers\klif.sys
2012-08-30 14:50 . 2012-08-30 14:50	--------	d-----w-	c:\program files (x86)\Common Files\Intel Corporation
2012-08-30 14:50 . 2012-08-30 14:50	--------	d-----w-	c:\program files (x86)\Intel Corporation
2012-08-30 14:50 . 2012-08-30 14:50	--------	d-----w-	c:\program files (x86)\CyberLink
2012-08-30 14:48 . 2012-08-30 14:49	--------	d-----w-	c:\programdata\Fujitsu
2012-08-30 14:48 . 2012-08-30 14:48	--------	d-----w-	c:\windows\qsacfg
2012-08-30 14:44 . 2012-08-30 14:44	--------	d-----w-	c:\program files (x86)\eBay
2012-08-30 14:44 . 2009-09-30 12:42	112128	----a-w-	c:\program files\Windows Sidebar\Shared Gadgets\eBayGadgetFS.gadget\Bin\eBayGadget.dll
2012-08-30 14:33 . 2012-08-31 07:33	--------	d-----w-	c:\users\sofiab
2012-08-30 14:33 . 2012-08-30 14:33	--------	d-----w-	c:\program files\Google
2012-08-30 14:32 . 2012-08-30 14:33	--------	d-----w-	c:\program files (x86)\Google
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 08:24 . 2010-06-24 18:33	19720	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2010-09-30 48752]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-13 662016]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2009-07-08 162912]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-03 983104]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 136176]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-03-24 34200]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys [2009-06-24 21104]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-11-17 25576]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-10-07 331776]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2010-06-17 63336]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-11-04 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-10-20 274432]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys [2006-11-01 7296]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-11-04 59904]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-07 245792]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 14:32]
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 14:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2010-06-08 45680]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2010-11-13 199528]
"PfNet"="c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe" [2010-10-07 6311424]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-07 11663464]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-13 662016]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2010-07-16 162416]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2010-07-09 21616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.startfenster.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\sofiab\AppData\Roaming\Mozilla\Firefox\Profiles\jnze214t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-14  18:29:12
ComboFix-quarantined-files.txt  2012-09-14 16:29
.
Vor Suchlauf: 9 Verzeichnis(se), 216.633.446.400 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 216.246.644.736 Bytes frei
.
- - End Of File - - 0DA8328818DD74F5B9DF182DDF81450A

01.09.2012, 13:53	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Startfenster.com - mich hat es auch erwischt, grrr. Hätte da mal drei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? 3.) Das Startfenster ist nun weg? __________________ --> Startfenster.com - mich hat es auch erwischt, grrr.

Startfenster.com - mich hat es auch erwischt, grrr.

Plagegeister aller Art und deren Bekämpfung: Startfenster.com - mich hat es auch erwischt, grrr.