Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ihavenet / Umleitung falsche Internetseiten

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.12.2012, 23:57   #1
hope41
 
ihavenet / Umleitung falsche Internetseiten - Standard

ihavenet / Umleitung falsche Internetseiten



Hallo Liber Freunde,

Ich bin ganz neu hier und beim Suchen unter google bin ich Eure schöne Forum gelandet, da ich seit paar Tagen ärgerliche Probleme wegen einem Trojan/ Virus habe..... und zwar ihavenet leitet alle Seiten im Internet Explorer oder auch beim Firefox an andere Seiten um.

Ich habe mot dem Tool OTL scan gemact und folgende 2 Text. Datei bekommen.

OTL. Txt:

OTL logfile created on: 17.12.2012 23:25:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\uemkur\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,89 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 29,61% Memory free
7,77 Gb Paging File | 4,76 Gb Available in Paging File | 61,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 299,41 Gb Free Space | 64,30% Space Free | Partition Type: NTFS

Computer Name: DELUEMKUR | User Name: uemkur | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\uemkur\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
PRC - C:\ProgramData\PC Performer Manager\2.2.587.187\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
PRC - C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Ericsson AB)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
MOD - c:\ProgramData\PC Performer Manager\2.2.587.187\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll ()
MOD - C:\ProgramData\PC Performer Manager\2.2.587.187\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Programme\Lenovo\AutoLock\cv210.dll ()
MOD - C:\Programme\Lenovo\AutoLock\cxcore210.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\WinRAR\rarext.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PC Performer Manager) -- C:\ProgramData\PC Performer Manager\2.2.587.187\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SROSVC) -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited)
SRV - (NWSAPAutoWorkstationUpdateSvc) -- C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (WMCoreService) -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Ericsson AB)
SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)
SRV - (InoRT) -- C:\Programme\CA\eTrustITM\InoRT.exe (CA)
SRV - (InoRPC) -- C:\Programme\CA\eTrustITM\InoRPC.exe (CA)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
SRV - (ipsecd) -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe ()
SRV - (dtpd) -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe ()
SRV - (iked) -- C:\Programme\ShrewSoft\VPN Client\iked.exe ()
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (InoTask) -- C:\Programme\CA\eTrustITM\InoTask.exe (CA)
SRV - (iGateway) -- C:\Programme\CA\SharedComponents\iTechnology\igateway.exe (CA, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB)
DRV:64bit: - (l36wgps) -- C:\Windows\SysNative\drivers\l36wgps64.sys (Ericsson AB)
DRV:64bit: - (ecnssndisfltr) -- C:\Windows\SysNative\drivers\wwussf64.sys (Ericsson AB)
DRV:64bit: - (ecnssndis) -- C:\Windows\SysNative\drivers\wwuss64.sys (Ericsson AB)
DRV:64bit: - (Mbm3DevMt) -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys (MCCI Corporation)
DRV:64bit: - (Mbm3Mdm) -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys (MCCI Corporation)
DRV:64bit: - (Mbm3CBus) -- C:\Windows\SysNative\drivers\Mbm3CBus.sys (MCCI Corporation)
DRV:64bit: - (Mbm3mdfl) -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys (MCCI Corporation)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc)
DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc)
DRV:64bit: - (qcusbserlno2k) -- C:\Windows\SysNative\drivers\qcusbserlno2k.sys (QUALCOMM Incorporated)
DRV:64bit: - (qcfilterlno2k) -- C:\Windows\SysNative\drivers\qcfilterlno2k.sys (QUALCOMM Incorporated)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (e36wgps) -- C:\Windows\SysNative\drivers\e36wgps64.sys (Ericsson AB)
DRV:64bit: - (e36gmgmt) -- C:\Windows\SysNative\drivers\e36gmgmt.sys (MCCI Corporation)
DRV:64bit: - (e36gbus) -- C:\Windows\SysNative\drivers\e36gbus.sys (MCCI Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (INO_FLTR) -- C:\Windows\SysNative\drivers\ino_fltr.sys (Computer Associates)
DRV:64bit: - (INO_FLPY) -- C:\Windows\SysNative\drivers\ino_flpy.sys (Computer Associates)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (Authentec Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=3712_4&babsrc=SP_clro&mntrId=90cf557e000000000000028037ec0200
IE - HKCU\..\SearchScopes\{9123D63E-6290-4B82-90A2-1006E50AB0CA}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7GGNI_deDE501
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: ffxtlbr@claro.com:1.5.0
FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=114506&tt=3712_4&babsrc=KW_clro&mntrId=90cf557e000000000000028037ec0200&q="
FF - prefs.js..network.proxy.type: 4


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.09.05 16:03:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 20:35:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.09.05 16:03:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\PC Performer Manager\2.2.587.187\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012.09.14 18:07:40 | 000,000,000 | ---D | M]

[2012.09.06 11:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uemkur\AppData\Roaming\mozilla\Extensions
[2012.12.17 22:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uemkur\AppData\Roaming\mozilla\Firefox\Profiles\qoegnr84.default\extensions
[2012.09.15 10:56:52 | 000,000,000 | ---D | M] (Claro Toolbar) -- C:\Users\uemkur\AppData\Roaming\mozilla\Firefox\Profiles\qoegnr84.default\extensions\ffxtlbr@claro.com
[2012.09.07 20:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 20:35:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.09.07 20:35:19 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.14 18:07:48 | 000,006,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.08.25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - No CLSID value found.
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Realtime Monitor] C:\Program Files\CA\eTrustITM\realmon.exe (CA)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\uemkur\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\uemkur\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\uemkur\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\uemkur\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sweden.ecsoft
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B7A02B2-93CD-40FB-BB5B-5DCAED5826BA}: NameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73B91C1C-613D-4DA7-AD1E-4EE9E3A9F7C1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73B91C1C-613D-4DA7-AD1E-4EE9E3A9F7C1}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8170D263-BB27-49E4-BA12-032D928E01EF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\progra~3\pcperf~1\22587~1.187\{61d8b~1\pcpmngr.dll) - c:\ProgramData\PC Performer Manager\2.2.587.187\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll ()
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.17 20:55:33 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.12.17 20:53:47 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012.12.17 20:53:47 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012.12.17 20:53:47 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012.12.17 20:53:47 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012.12.17 20:53:45 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012.12.17 20:53:45 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012.12.17 20:53:44 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012.12.17 20:53:44 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.12.17 20:53:20 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012.12.17 20:53:20 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012.12.17 20:52:55 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012.12.17 20:52:55 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012.12.16 22:53:56 | 000,000,000 | ---D | C] -- C:\Users\uemkur\Desktop\Hande Yener - Kraliçe (2012)
[2012.12.16 18:30:54 | 000,037,216 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.12.16 18:30:54 | 000,029,536 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.12.16 18:30:08 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.12.16 18:29:57 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.12.16 18:29:56 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.12.16 18:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2012.12.16 18:29:05 | 000,000,000 | ---D | C] -- C:\Users\uemkur\AppData\Roaming\TuneUp Software
[2012.12.16 18:28:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2012.12.16 18:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.12.16 18:27:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.12.15 16:54:25 | 000,000,000 | ---D | C] -- C:\Users\uemkur\AppData\Local\MigWiz
[2012.12.12 03:00:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.12 03:00:56 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.12 03:00:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.12 03:00:55 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.12 03:00:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.12 03:00:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.12 03:00:55 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.12 03:00:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.12 03:00:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.12 03:00:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.12 03:00:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.12 03:00:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.12 03:00:54 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.12 03:00:54 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.12 03:00:54 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.11 20:53:37 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.11 20:53:37 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.11 20:53:37 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.11 20:53:37 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.11 20:53:27 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.11 20:53:24 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.11 20:53:24 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.11 20:53:24 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.11 20:53:23 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.11 20:53:23 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.11 20:53:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.11 20:53:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.11 20:53:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.11 20:53:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.11 20:53:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.11 20:53:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.11 20:53:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.11 20:53:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.11 20:53:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.11 20:53:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.11 20:53:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.11 20:53:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.11 20:53:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.11 20:53:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.11 20:53:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.11 20:53:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.11 20:53:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.11 20:53:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.11 20:53:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.11 20:53:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.11 20:53:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.11 20:53:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.11 20:53:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.11 20:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.11 20:53:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.11 20:53:10 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.11 20:53:10 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.05 23:25:56 | 000,000,000 | ---D | C] -- C:\Users\uemkur\Desktop\Gökhan Tepe - Kendim Gibi (2012)
[2012.12.03 21:54:51 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.12.03 21:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.03 21:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.11.19 03:14:35 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.19 03:14:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.19 03:01:50 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.19 03:01:49 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.19 03:01:49 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.19 03:01:49 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.09.12 14:05:32 | 000,671,744 | ---- | C] (TechSmith Corporation) -- C:\Users\uemkur\SNAGIT32.EXE
[9 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[36 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.12.17 23:30:01 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.12.17 23:21:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.12.17 23:20:24 | 000,038,377 | ---- | M] () -- C:\Users\uemkur\Desktop\85104-otl-otlogfile-by-oldtimer.html
[2012.12.17 23:06:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.17 23:05:07 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.17 22:52:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.17 22:05:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.17 21:22:28 | 001,624,576 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.17 21:22:28 | 000,701,178 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.17 21:22:28 | 000,655,850 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.17 21:22:28 | 000,149,942 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.17 21:22:28 | 000,122,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.17 20:57:40 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 20:57:40 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 20:49:39 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\NWTKYJW.job
[2012.12.17 20:49:29 | 3129,397,248 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.16 18:29:53 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012.12.16 18:29:53 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.12.15 16:42:43 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.12.12 21:36:05 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.12 03:19:06 | 000,442,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.11 22:06:13 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.11 22:06:13 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.02 10:46:23 | 000,114,688 | RHS- | M] () -- C:\Windows\SysWow64\KBDINPUN5.dll
[2012.11.29 16:14:50 | 000,034,656 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.11.29 16:14:46 | 000,037,216 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.11.29 16:14:46 | 000,025,952 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.11.29 16:14:46 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.11.29 16:14:44 | 000,029,536 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.11.19 20:10:52 | 000,074,448 | ---- | M] () -- C:\Users\uemkur\Desktop\bank document..karsılığı çıkmadı.tahsil edilemedi. (2).pdf
[9 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[36 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.12.17 23:20:15 | 000,038,377 | ---- | C] () -- C:\Users\uemkur\Desktop\85104-otl-otlogfile-by-oldtimer.html
[2012.12.17 20:55:19 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012.12.16 18:29:53 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012.12.16 18:29:53 | 000,002,195 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2012.12.16 18:29:53 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.12.03 21:54:51 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.12.02 10:46:24 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\NWTKYJW.job
[2012.12.02 10:46:23 | 000,114,688 | RHS- | C] () -- C:\Windows\SysWow64\KBDINPUN5.dll
[2012.11.19 20:10:48 | 000,074,448 | ---- | C] () -- C:\Users\uemkur\Desktop\bank document..karsılığı çıkmadı.tahsil edilemedi. (2).pdf
[2012.11.19 03:14:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.19 03:01:49 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.09.13 18:03:28 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2012.09.05 16:34:56 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2012.09.05 15:59:13 | 000,221,337 | ---- | C] () -- C:\Windows\hpoins43.dat
[2012.09.05 15:59:13 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2012.09.04 17:42:57 | 000,225,296 | ---- | C] () -- C:\Users\uemkur\AppData\Roaming\wanancsp.dat
[2012.08.29 09:10:51 | 000,003,344 | RHS- | C] () -- C:\Users\uemkur\ntuser.pol
[2012.08.28 14:15:46 | 000,003,318 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.03.07 14:01:20 | 000,417,600 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.12.08 14:12:48 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.12.08 14:12:47 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.12.08 14:12:46 | 013,903,360 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.12.08 14:11:33 | 001,644,986 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.22 18:05:09 | 000,035,265 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat
[2011.06.22 16:15:59 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll
[2011.06.22 16:15:59 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll
[2011.06.22 16:15:59 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll
[2011.06.22 16:15:59 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll
[2011.06.22 16:15:59 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll
[2011.03.26 00:16:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.03.26 00:16:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >



Extras.Txt:

OTL Extras logfile created on: 17.12.2012 23:25:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\uemkur\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,89 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 29,61% Memory free
7,77 Gb Paging File | 4,76 Gb Available in Paging File | 61,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 299,41 Gb Free Space | 64,30% Space Free | Partition Type: NTFS

Computer Name: DELUEMKUR | User Name: uemkur | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{71F3F240-7CF8-410D-8995-FBCF4215166D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{979BCC28-208B-43C8-A3CF-FAC735F882EE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D5D78FC0-B058-4068-8750-EB2B1D83FCB8}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{D6BA18B0-13E2-4F01-869F-DD4D213A4383}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E4245DFA-3384-4141-8849-B78684145F2E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0537BC1A-8C44-4945-A0F4-DD2E9C51D472}" = protocol=6 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |
"{06F01683-7D8F-4FE1-B96D-B8D458517E51}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{0AC331F0-6CC9-4770-9D6D-B537AB12AA82}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{0BFCC7CE-C4B5-4152-87EE-0B6B59A4389E}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{0DB4B2F0-A473-4D8E-8601-0C2BFBCBB3A2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0DE4E5B3-76F1-4625-BC24-6010F2665089}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1C24B74D-3972-431D-9C7B-825F9AC95A88}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{20036414-4F41-491B-B14F-E96CE3DE3B0E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |
"{273FB255-0315-46A7-9FB5-DCB80DDC2D15}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{2E63423F-1D01-4572-89E6-51AC177F9DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{2FD225D7-D86E-4F2E-BCA7-D4779980A399}" = protocol=6 | dir=in | app=c:\program files\ca\etrustitm\shellscn.exe |
"{336E8DFE-DB9B-4303-961A-3005D77C6629}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{355F365C-5F4B-4D18-8D26-C6BF1CE1259D}" = protocol=17 | dir=in | app=c:\program files\ca\etrustitm\shellscn.exe |
"{378B0382-0BDE-4456-9A21-C7BAC9A27D77}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{3A072C58-70BA-4909-BA04-6258A137A67F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{3A22BDAD-4698-4519-8364-BF9472ABD157}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4462669E-BC51-430B-AE8F-3F0E5419588D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{4957DDB2-5F85-4A7B-B8C0-C4B5D04C325C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{49912BC6-DC50-40A3-A11C-B61C6B7D742F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |
"{5BF9CFF2-8E90-493E-ABB1-C4543B893D46}" = dir=in | app=c:\users\uemkur\appdata\local\microsoft\skydrive\skydrive.exe |
"{6517BEA4-4885-4C1D-A472-F7D00DA3F283}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{6AA6CBE6-9A17-452A-B7B7-DAFD10BB1196}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{6BEFDB76-17FD-4435-B46D-5CEC63C03A7D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{70F3D143-8C5C-4FFA-806E-2388C0CA03AA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{74CBE337-5223-49C4-8BC1-8C2C1154F6D9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7DCF710F-73AB-4E14-A340-DC798DC2AC5C}" = protocol=17 | dir=in | app=c:\program files\ca\etrustitm\realmon.exe |
"{7DFF14C7-CF6A-41B7-B777-D74132DD1454}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{81726E62-2E29-43BD-85F3-132B9DE574FC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{82A5A54A-AC62-42AD-8257-1AB4F0F92EEA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{866B1BE9-CA40-4638-8D1D-F42B37D2452C}" = protocol=6 | dir=in | app=c:\program files\ca\etrustitm\realmon.exe |
"{8E56275D-3E74-483D-930F-E5D4FA9A4919}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{93C97956-47F5-4096-AA22-E0E020318F9D}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{970B5A79-94EC-4B62-9C5C-B3A54A52318F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{9CA7EB94-CDB6-42B1-AC7A-C9049A4FA083}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{9CCB6544-92FD-470B-BE34-D0D7C1678B9D}" = protocol=1 | dir=in | name=@firewallapi.dll,-26140 |
"{9CF61447-47BC-4D1F-84D6-CE36611C0E15}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{AAD3F73F-FC3C-4E00-B743-CDBDF1B4ECA6}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{C6FF3495-B07E-4C91-B6D1-EF774A87EA3A}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{C7DFC579-9589-4469-95B0-789FC8A455B4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D03D9861-05F0-42CB-86CD-28F2834A3483}" = protocol=17 | dir=in | app=c:\program files\ca\etrustitm\inorpc.exe |
"{D5AC020C-D775-4776-959B-183F9CDA33B5}" = protocol=58 | dir=in | name=@firewallapi.dll,-26142 |
"{DAEF4045-1DD4-4353-90E3-FCD5EBCB54F6}" = protocol=6 | dir=in | app=c:\program files\ca\etrustitm\inorpc.exe |
"{DCC0B760-DC52-46BE-B6CA-BFF6449886E5}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{E19C2EF6-B5BA-4680-A65A-1086CBFBEA08}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{F7326989-F891-4814-8007-098253A37B35}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{F86485DD-985C-48AD-8014-70F8D276D2FC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F9764690-680D-4892-9F6C-770638CAED53}" = protocol=17 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |
"{F9FFB3B3-756C-4ABF-8F4A-BE6C6AD9A796}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"TCP Query User{AB266141-05F4-4E94-B1EA-211EFBD31C2D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{2F9E6156-E874-4FC4-BEEC-8EDDA31D2E72}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1C83CB66-D345-4D6C-95A2-63A03269ADA0}" = Lenovo Patch Utility 64 bit
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{479016BF-5B8D-445F-BE15-A187F25D81C8}" = ThinkVantage Fingerprint Software
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{55F9C3DD-772F-4E74-85E3-8E3AD6A5154F}" = CA iTechnology iGateway [x64]
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{728985C5-A04B-457C-9D62-15360F3EAF85}" = Intel(R) WiDi
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9342421A-36BA-4744-A253-A498BAB40621}" = CA eTrustITM Agent
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.3.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CFD2C9F6-AE2F-4422-A7E9-182B47F1E72E}" = Lenovo SimpleTap
"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel(R) PROSet/Wireless WiFi-Software
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DD00F699-6861-4DCF-A19F-8CF61E5E28ED}" = Lenovo Solution Center
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = Lenovo Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shop for HP Supplies" = Shop for HP Supplies
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VLC media player 2.0.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = PC Performer Manager
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}" = ThinkVantage GPS
"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0017-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{0F513B77-0D84-4615-87F7-B814D1FC64F5}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.de-de_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.de-de_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.de-de_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{90D3D490-F6C4-4F4A-971B-93D0A66F2E2E}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4733E76A-5F12-4513-9CA8-DB2540A74EDA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91A29166-4E1B-4664-B70B-4C4A3B6B3372}" = Lenovo Screen Reading Optimizer
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)
"{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}" = Lenovo Patch Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}" = Lenovo Mobile Broadband Activation
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C6D4B05A-EA7E-1027-80EF-C925E740E99C}" = Intel(R) Identity Protection Technology 1.0.74.0
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = vcredist_x86
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA9640BE-414E-4195-B53B-7905BF1A5A09}" = Mobile Broadband Drivers
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F3ED01FE-B62F-4CA4-BACA-822369BC0FB7}" = TuneUp Utilities Language Pack (en-GB)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.13.18.02
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.01" = GPL Ghostscript 9.01
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Lenovo Welcome_is1" = Lenovo Welcome
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"SAP_WUS" = SAPSetup Automatic Workstation Update Service
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI for Windows 7.20
"TeamViewer 5" = TeamViewer 5
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VoipBuster_is1" = VoipBuster
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12.10.2012 13:06:27 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12.10.2012 13:06:27 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1218165

Error - 12.10.2012 13:06:27 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1218165

Error - 14.10.2012 07:22:02 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 14.10.2012 07:22:02 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3885

Error - 14.10.2012 07:22:02 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3885

Error - 14.10.2012 14:44:40 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = AutoEnrollment | ID = 6
Description =

Error - 15.10.2012 17:20:46 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 15.10.2012 17:20:46 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3088

Error - 15.10.2012 17:20:46 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3088

[ Lenovo-Message Center Plus/Admin Events ]
Error - 15.10.2012 14:58:57 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\login.php
does not have a Lenovo Digital Signature. The file will be deleted

Error - 16.10.2012 15:53:42 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. ->
Exception message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.

Error - 08.11.2012 16:18:23 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file size of the downloaded file /TOC.cab is not the same as the
file size of the file on the server

Error - 08.11.2012 16:18:23 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 21.11.2012 14:18:18 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Index war außerhalb des Arraybereichs. -> Exception message: Der
Index war außerhalb des Arraybereichs.

Error - 22.11.2012 15:30:30 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Index war außerhalb des Arraybereichs. -> Exception message: Der
Index war außerhalb des Arraybereichs.

Error - 27.11.2012 14:56:29 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Index war außerhalb des Arraybereichs. -> Exception message: Der
Index war außerhalb des Arraybereichs.

Error - 28.11.2012 15:23:02 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Index war außerhalb des Arraybereichs. -> Exception message: Der
Index war außerhalb des Arraybereichs.

Error - 28.11.2012 22:02:17 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Index war außerhalb des Arraybereichs. -> Exception message: Der
Index war außerhalb des Arraybereichs.

Error - 11.12.2012 15:39:20 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Index war außerhalb des Arraybereichs. -> Exception message: Der
Index war außerhalb des Arraybereichs.

[ System Events ]
Error - 09.09.2012 10:53:56 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error - 09.09.2012 12:51:31 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne SWEDEN aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error - 10.09.2012 02:57:39 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne SWEDEN aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error - 10.09.2012 03:47:00 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 10.09.2012 07:06:31 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne SWEDEN aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error - 10.09.2012 11:16:54 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne SWEDEN aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error - 10.09.2012 11:24:42 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error - 10.09.2012 11:28:39 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error - 11.09.2012 03:50:28 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070103 fehlgeschlagen: Intel - Other hardware - Intel(R) Management
Engine Interface

Error - 11.09.2012 05:22:29 | Computer Name = DELUEMKUR.sweden.ecsoft | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne SWEDEN aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.


< End of report >


Was soll ich danach machen? Ich bitte um die Hilfe und bedanke ich mich sehr...

Schöne Grüße.

Alt 18.12.2012, 12:19   #2
markusg
/// Malware-holic
 
ihavenet / Umleitung falsche Internetseiten - Standard

ihavenet / Umleitung falsche Internetseiten



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\RunOnce: [Uninstall C:\Users\uemkur\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\uemkur\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"
File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\uemkur\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\uemkur\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
File not found
[2012.12.02 10:46:23 | 000,114,688 | RHS- | M] () -- C:\Windows\SysWow64\KBDINPUN5.dll
[2012.12.17 20:49:39 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\NWTKYJW.job
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.


Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus


lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar

Frage:
hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt?
wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________

__________________

Alt 19.12.2012, 22:20   #3
hope41
 
ihavenet / Umleitung falsche Internetseiten - Standard

ihavenet / Umleitung falsche Internetseiten



Hallo,

Danke erst mal Deine schnelle Antwort..... Mein Notebook war im Hotel und ich bin bei ganzen Tag bei der Arbeit gewesen. Deswegen kann ich erst jetzt die Möglichkeit gefunden zurück zu schreiben.

Ich habe leider nicht ganz verstanden was ich jetzt machen soll

Kopiere nun das Folgende in die Textbox.

hab ganze Text kopiert. Soll ich als text.datei kopieren?

OTL.exe habe ich dann startet und auf FIX geklickt.
Dann kommt ein Popup hoch und sagt mir "Es wurde kein Fix vorgesehen. Auf OK klicken um einen Fix von einer Datei zu laden oder Abbrechen...

Also komme ich irgendwie bei ersten Schritt nicht weiter
__________________

Alt 19.12.2012, 22:26   #4
markusg
/// Malware-holic
 
ihavenet / Umleitung falsche Internetseiten - Standard

ihavenet / Umleitung falsche Internetseiten



Hi
du sollst das aus der Textbox, in das Eingabefeld von OTL kopieren, und erst dann auf Fix klicken :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.12.2012, 23:25   #5
hope41
 
ihavenet / Umleitung falsche Internetseiten - Standard

ihavenet / Umleitung falsche Internetseiten



So habe ich jetzt Vorwärts.... Ich habe den ersten Schritt schon durchgeführt.

Die ZIP Datei wie Du beschrieben hast hochgeladen ... hoffe ich mindestens so richtig gemacht habe

Letzte Schritt wurde jetzt auch gerade durch....

Jetzt zu Deiner Frage :

hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt?
wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.

Nicht dass ich wüsste... ich habe eigentlicht nicht installiert. Ich glaube von einer Woche als ich bei einem Hotel war... habe ich erst mal diese Umleitung gemerkt. Es kann möglich sein von diesem Hotel im Netzwerk das ich diesen Trojan gekriegt.

Ich prüfe jetzt wie es aussieht dann gebe ich nochmal Bescheid.

Soo. beim firefox sieht ok aus. Beim suchen in der google werden die Seiten nicht mehr umgeleitet.

In der Internet Explorer habe ich aber irgendwie Probleme... und zwar läuft nicht so richtig. Wenn ich eine Internetadresse in der Taskleiste eingebe und dann ENTER drücke... er sucht aber öffnet die Seite leider nicht. Sucht nur so lange aber lädt die Seite gar nicht.


Alt 20.12.2012, 13:34   #6
markusg
/// Malware-holic
 
ihavenet / Umleitung falsche Internetseiten - Standard

ihavenet / Umleitung falsche Internetseiten



Hi,
downloade get info:
http://markusg.trojaner-board.de/GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt

Um den Rest kümmern wir uns noch, ist ja erst der erste Schritt gewesen :-)
__________________
--> ihavenet / Umleitung falsche Internetseiten

Alt 21.12.2012, 19:57   #7
hope41
 
ihavenet / Umleitung falsche Internetseiten - Standard

ihavenet / Umleitung falsche Internetseiten



Sorry, gestern war unterwegs und konnte keine Rückmeldung geben.

Ich versuche gerade diese GetInfo.exe auszuführen.... also datei habe ich schon runtergeladen aber beim Ausführen passiert nichts.... Ich glaube kam ein Popup sehr schnell hoch aber geht dann sofort weg... Man kann es nicht so richtig sehen

Oder meinst Du diese Text Datei in Download Ordner --> summary-info

Diese Datei wurde nach der Ausführung erstellt... glaube ich.

In der Datei ist folgende Text enthalten:

System volume information: dwHighDateTime = 0x1cd81e9,dwLowDateTime = 0xb85094bf
System32: dwHighDateTime = 0x1ca0431,dwLowDateTime = 0xfec9a6f8
dwSerialNumber = 0x90cf557e

Alt 21.12.2012, 22:01   #8
markusg
/// Malware-holic
 
ihavenet / Umleitung falsche Internetseiten - Standard

ihavenet / Umleitung falsche Internetseiten



Genau, die ists :-)
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.12.2012, 16:34   #9
hope41
 
ihavenet / Umleitung falsche Internetseiten - Standard

ihavenet / Umleitung falsche Internetseiten



Hallo,

hier bin ich wieder nach kurzen Urlaub...

Ich habe mit dem tdskiller schon gescannt und das Report (txt.Datei) hochgeladen.

Alt 27.12.2012, 16:38   #10
markusg
/// Malware-holic
 
ihavenet / Umleitung falsche Internetseiten - Standard

ihavenet / Umleitung falsche Internetseiten



Hi
wo soll denn das log vom TDSS killer sein?
Bitte erstelle mal ein neues, mit den genannten Einstellungen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.12.2012, 16:47   #11
hope41
 
ihavenet / Umleitung falsche Internetseiten - Standard

ihavenet / Umleitung falsche Internetseiten





Meinst du das hier... als Bild habe ich dies mal hochgeladen....

Zitat:
Zitat von markusg Beitrag anzeigen
Hi
wo soll denn das log vom TDSS killer sein?
Bitte erstelle mal ein neues, mit den genannten Einstellungen.
Text.Datei hatte ich eigentliich unter hxxp://upload.trojaner-board.de/ hochgeladen... mit meinem Benutzername und das Link von diesen Forum.



Meinst du das hier... als Bild habe ich dies mal hochgeladen....



Text.Datei hatte ich eigentliich unter upload.trojaner-board.de/ hochgeladen... mit meinem Benutzername und das Link von diesen Forum.



Meinst du das hier... als Bild habe ich dies mal hochgeladen....



Text.Datei hatte ich eigentliich unter upload.trojaner-board.de/ hochgeladen... mit meinem Benutzername und das Link von diesen Forum.[/QUOTE]

Sorry Ich wollte meinen Beitrag oben bearbeiten...

Alt 27.12.2012, 19:58   #12
markusg
/// Malware-holic
 
ihavenet / Umleitung falsche Internetseiten - Standard

ihavenet / Umleitung falsche Internetseiten



Hi
logs hier im forum posten.
führe den TDSS killer wie beschrieben aus, hänge das log an, bzw kopiere es rein.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.12.2012, 21:05   #13
hope41
 
ihavenet / Umleitung falsche Internetseiten - Standard

ihavenet / Umleitung falsche Internetseiten



21:03:46.0518 1940 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:03:48.0546 1940 ============================================================
21:03:48.0546 1940 Current date / time: 2012/12/27 21:03:48.0546
21:03:48.0546 1940 SystemInfo:
21:03:48.0546 1940
21:03:48.0546 1940 OS Version: 6.1.7601 ServicePack: 1.0
21:03:48.0546 1940 Product type: Workstation
21:03:48.0546 1940 ComputerName: DELUEMKUR
21:03:48.0546 1940 UserName: uemkur
21:03:48.0546 1940 Windows directory: C:\Windows
21:03:48.0546 1940 System windows directory: C:\Windows
21:03:48.0546 1940 Running under WOW64
21:03:48.0546 1940 Processor architecture: Intel x64
21:03:48.0546 1940 Number of processors: 8
21:03:48.0546 1940 Page size: 0x1000
21:03:48.0546 1940 Boot type: Normal boot
21:03:48.0546 1940 ============================================================
21:03:49.0170 1940 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:03:49.0185 1940 Drive \Device\Harddisk1\DR1 - Size: 0x3C8C0000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:03:49.0185 1940 ============================================================
21:03:49.0185 1940 \Device\Harddisk0\DR0:
21:03:49.0185 1940 MBR partitions:
21:03:49.0185 1940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:03:49.0185 1940 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
21:03:49.0185 1940 \Device\Harddisk1\DR1:
21:03:49.0185 1940 MBR partitions:
21:03:49.0185 1940 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x1E4407
21:03:49.0185 1940 ============================================================
21:03:49.0185 1940 C: <-> \Device\Harddisk0\DR0\Partition2
21:03:49.0185 1940 ============================================================
21:03:49.0185 1940 Initialize success
21:03:49.0185 1940 ============================================================
21:04:07.0926 6796 ============================================================
21:04:07.0926 6796 Scan started
21:04:07.0926 6796 Mode: Manual; SigCheck; TDLFS;
21:04:07.0926 6796 ============================================================
21:04:08.0691 6796 ================ Scan system memory ========================
21:04:08.0691 6796 System memory - ok
21:04:08.0691 6796 ================ Scan services =============================
21:04:08.0940 6796 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
21:04:09.0221 6796 1394ohci - ok
21:04:09.0237 6796 [ F4AF97702BAD85BFEF64B9A557F11B6F ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
21:04:09.0299 6796 5U877 - ok
21:04:09.0315 6796 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:04:09.0362 6796 ACPI - ok
21:04:09.0377 6796 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:04:09.0424 6796 AcpiPmi - ok
21:04:09.0455 6796 [ 1933DB4808793F3BD7AB34A39A809425 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
21:04:09.0486 6796 AcPrfMgrSvc - ok
21:04:09.0502 6796 [ E7AF543334B21D84124709061A9AE4D7 ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
21:04:09.0549 6796 AcSvc - ok
21:04:09.0564 6796 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:04:09.0596 6796 AdobeARMservice - ok
21:04:09.0689 6796 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:04:09.0736 6796 AdobeFlashPlayerUpdateSvc - ok
21:04:09.0783 6796 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:04:09.0830 6796 adp94xx - ok
21:04:09.0861 6796 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:04:09.0892 6796 adpahci - ok
21:04:09.0923 6796 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:04:09.0970 6796 adpu320 - ok
21:04:10.0017 6796 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:04:10.0188 6796 AeLookupSvc - ok
21:04:10.0235 6796 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:04:10.0329 6796 AFD - ok
21:04:10.0360 6796 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:04:10.0407 6796 agp440 - ok
21:04:10.0407 6796 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:04:10.0469 6796 ALG - ok
21:04:10.0485 6796 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:04:10.0532 6796 aliide - ok
21:04:10.0532 6796 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:04:10.0578 6796 amdide - ok
21:04:10.0578 6796 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:04:10.0641 6796 AmdK8 - ok
21:04:10.0641 6796 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:04:10.0688 6796 AmdPPM - ok
21:04:10.0703 6796 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:04:10.0750 6796 amdsata - ok
21:04:10.0766 6796 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:04:10.0812 6796 amdsbs - ok
21:04:10.0812 6796 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:04:10.0859 6796 amdxata - ok
21:04:10.0890 6796 [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
21:04:10.0953 6796 AMPPAL - ok
21:04:10.0968 6796 [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
21:04:11.0000 6796 AMPPALP - ok
21:04:11.0062 6796 [ 2CC0CBF2707BE4D5B6CE6B87D9DA2F97 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
21:04:11.0140 6796 AMPPALR3 - ok
21:04:11.0156 6796 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:04:11.0343 6796 AppID - ok
21:04:11.0358 6796 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:04:11.0436 6796 AppIDSvc - ok
21:04:11.0452 6796 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:04:11.0514 6796 Appinfo - ok
21:04:11.0530 6796 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:04:11.0561 6796 Apple Mobile Device - ok
21:04:11.0608 6796 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:04:11.0655 6796 AppMgmt - ok
21:04:11.0670 6796 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:04:11.0702 6796 arc - ok
21:04:11.0702 6796 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:04:11.0733 6796 arcsas - ok
21:04:11.0795 6796 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:04:11.0826 6796 aspnet_state - ok
21:04:11.0826 6796 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:04:11.0951 6796 AsyncMac - ok
21:04:11.0967 6796 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:04:12.0014 6796 atapi - ok
21:04:12.0045 6796 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:04:12.0138 6796 AudioEndpointBuilder - ok
21:04:12.0170 6796 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:04:12.0248 6796 AudioSrv - ok
21:04:12.0263 6796 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:04:12.0310 6796 AxInstSV - ok
21:04:12.0341 6796 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:04:12.0388 6796 b06bdrv - ok
21:04:12.0419 6796 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:04:12.0466 6796 b57nd60a - ok
21:04:12.0482 6796 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:04:12.0513 6796 BDESVC - ok
21:04:12.0528 6796 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:04:12.0606 6796 Beep - ok
21:04:12.0653 6796 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:04:12.0747 6796 BFE - ok
21:04:12.0778 6796 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:04:12.0887 6796 BITS - ok
21:04:12.0887 6796 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:04:12.0918 6796 blbdrive - ok
21:04:12.0950 6796 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:04:12.0981 6796 Bonjour Service - ok
21:04:12.0996 6796 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:04:13.0043 6796 bowser - ok
21:04:13.0043 6796 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:04:13.0090 6796 BrFiltLo - ok
21:04:13.0090 6796 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:04:13.0121 6796 BrFiltUp - ok
21:04:13.0137 6796 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:04:13.0168 6796 Browser - ok
21:04:13.0199 6796 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:04:13.0277 6796 Brserid - ok
21:04:13.0293 6796 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:04:13.0355 6796 BrSerWdm - ok
21:04:13.0355 6796 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:04:13.0402 6796 BrUsbMdm - ok
21:04:13.0402 6796 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:04:13.0433 6796 BrUsbSer - ok
21:04:13.0464 6796 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
21:04:13.0542 6796 BthEnum - ok
21:04:13.0542 6796 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:04:13.0605 6796 BTHMODEM - ok
21:04:13.0620 6796 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:04:13.0652 6796 BthPan - ok
21:04:13.0714 6796 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
21:04:13.0808 6796 BTHPORT - ok
21:04:13.0808 6796 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:04:13.0901 6796 bthserv - ok
21:04:13.0901 6796 [ D6CEEC2F878149E4DB9FE93FA5D8FE60 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
21:04:13.0917 6796 BTHSSecurityMgr - ok
21:04:13.0932 6796 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
21:04:13.0995 6796 BTHUSB - ok
21:04:13.0995 6796 [ D3466F77C2C49C6E393BA5FBA963A33E ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
21:04:14.0026 6796 btusbflt - ok
21:04:14.0088 6796 [ 3AFF6DC496B8A8D12C867E3FC7C86FAC ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
21:04:14.0151 6796 BTWAMPFL - ok
21:04:14.0166 6796 [ 336BBA0909B3636AB7D06A71D7B1C0DC ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
21:04:14.0198 6796 btwaudio - ok
21:04:14.0213 6796 [ 9FF58F76024D25784755B01F926B00BE ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
21:04:14.0244 6796 btwavdt - ok
21:04:14.0322 6796 [ 26A80D7ACA49E03A403806418B5FED46 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
21:04:14.0385 6796 btwdins - ok
21:04:14.0400 6796 [ B1ACFD00CDD13B48D86F46BFEC153BF9 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
21:04:14.0416 6796 btwl2cap - ok
21:04:14.0432 6796 [ EDD953D635F3AA89EF902E3F82D60D22 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
21:04:14.0447 6796 btwrchid - ok
21:04:14.0463 6796 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:04:14.0588 6796 cdfs - ok
21:04:14.0619 6796 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:04:14.0666 6796 cdrom - ok
21:04:14.0697 6796 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:04:14.0775 6796 CertPropSvc - ok
21:04:14.0790 6796 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:04:14.0837 6796 circlass - ok
21:04:14.0853 6796 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:04:14.0884 6796 CLFS - ok
21:04:14.0900 6796 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:04:14.0931 6796 clr_optimization_v2.0.50727_32 - ok
21:04:14.0946 6796 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:04:14.0978 6796 clr_optimization_v2.0.50727_64 - ok
21:04:15.0024 6796 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:04:15.0040 6796 clr_optimization_v4.0.30319_32 - ok
21:04:15.0056 6796 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:04:15.0071 6796 clr_optimization_v4.0.30319_64 - ok
21:04:15.0087 6796 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:04:15.0149 6796 CmBatt - ok
21:04:15.0149 6796 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:04:15.0180 6796 cmdide - ok
21:04:15.0212 6796 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:04:15.0290 6796 CNG - ok
21:04:15.0352 6796 [ 8DE541B4CFA281A204BAA3EA2109809E ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
21:04:15.0477 6796 CnxtHdAudService - ok
21:04:15.0477 6796 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:04:15.0508 6796 Compbatt - ok
21:04:15.0524 6796 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:04:15.0586 6796 CompositeBus - ok
21:04:15.0586 6796 COMSysApp - ok
21:04:15.0586 6796 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:04:15.0617 6796 crcdisk - ok
21:04:15.0633 6796 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:04:15.0695 6796 CryptSvc - ok
21:04:15.0726 6796 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:04:15.0789 6796 CSC - ok
21:04:15.0820 6796 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:04:15.0898 6796 CscService - ok
21:04:15.0914 6796 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
21:04:15.0945 6796 CVirtA - ok
21:04:16.0007 6796 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
21:04:16.0116 6796 CVPND - ok
21:04:16.0132 6796 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
21:04:16.0179 6796 CVPNDRVA - ok
21:04:16.0179 6796 [ 9D0D050170D47E778B624A28C90F23DE ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
21:04:16.0210 6796 CxAudMsg - ok
21:04:16.0241 6796 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:04:16.0319 6796 DcomLaunch - ok
21:04:16.0366 6796 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:04:16.0475 6796 defragsvc - ok
21:04:16.0491 6796 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:04:16.0616 6796 DfsC - ok
21:04:16.0709 6796 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:04:16.0772 6796 Dhcp - ok
21:04:16.0772 6796 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:04:16.0881 6796 discache - ok
21:04:16.0912 6796 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:04:16.0959 6796 Disk - ok
21:04:16.0974 6796 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
21:04:17.0021 6796 dmvsc - ok
21:04:17.0052 6796 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
21:04:17.0084 6796 DNE - ok
21:04:17.0115 6796 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:04:17.0177 6796 Dnscache - ok
21:04:17.0208 6796 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:04:17.0286 6796 dot3svc - ok
21:04:17.0286 6796 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
21:04:17.0333 6796 Dot4 - ok
21:04:17.0364 6796 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:04:17.0396 6796 Dot4Print - ok
21:04:17.0396 6796 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
21:04:17.0442 6796 dot4usb - ok
21:04:17.0474 6796 [ 7719FB1A82B2972B1F326AD2F80C2606 ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
21:04:17.0505 6796 DozeSvc - ok
21:04:17.0552 6796 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:04:17.0614 6796 DPS - ok
21:04:17.0630 6796 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:04:17.0676 6796 drmkaud - ok
21:04:17.0692 6796 dtpd - ok
21:04:17.0723 6796 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:04:17.0801 6796 DXGKrnl - ok
21:04:17.0817 6796 [ 3CE83D7EE95D9C9F03323810A2E747DF ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
21:04:17.0832 6796 DzHDD64 - ok
21:04:17.0864 6796 [ 03F4C5C12FC1C69F838DA723475EF650 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
21:04:17.0910 6796 e1cexpress - ok
21:04:17.0926 6796 [ 24BC0EC911009700CAA38A8867A0F22A ] e36gbus C:\Windows\system32\drivers\e36gbus.sys
21:04:17.0973 6796 e36gbus - ok
21:04:18.0020 6796 [ EB82C999E14C74D07133521CA37AA5C3 ] e36gmgmt C:\Windows\system32\drivers\e36gmgmt.sys
21:04:18.0051 6796 e36gmgmt - ok
21:04:18.0066 6796 [ 7B2260B796D5DE34EDE7AE483005FCBB ] e36wgps C:\Windows\system32\drivers\e36wgps64.sys
21:04:18.0098 6796 e36wgps - ok
21:04:18.0098 6796 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:04:18.0176 6796 EapHost - ok
21:04:18.0269 6796 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:04:18.0472 6796 ebdrv - ok
21:04:18.0488 6796 [ F88F2E5806FC405B0FA94B7947A5875E ] ecnssndis C:\Windows\system32\Drivers\wwuss64.sys
21:04:18.0534 6796 ecnssndis - ok
21:04:18.0534 6796 [ C8CD88218EFC28F7E44A9892B3E97F4D ] ecnssndisfltr C:\Windows\system32\Drivers\wwussf64.sys
21:04:18.0566 6796 ecnssndisfltr - ok
21:04:18.0581 6796 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:04:18.0612 6796 EFS - ok
21:04:18.0675 6796 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:04:18.0737 6796 ehRecvr - ok
21:04:18.0753 6796 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:04:18.0815 6796 ehSched - ok
21:04:18.0862 6796 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:04:18.0924 6796 elxstor - ok
21:04:18.0940 6796 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:04:18.0987 6796 ErrDev - ok
21:04:19.0002 6796 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:04:19.0096 6796 EventSystem - ok
21:04:19.0158 6796 [ 532B8FF8E07F3772B086620377654F95 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:04:19.0283 6796 EvtEng - ok
21:04:19.0283 6796 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:04:19.0377 6796 exfat - ok
21:04:19.0377 6796 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:04:19.0502 6796 fastfat - ok
21:04:19.0548 6796 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:04:19.0626 6796 Fax - ok
21:04:19.0626 6796 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:04:19.0689 6796 fdc - ok
21:04:19.0704 6796 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:04:19.0767 6796 fdPHost - ok
21:04:19.0782 6796 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:04:19.0845 6796 FDResPub - ok
21:04:19.0876 6796 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:04:19.0907 6796 FileInfo - ok
21:04:19.0923 6796 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:04:20.0048 6796 Filetrace - ok
21:04:20.0048 6796 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:04:20.0079 6796 flpydisk - ok
21:04:20.0110 6796 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:04:20.0157 6796 FltMgr - ok
21:04:20.0204 6796 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:04:20.0282 6796 FontCache - ok
21:04:20.0297 6796 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:04:20.0328 6796 FontCache3.0.0.0 - ok
21:04:20.0328 6796 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:04:20.0360 6796 FsDepends - ok
21:04:20.0375 6796 [ C2E475625F2C6F7DCDE4E920523A0573 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
21:04:20.0406 6796 fssfltr - ok
21:04:20.0469 6796 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:04:20.0578 6796 fsssvc - ok
21:04:20.0594 6796 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:04:20.0625 6796 Fs_Rec - ok
21:04:20.0640 6796 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:04:20.0687 6796 fvevol - ok
21:04:20.0687 6796 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:04:20.0718 6796 gagp30kx - ok
21:04:20.0734 6796 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:04:20.0765 6796 GEARAspiWDM - ok
21:04:20.0796 6796 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:04:20.0874 6796 gpsvc - ok
21:04:20.0890 6796 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:04:20.0921 6796 gupdate - ok
21:04:20.0921 6796 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:04:20.0937 6796 gupdatem - ok
21:04:20.0952 6796 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:04:20.0984 6796 gusvc - ok
21:04:20.0999 6796 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:04:21.0046 6796 hcw85cir - ok
21:04:21.0062 6796 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:04:21.0108 6796 HdAudAddService - ok
21:04:21.0124 6796 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:04:21.0171 6796 HDAudBus - ok
21:04:21.0171 6796 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] HECIx64 C:\Windows\system32\drivers\HECIx64.sys
21:04:21.0202 6796 HECIx64 - ok
21:04:21.0202 6796 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:04:21.0249 6796 HidBatt - ok
21:04:21.0249 6796 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:04:21.0296 6796 HidBth - ok
21:04:21.0296 6796 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:04:21.0342 6796 HidIr - ok
21:04:21.0342 6796 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:04:21.0420 6796 hidserv - ok
21:04:21.0436 6796 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:04:21.0467 6796 HidUsb - ok
21:04:21.0483 6796 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:04:21.0545 6796 hkmsvc - ok
21:04:21.0561 6796 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:04:21.0608 6796 HomeGroupListener - ok
21:04:21.0608 6796 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:04:21.0654 6796 HomeGroupProvider - ok
21:04:21.0686 6796 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:04:21.0717 6796 hpqcxs08 - ok
21:04:21.0717 6796 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:04:21.0748 6796 hpqddsvc - ok
21:04:21.0764 6796 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:04:21.0795 6796 HpSAMD - ok
21:04:21.0842 6796 [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:04:21.0920 6796 HPSLPSVC - ok
21:04:21.0951 6796 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:04:22.0044 6796 HTTP - ok
21:04:22.0060 6796 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:04:22.0076 6796 hwpolicy - ok
21:04:22.0091 6796 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:04:22.0122 6796 i8042prt - ok
21:04:22.0154 6796 [ CCFA835960E35F30D28A868E0B3B8722 ] iaStor C:\Windows\system32\drivers\iaStor.sys
21:04:22.0200 6796 iaStor - ok
21:04:22.0216 6796 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:04:22.0263 6796 iaStorV - ok
21:04:22.0278 6796 [ 72B253CDBCAA10E88AAD0BA39CC83BCD ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
21:04:22.0310 6796 IBMPMDRV - ok
21:04:22.0310 6796 [ 4925FFB084C9AD02E8EEF01FB18BF5AC ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
21:04:22.0341 6796 IBMPMSVC - ok
21:04:22.0403 6796 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:04:22.0481 6796 idsvc - ok
21:04:22.0497 6796 [ 57977F8B7146B2330B41AE994BE7A571 ] iGateway C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
21:04:22.0528 6796 iGateway ( UnsignedFile.Multi.Generic ) - warning
21:04:22.0528 6796 iGateway - detected UnsignedFile.Multi.Generic (1)
21:04:22.0824 6796 [ 978D876A581D57E0DE6437674EB0014D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:04:23.0324 6796 igfx - ok
21:04:23.0355 6796 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:04:23.0386 6796 iirsp - ok
21:04:23.0386 6796 iked - ok
21:04:23.0417 6796 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:04:23.0526 6796 IKEEXT - ok
21:04:23.0542 6796 [ 4EC3E415284AB8C6296B6EC33E924F67 ] InoRPC C:\Program Files\CA\eTrustITM\InoRpc.exe
21:04:23.0573 6796 InoRPC ( UnsignedFile.Multi.Generic ) - warning
21:04:23.0573 6796 InoRPC - detected UnsignedFile.Multi.Generic (1)
21:04:23.0573 6796 [ CCF61D52806BF49DC32E56074D526EE5 ] InoRT C:\Program Files\CA\eTrustITM\InoRT.exe
21:04:23.0604 6796 InoRT ( UnsignedFile.Multi.Generic ) - warning
21:04:23.0604 6796 InoRT - detected UnsignedFile.Multi.Generic (1)
21:04:23.0636 6796 [ 8D067EE5CA67EBD8CE996AE0D2F091F6 ] InoTask C:\Program Files\CA\eTrustITM\InoTask.exe
21:04:23.0682 6796 InoTask - ok
21:04:23.0698 6796 [ E0C4D3DD5B33DDCB062672E156199E7A ] INO_FLPY C:\Windows\system32\Drivers\ino_flpy.sys
21:04:23.0714 6796 INO_FLPY - ok
21:04:23.0745 6796 [ DF093998E614EE1DDD2AC7BE2E8F84F1 ] INO_FLTR C:\Windows\system32\Drivers\ino_fltr.sys
21:04:23.0776 6796 INO_FLTR - ok
21:04:23.0807 6796 [ 314285071F7117263BD246E35C17FD82 ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
21:04:23.0823 6796 intaud_WaveExtensible - ok
21:04:23.0854 6796 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:04:23.0885 6796 intelide - ok
21:04:23.0901 6796 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:04:23.0948 6796 intelppm - ok
21:04:23.0979 6796 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:04:24.0088 6796 IPBusEnum - ok
21:04:24.0088 6796 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:04:24.0166 6796 IpFilterDriver - ok
21:04:24.0197 6796 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:04:24.0244 6796 iphlpsvc - ok
21:04:24.0260 6796 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:04:24.0291 6796 IPMIDRV - ok
21:04:24.0306 6796 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:04:24.0384 6796 IPNAT - ok
21:04:24.0431 6796 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:04:24.0494 6796 iPod Service - ok
21:04:24.0509 6796 ipsecd - ok
21:04:24.0509 6796 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:04:24.0572 6796 IRENUM - ok
21:04:24.0603 6796 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:04:24.0634 6796 isapnp - ok
21:04:24.0665 6796 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:04:24.0712 6796 iScsiPrt - ok
21:04:24.0712 6796 [ 4487AD9C070D3973FE28AB4406555FC6 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
21:04:24.0743 6796 iwdbus - ok
21:04:24.0759 6796 [ 6FAF199FDFFDD2376973143C3E012765 ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
21:04:24.0806 6796 jhi_service - ok
21:04:24.0806 6796 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:04:24.0837 6796 kbdclass - ok
21:04:24.0852 6796 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:04:24.0899 6796 kbdhid - ok
21:04:24.0899 6796 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:04:24.0930 6796 KeyIso - ok
21:04:24.0930 6796 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:04:24.0962 6796 KSecDD - ok
21:04:25.0008 6796 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:04:25.0055 6796 KSecPkg - ok
21:04:25.0071 6796 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:04:25.0149 6796 ksthunk - ok
21:04:25.0196 6796 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:04:25.0289 6796 KtmRm - ok
21:04:25.0289 6796 [ F761A831C9DC8D0204B7FB43E3A896B7 ] l36wgps C:\Windows\system32\DRIVERS\l36wgps64.sys
21:04:25.0320 6796 l36wgps - ok
21:04:25.0336 6796 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:04:25.0414 6796 LanmanServer - ok
21:04:25.0430 6796 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:04:25.0508 6796 LanmanWorkstation - ok
21:04:25.0539 6796 [ 1EF45F1BD62B8F4C19458326A3E91930 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
21:04:25.0554 6796 LENOVO.CAMMUTE - ok
21:04:25.0570 6796 [ 128158D8B1DF639BF3E3FDBCBB64CDAC ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
21:04:25.0586 6796 LENOVO.MICMUTE - ok
21:04:25.0601 6796 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
21:04:25.0617 6796 lenovo.smi - ok
21:04:25.0632 6796 [ 448BE3E001004A55E8A959C57E17F6D8 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
21:04:25.0648 6796 LENOVO.TPKNRSVC - ok
21:04:25.0664 6796 [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
21:04:25.0695 6796 Lenovo.VIRTSCRLSVC - ok
21:04:25.0695 6796 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:04:25.0804 6796 lltdio - ok
21:04:25.0820 6796 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:04:25.0913 6796 lltdsvc - ok
21:04:25.0913 6796 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:04:25.0976 6796 lmhosts - ok
21:04:26.0022 6796 [ 97F9EAAC985A663394CD8F54DCD3E73A ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:04:26.0069 6796 LMS - ok
21:04:26.0085 6796 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:04:26.0116 6796 LSI_FC - ok
21:04:26.0132 6796 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:04:26.0178 6796 LSI_SAS - ok
21:04:26.0178 6796 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:04:26.0225 6796 LSI_SAS2 - ok
21:04:26.0241 6796 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:04:26.0272 6796 LSI_SCSI - ok
21:04:26.0288 6796 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:04:26.0412 6796 luafv - ok
21:04:26.0428 6796 [ D8BA1ECBF0B9A4B4E1F3B7EB517D6C20 ] Mbm3CBus C:\Windows\system32\DRIVERS\Mbm3CBus.sys
21:04:26.0459 6796 Mbm3CBus - ok
21:04:26.0506 6796 [ 01E60917101B309E15F30DA26ACF64F6 ] Mbm3DevMt C:\Windows\system32\DRIVERS\Mbm3DevMt.sys
21:04:26.0553 6796 Mbm3DevMt - ok
21:04:26.0553 6796 [ 6350A2CA21FB7B14432EFFDC61863AED ] Mbm3mdfl C:\Windows\system32\DRIVERS\Mbm3mdfl.sys
21:04:26.0584 6796 Mbm3mdfl - ok
21:04:26.0615 6796 [ 9FC3A8713D148E15D0472E1C44DD0FDA ] Mbm3Mdm C:\Windows\system32\DRIVERS\Mbm3Mdm.sys
21:04:26.0646 6796 Mbm3Mdm - ok
21:04:26.0662 6796 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:04:26.0709 6796 Mcx2Svc - ok
21:04:26.0709 6796 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:04:26.0756 6796 mdmxsdk - ok
21:04:26.0756 6796 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:04:26.0787 6796 megasas - ok
21:04:26.0818 6796 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:04:26.0880 6796 MegaSR - ok
21:04:26.0880 6796 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
21:04:26.0896 6796 MEIx64 - ok
21:04:26.0927 6796 Microsoft SharePoint Workspace Audit Service - ok
21:04:26.0943 6796 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:04:27.0021 6796 MMCSS - ok
21:04:27.0021 6796 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:04:27.0099 6796 Modem - ok
21:04:27.0099 6796 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:04:27.0146 6796 monitor - ok
21:04:27.0146 6796 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:04:27.0177 6796 mouclass - ok
21:04:27.0192 6796 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:04:27.0239 6796 mouhid - ok
21:04:27.0255 6796 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:04:27.0286 6796 mountmgr - ok
21:04:27.0302 6796 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:04:27.0333 6796 MozillaMaintenance - ok
21:04:27.0333 6796 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:04:27.0380 6796 mpio - ok
21:04:27.0380 6796 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:04:27.0458 6796 mpsdrv - ok
21:04:27.0504 6796 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:04:27.0582 6796 MpsSvc - ok
21:04:27.0598 6796 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:04:27.0660 6796 MRxDAV - ok
21:04:27.0676 6796 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:04:27.0738 6796 mrxsmb - ok
21:04:27.0754 6796 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:04:27.0832 6796 mrxsmb10 - ok
21:04:27.0848 6796 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:04:27.0894 6796 mrxsmb20 - ok
21:04:27.0910 6796 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:04:27.0941 6796 msahci - ok
21:04:27.0957 6796 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:04:28.0004 6796 msdsm - ok
21:04:28.0019 6796 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:04:28.0066 6796 MSDTC - ok
21:04:28.0066 6796 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:04:28.0144 6796 Msfs - ok
21:04:28.0160 6796 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:04:28.0222 6796 mshidkmdf - ok
21:04:28.0238 6796 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:04:28.0269 6796 msisadrv - ok
21:04:28.0284 6796 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:04:28.0347 6796 MSiSCSI - ok
21:04:28.0362 6796 msiserver - ok
21:04:28.0362 6796 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:04:28.0440 6796 MSKSSRV - ok
21:04:28.0440 6796 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:04:28.0518 6796 MSPCLOCK - ok
21:04:28.0534 6796 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:04:28.0628 6796 MSPQM - ok
21:04:28.0659 6796 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:04:28.0706 6796 MsRPC - ok
21:04:28.0706 6796 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:04:28.0737 6796 mssmbios - ok
21:04:28.0752 6796 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:04:28.0830 6796 MSTEE - ok
21:04:28.0830 6796 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:04:28.0877 6796 MTConfig - ok
21:04:28.0893 6796 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:04:28.0924 6796 Mup - ok
21:04:28.0955 6796 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:04:29.0064 6796 napagent - ok
21:04:29.0096 6796 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:04:29.0174 6796 NativeWifiP - ok
21:04:29.0220 6796 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:04:29.0314 6796 NDIS - ok
21:04:29.0314 6796 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:04:29.0408 6796 NdisCap - ok
21:04:29.0408 6796 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:04:29.0486 6796 NdisTapi - ok
21:04:29.0501 6796 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:04:29.0579 6796 Ndisuio - ok
21:04:29.0595 6796 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:04:29.0673 6796 NdisWan - ok
21:04:29.0688 6796 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:04:29.0766 6796 NDProxy - ok
21:04:29.0766 6796 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:04:29.0782 6796 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:04:29.0782 6796 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:04:29.0798 6796 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:04:29.0876 6796 NetBIOS - ok
21:04:29.0891 6796 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:04:30.0016 6796 NetBT - ok
21:04:30.0047 6796 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:04:30.0063 6796 Netlogon - ok
21:04:30.0094 6796 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:04:30.0172 6796 Netman - ok
21:04:30.0188 6796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:04:30.0219 6796 NetMsmqActivator - ok
21:04:30.0219 6796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:04:30.0250 6796 NetPipeActivator - ok
21:04:30.0266 6796 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:04:30.0390 6796 netprofm - ok
21:04:30.0390 6796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:04:30.0406 6796 NetTcpActivator - ok
21:04:30.0422 6796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:04:30.0437 6796 NetTcpPortSharing - ok
21:04:30.0687 6796 [ 774C9ECCEF83AB8A3D1466F19809C95F ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
21:04:31.0061 6796 NETwNs64 - ok
21:04:31.0077 6796 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:04:31.0108 6796 nfrd960 - ok
21:04:31.0124 6796 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:04:31.0170 6796 NlaSvc - ok
21:04:31.0170 6796 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:04:31.0248 6796 Npfs - ok
21:04:31.0248 6796 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:04:31.0326 6796 nsi - ok
21:04:31.0326 6796 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:04:31.0404 6796 nsiproxy - ok
21:04:31.0467 6796 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:04:31.0592 6796 Ntfs - ok
21:04:31.0607 6796 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:04:31.0670 6796 Null - ok
21:04:31.0685 6796 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
21:04:31.0732 6796 NVHDA - ok
21:04:31.0763 6796 [ C51EF670D03394BEAF0C3F46FD658082 ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys
21:04:31.0810 6796 nvkflt - ok
21:04:32.0184 6796 [ FB48D71925996ACA512F0B63BCEC80B8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:04:32.0824 6796 nvlddmkm - ok
21:04:32.0840 6796 [ CC67D12C1B8127B77AAA846264C80F56 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
21:04:32.0871 6796 nvpciflt - ok
21:04:32.0871 6796 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:04:32.0918 6796 nvraid - ok
21:04:32.0933 6796 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:04:32.0964 6796 nvstor - ok
21:04:33.0011 6796 [ 3EEF9BB446E6FD0B1AAB02329638A540 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:04:33.0074 6796 nvsvc - ok
21:04:33.0167 6796 [ 31D61EC056FAB73A911D9987099575E0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:04:33.0292 6796 nvUpdatusService - ok
21:04:33.0308 6796 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:04:33.0354 6796 nv_agp - ok
21:04:33.0370 6796 [ CE545867270697626998343E32ED8790 ] NWSAPAutoWorkstationUpdateSvc C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe
21:04:33.0401 6796 NWSAPAutoWorkstationUpdateSvc - ok
21:04:33.0401 6796 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:04:33.0448 6796 ohci1394 - ok
21:04:33.0464 6796 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:04:33.0495 6796 ose - ok
21:04:33.0635 6796 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:04:33.0885 6796 osppsvc - ok
21:04:33.0932 6796 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:04:33.0994 6796 p2pimsvc - ok
21:04:34.0025 6796 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:04:34.0072 6796 p2psvc - ok
21:04:34.0088 6796 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:04:34.0119 6796 Parport - ok
21:04:34.0150 6796 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:04:34.0181 6796 partmgr - ok
21:04:34.0259 6796 [ 50AC27F78536BE8F3C70F0B05FDA2B12 ] PC Performer Manager C:\ProgramData\PC Performer Manager\2.2.587.187\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe
21:04:34.0415 6796 PC Performer Manager - ok
21:04:34.0431 6796 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:04:34.0478 6796 PcaSvc - ok
21:04:34.0493 6796 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:04:34.0524 6796 pci - ok
21:04:34.0524 6796 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:04:34.0556 6796 pciide - ok
21:04:34.0571 6796 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:04:34.0618 6796 pcmcia - ok
21:04:34.0618 6796 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:04:34.0649 6796 pcw - ok
21:04:34.0680 6796 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:04:34.0805 6796 PEAUTH - ok
21:04:34.0899 6796 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:04:35.0008 6796 PeerDistSvc - ok
21:04:35.0055 6796 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:04:35.0102 6796 PerfHost - ok
21:04:35.0164 6796 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:04:35.0304 6796 pla - ok
21:04:35.0320 6796 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:04:35.0429 6796 PlugPlay - ok
21:04:35.0445 6796 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:04:35.0507 6796 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:04:35.0507 6796 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:04:35.0507 6796 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:04:35.0538 6796 PNRPAutoReg - ok
21:04:35.0585 6796 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:04:35.0616 6796 PNRPsvc - ok
21:04:35.0648 6796 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:04:35.0741 6796 PolicyAgent - ok
21:04:35.0757 6796 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
21:04:35.0788 6796 Power - ok
21:04:35.0866 6796 [ DEED60F99C5B8E386D507860F600D509 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
21:04:35.0975 6796 Power Manager DBC Service - ok
21:04:35.0991 6796 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:04:36.0069 6796 PptpMiniport - ok
21:04:36.0100 6796 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:04:36.0178 6796 Processor - ok
21:04:36.0225 6796 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:04:36.0272 6796 ProfSvc - ok
21:04:36.0287 6796 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:04:36.0303 6796 ProtectedStorage - ok
21:04:36.0350 6796 [ 05A4779E4994B21473EDBE85AABE8030 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
21:04:36.0396 6796 psadd - ok
21:04:36.0396 6796 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:04:36.0490 6796 Psched - ok
21:04:36.0506 6796 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
21:04:36.0552 6796 PSI_SVC_2 - ok
21:04:36.0599 6796 [ 68DCE950DCD2ABBB82362D383EC5836E ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
21:04:36.0740 6796 PwmEWSvc - ok
21:04:36.0740 6796 [ 052031A92809B438683FDCF5B574234D ] qcfilterlno2k C:\Windows\system32\drivers\qcfilterlno2k.sys
21:04:36.0771 6796 qcfilterlno2k - ok
21:04:36.0786 6796 [ 08BEEDEEE06C19CFF940FEEBB020BAE5 ] qcusbserlno2k C:\Windows\system32\drivers\qcusbserlno2k.sys
21:04:36.0833 6796 qcusbserlno2k - ok
21:04:36.0880 6796 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:04:37.0020 6796 ql2300 - ok
21:04:37.0020 6796 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:04:37.0067 6796 ql40xx - ok
21:04:37.0067 6796 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:04:37.0114 6796 QWAVE - ok
21:04:37.0130 6796 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:04:37.0161 6796 QWAVEdrv - ok
21:04:37.0176 6796 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:04:37.0254 6796 RasAcd - ok
21:04:37.0254 6796 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:04:37.0332 6796 RasAgileVpn - ok
21:04:37.0348 6796 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:04:37.0410 6796 RasAuto - ok
21:04:37.0426 6796 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:04:37.0504 6796 Rasl2tp - ok
21:04:37.0520 6796 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:04:37.0598 6796 RasMan - ok
21:04:37.0613 6796 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:04:37.0691 6796 RasPppoe - ok
21:04:37.0707 6796 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:04:37.0785 6796 RasSstp - ok
21:04:37.0800 6796 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:04:37.0894 6796 rdbss - ok
21:04:37.0910 6796 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:04:37.0941 6796 rdpbus - ok
21:04:37.0956 6796 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:04:38.0034 6796 RDPCDD - ok
21:04:38.0034 6796 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:04:38.0081 6796 RDPDR - ok
21:04:38.0081 6796 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:04:38.0159 6796 RDPENCDD - ok
21:04:38.0206 6796 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:04:38.0300 6796 RDPREFMP - ok
21:04:38.0315 6796 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:04:38.0346 6796 RdpVideoMiniport - ok
21:04:38.0378 6796 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:04:38.0440 6796 RDPWD - ok
21:04:38.0456 6796 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:04:38.0502 6796 rdyboost - ok
21:04:38.0534 6796 [ 7196BE857E29007470FF9B689C7F29A7 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:04:38.0627 6796 RegSrvc - ok
21:04:38.0643 6796 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:04:38.0705 6796 RemoteAccess - ok
21:04:38.0721 6796 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:04:38.0814 6796 RemoteRegistry - ok
21:04:38.0830 6796 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:04:38.0877 6796 RFCOMM - ok
21:04:38.0892 6796 [ F45D6E12EB99A668F52201637C67C8F5 ] rimmptsk C:\Windows\system32\drivers\rimmpx64.sys
21:04:38.0939 6796 rimmptsk - ok
21:04:38.0939 6796 [ 3DCA561AAF776AA2E356FB5B142AA5F8 ] rimspci C:\Windows\system32\drivers\rimspe64.sys
21:04:38.0986 6796 rimspci - ok
21:04:38.0986 6796 [ EAC02ED935A9C1F2DDD8D985C465B854 ] rimsptsk C:\Windows\system32\drivers\rimspx64.sys
21:04:39.0033 6796 rimsptsk - ok
21:04:39.0033 6796 [ 819FE65AE1C0312B535B7AA54D30CFDA ] risdxc C:\Windows\system32\DRIVERS\risdxc64.sys
21:04:39.0080 6796 risdxc - ok
21:04:39.0080 6796 [ 931A8F843B4120DF527C3684DAF77FD9 ] rismxdp C:\Windows\system32\drivers\rixdpx64.sys
21:04:39.0111 6796 rismxdp - ok
21:04:39.0126 6796 [ BE42F817597D3049960A54CE280C2493 ] rixdpcie C:\Windows\system32\drivers\rixdpe64.sys
21:04:39.0189 6796 rixdpcie - ok
21:04:39.0220 6796 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:04:39.0298 6796 RpcEptMapper - ok
21:04:39.0314 6796 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:04:39.0345 6796 RpcLocator - ok
21:04:39.0376 6796 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:04:39.0438 6796 RpcSs - ok
21:04:39.0454 6796 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:04:39.0532 6796 rspndr - ok
21:04:39.0563 6796 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:04:39.0579 6796 s3cap - ok
21:04:39.0594 6796 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:04:39.0610 6796 SamSs - ok
21:04:39.0626 6796 SAService - ok
21:04:39.0641 6796 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:04:39.0688 6796 sbp2port - ok
21:04:39.0688 6796 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:04:39.0766 6796 SCardSvr - ok
21:04:39.0782 6796 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:04:39.0860 6796 scfilter - ok
21:04:39.0906 6796 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:04:40.0031 6796 Schedule - ok
21:04:40.0047 6796 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:04:40.0109 6796 SCPolicySvc - ok
21:04:40.0125 6796 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:04:40.0156 6796 SDRSVC - ok
21:04:40.0172 6796 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:04:40.0250 6796 secdrv - ok
21:04:40.0250 6796 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:04:40.0312 6796 seclogon - ok
21:04:40.0328 6796 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:04:40.0390 6796 SENS - ok
21:04:40.0406 6796 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:04:40.0437 6796 SensrSvc - ok
21:04:40.0437 6796 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:04:40.0484 6796 Serenum - ok
21:04:40.0499 6796 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
21:04:40.0562 6796 Serial - ok
21:04:40.0562 6796 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:04:40.0608 6796 sermouse - ok
21:04:40.0624 6796 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:04:40.0702 6796 SessionEnv - ok
21:04:40.0702 6796 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:04:40.0749 6796 sffdisk - ok
21:04:40.0749 6796 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:04:40.0796 6796 sffp_mmc - ok
21:04:40.0796 6796 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:04:40.0858 6796 sffp_sd - ok
21:04:40.0858 6796 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:04:40.0889 6796 sfloppy - ok
21:04:40.0905 6796 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:04:41.0030 6796 SharedAccess - ok
21:04:41.0045 6796 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:04:41.0123 6796 ShellHWDetection - ok
21:04:41.0154 6796 [ C3F190562FE82EFDA7CCEF305EBAD3E3 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
21:04:41.0201 6796 Shockprf - ok
21:04:41.0201 6796 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:04:41.0248 6796 SiSRaid2 - ok
21:04:41.0248 6796 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:04:41.0295 6796 SiSRaid4 - ok
21:04:41.0310 6796 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:04:41.0404 6796 SkypeUpdate - ok
21:04:41.0404 6796 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:04:41.0482 6796 Smb - ok
21:04:41.0498 6796 [ 3BC2844AF786CA422CC31D505ACFA9F2 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
21:04:41.0529 6796 smihlp - ok
21:04:41.0544 6796 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:04:41.0576 6796 SNMPTRAP - ok
21:04:41.0576 6796 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:04:41.0607 6796 spldr - ok
21:04:41.0638 6796 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:04:41.0716 6796 Spooler - ok
21:04:41.0825 6796 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:04:42.0028 6796 sppsvc - ok
21:04:42.0028 6796 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:04:42.0106 6796 sppuinotify - ok
21:04:42.0137 6796 [ C8832DEA7AF7AD005548F1F5C7C086EB ] SROSVC C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
21:04:42.0184 6796 SROSVC - ok
21:04:42.0215 6796 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:04:42.0278 6796 srv - ok
21:04:42.0309 6796 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:04:42.0371 6796 srv2 - ok
21:04:42.0387 6796 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:04:42.0449 6796 SrvHsfHDA - ok
21:04:42.0496 6796 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:04:42.0636 6796 SrvHsfV92 - ok
21:04:42.0668 6796 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:04:42.0730 6796 SrvHsfWinac - ok
21:04:42.0746 6796 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:04:42.0777 6796 srvnet - ok
21:04:42.0792 6796 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:04:42.0886 6796 SSDPSRV - ok
21:04:42.0902 6796 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:04:42.0980 6796 SstpSvc - ok
21:04:42.0995 6796 [ 031D7EA82EC111F9B15B63F2EF1DEE8D ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:04:43.0042 6796 Stereo Service - ok
21:04:43.0058 6796 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:04:43.0089 6796 stexstor - ok
21:04:43.0089 6796 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
21:04:43.0136 6796 StillCam - ok
21:04:43.0151 6796 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:04:43.0214 6796 stisvc - ok
21:04:43.0214 6796 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:04:43.0245 6796 storflt - ok
21:04:43.0260 6796 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
21:04:43.0307 6796 StorSvc - ok
21:04:43.0307 6796 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:04:43.0338 6796 storvsc - ok
21:04:43.0370 6796 [ 59B5A060A31BD4BAB030C4FCD1048292 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
21:04:43.0385 6796 SUService - ok
21:04:43.0401 6796 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:04:43.0432 6796 swenum - ok
21:04:43.0448 6796 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:04:43.0541 6796 swprv - ok
21:04:43.0541 6796 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\Synth3dVsc.sys
21:04:43.0588 6796 Synth3dVsc - ok
21:04:43.0604 6796 [ 883D2880144FD3ED9F1C04B5B5B9B562 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:04:43.0650 6796 SynTP - ok
21:04:43.0713 6796 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:04:43.0822 6796 SysMain - ok
21:04:43.0853 6796 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:04:43.0884 6796 TabletInputService - ok
21:04:43.0900 6796 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:04:43.0994 6796 TapiSrv - ok
21:04:44.0009 6796 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:04:44.0087 6796 TBS - ok
21:04:44.0150 6796 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:04:44.0290 6796 Tcpip - ok
21:04:44.0337 6796 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:04:44.0415 6796 TCPIP6 - ok
21:04:44.0430 6796 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:04:44.0462 6796 tcpipreg - ok
21:04:44.0477 6796 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:04:44.0540 6796 TDPIPE - ok
21:04:44.0540 6796 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:04:44.0571 6796 TDTCP - ok
21:04:44.0586 6796 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:04:44.0664 6796 tdx - ok
21:04:44.0742 6796 [ C12EDA63B2A681407F599D0D39C0AEBF ] TeamViewer5 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
21:04:44.0867 6796 TeamViewer5 - ok
21:04:44.0883 6796 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:04:44.0914 6796 TermDD - ok
21:04:44.0914 6796 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
21:04:44.0961 6796 terminpt - ok
21:04:45.0008 6796 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:04:45.0101 6796 TermService - ok
21:04:45.0101 6796 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:04:45.0164 6796 Themes - ok
21:04:45.0210 6796 [ D3504242E506AF450C0A30E79363097C ] ThinkVantage Registry Monitor Service C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
21:04:45.0304 6796 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - warning
21:04:45.0304 6796 ThinkVantage Registry Monitor Service - detected UnsignedFile.Multi.Generic (1)
21:04:45.0320 6796 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:04:45.0382 6796 THREADORDER - ok
21:04:45.0382 6796 [ 1BB77ECCBFA3675B1EE8D6D6D37A1E1E ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
21:04:45.0413 6796 TPDIGIMN - ok
21:04:45.0429 6796 [ 88F81D810FF16AC65B02643DAF308D4F ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
21:04:45.0460 6796 TPHDEXLGSVC - ok
21:04:45.0476 6796 [ 2670D23A61CD706004C24A83D4D48294 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
21:04:45.0507 6796 TPHKLOAD - ok
21:04:45.0522 6796 [ CB0625C2F5B7C72C50C5AE34F8E8F7D0 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
21:04:45.0538 6796 TPHKSVC - ok
21:04:45.0554 6796 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
21:04:45.0585 6796 TPM - ok
21:04:45.0600 6796 [ 1DF6E6C026AD1D428687FE3B427A87BC ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
21:04:45.0632 6796 TPPWRIF - ok
21:04:45.0632 6796 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:04:45.0725 6796 TrkWks - ok
21:04:45.0741 6796 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:04:45.0803 6796 TrustedInstaller - ok
21:04:45.0819 6796 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:04:45.0897 6796 tssecsrv - ok
21:04:45.0897 6796 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:04:45.0959 6796 TsUsbFlt - ok
21:04:45.0975 6796 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:04:46.0006 6796 TsUsbGD - ok
21:04:46.0022 6796 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
21:04:46.0053 6796 tsusbhub - ok
21:04:46.0146 6796 [ A10B4A326F1916B8402050F1EB8A508D ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
21:04:46.0287 6796 TuneUp.UtilitiesSvc - ok
21:04:46.0287 6796 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
21:04:46.0318 6796 TuneUpUtilitiesDrv - ok
21:04:46.0349 6796 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:04:46.0427 6796 tunnel - ok
21:04:46.0474 6796 [ C9859779F9C29AADFBF454B7605452E6 ] TVT Backup Service C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
21:04:46.0599 6796 TVT Backup Service - ok
21:04:46.0614 6796 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:04:46.0646 6796 uagp35 - ok
21:04:46.0661 6796 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:04:46.0755 6796 udfs - ok
21:04:46.0770 6796 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:04:46.0786 6796 UI0Detect - ok
21:04:46.0817 6796 [ BE788A747457E6916586C410EC0111E7 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
21:04:46.0833 6796 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
21:04:46.0833 6796 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
21:04:46.0833 6796 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:04:46.0864 6796 uliagpkx - ok
21:04:46.0880 6796 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:04:46.0911 6796 umbus - ok
21:04:46.0911 6796 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:04:46.0958 6796 UmPass - ok
21:04:46.0973 6796 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
21:04:47.0020 6796 UmRdpService - ok
21:04:47.0098 6796 [ A69CD6BDB82872999D2E46F9324ADA83 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:04:47.0238 6796 UNS - ok
21:04:47.0316 6796 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:04:47.0410 6796 upnphost - ok
21:04:47.0426 6796 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:04:47.0457 6796 USBAAPL64 - ok
21:04:47.0472 6796 [ EBF228A52517042DE4F38A40285BC8D9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:04:47.0504 6796 usbccgp - ok
21:04:47.0519 6796 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:04:47.0550 6796 usbcir - ok
21:04:47.0597 6796 [ 6B3D5E6A9DA786EC755B00BC180C700B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:04:47.0644 6796 usbehci - ok
21:04:47.0660 6796 [ 94ABE9DA48E466BBE84C73E0C6652ED1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:04:47.0738 6796 usbhub - ok
21:04:47.0753 6796 [ 660B2C08CE7103E71EAA26F85B0B0A56 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:04:47.0816 6796 usbohci - ok
21:04:47.0831 6796 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:04:47.0894 6796 usbprint - ok
21:04:47.0894 6796 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:04:47.0956 6796 usbscan - ok
21:04:47.0972 6796 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:04:48.0003 6796 USBSTOR - ok
21:04:48.0018 6796 [ 1529632FC96032D337B298F8A285D640 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:04:48.0050 6796 usbuhci - ok
21:04:48.0065 6796 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:04:48.0096 6796 usbvideo - ok
21:04:48.0112 6796 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:04:48.0174 6796 UxSms - ok
21:04:48.0190 6796 [ 1F9AECAA619271C987E7DE7B572CA136 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
21:04:48.0206 6796 UxTuneUp - ok
21:04:48.0221 6796 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:04:48.0237 6796 VaultSvc - ok
21:04:48.0252 6796 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:04:48.0284 6796 vdrvroot - ok
21:04:48.0315 6796 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:04:48.0408 6796 vds - ok
21:04:48.0424 6796 [ 00C7DF4F50962BA218AB60D32869100B ] vflt C:\Windows\system32\DRIVERS\vfilter.sys
21:04:48.0518 6796 vflt - ok
21:04:48.0518 6796 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:04:48.0564 6796 vga - ok
21:04:48.0580 6796 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:04:48.0658 6796 VgaSave - ok
21:04:48.0658 6796 VGPU - ok
21:04:48.0674 6796 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:04:48.0721 6796 vhdmp - ok
21:04:48.0721 6796 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:04:48.0752 6796 viaide - ok
21:04:48.0783 6796 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:04:48.0814 6796 vmbus - ok
21:04:48.0830 6796 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:04:48.0861 6796 VMBusHID - ok
21:04:48.0861 6796 [ A99CA064AD11266FE7067A79BF78BBB5 ] vnet C:\Windows\system32\DRIVERS\virtualnet.sys
21:04:48.0908 6796 vnet - ok
21:04:48.0923 6796 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:04:48.0955 6796 volmgr - ok
21:04:48.0970 6796 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:04:49.0017 6796 volmgrx - ok
21:04:49.0048 6796 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:04:49.0095 6796 volsnap - ok
21:04:49.0126 6796 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:04:49.0157 6796 vsmraid - ok
21:04:49.0204 6796 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:04:49.0345 6796 VSS - ok
21:04:49.0360 6796 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:04:49.0407 6796 vwifibus - ok
21:04:49.0423 6796 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:04:49.0469 6796 vwififlt - ok
21:04:49.0485 6796 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:04:49.0563 6796 W32Time - ok
21:04:49.0579 6796 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:04:49.0610 6796 WacomPen - ok
21:04:49.0610 6796 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:04:49.0703 6796 WANARP - ok
21:04:49.0719 6796 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:04:49.0781 6796 Wanarpv6 - ok
21:04:49.0828 6796 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:04:49.0906 6796 wbengine - ok
21:04:49.0937 6796 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:04:49.0969 6796 WbioSrvc - ok
21:04:50.0000 6796 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:04:50.0047 6796 wcncsvc - ok
21:04:50.0062 6796 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:04:50.0093 6796 WcsPlugInService - ok
21:04:50.0093 6796 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:04:50.0125 6796 Wd - ok
21:04:50.0156 6796 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:04:50.0234 6796 Wdf01000 - ok
21:04:50.0249 6796 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:04:50.0343 6796 WdiServiceHost - ok
21:04:50.0343 6796 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:04:50.0390 6796 WdiSystemHost - ok
21:04:50.0405 6796 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:04:50.0452 6796 WebClient - ok
21:04:50.0468 6796 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:04:50.0546 6796 Wecsvc - ok
21:04:50.0577 6796 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:04:50.0639 6796 wercplsupport - ok
21:04:50.0655 6796 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:04:50.0733 6796 WerSvc - ok
21:04:50.0733 6796 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:04:50.0811 6796 WfpLwf - ok
21:04:50.0827 6796 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:04:50.0858 6796 WIMMount - ok
21:04:50.0858 6796 WinDefend - ok
21:04:50.0873 6796 WinHttpAutoProxySvc - ok
21:04:50.0905 6796 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:04:50.0998 6796 Winmgmt - ok
21:04:51.0061 6796 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:04:51.0232 6796 WinRM - ok
21:04:51.0248 6796 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
21:04:51.0279 6796 WinUsb - ok
21:04:51.0326 6796 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:04:51.0388 6796 Wlansvc - ok
21:04:51.0482 6796 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:04:51.0622 6796 wlidsvc - ok
21:04:51.0638 6796 WMCoreService - ok
21:04:51.0638 6796 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:04:51.0669 6796 WmiAcpi - ok
21:04:51.0685 6796 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:04:51.0731 6796 wmiApSrv - ok
21:04:51.0747 6796 WMPNetworkSvc - ok
21:04:51.0747 6796 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:04:51.0778 6796 WPCSvc - ok
21:04:51.0794 6796 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:04:51.0841 6796 WPDBusEnum - ok
21:04:51.0856 6796 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:04:51.0934 6796 ws2ifsl - ok
21:04:51.0934 6796 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:04:51.0997 6796 wscsvc - ok
21:04:51.0997 6796 WSearch - ok
21:04:52.0090 6796 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:04:52.0231 6796 wuauserv - ok
21:04:52.0246 6796 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:04:52.0277 6796 WudfPf - ok
21:04:52.0293 6796 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:04:52.0340 6796 WUDFRd - ok
21:04:52.0340 6796 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:04:52.0371 6796 wudfsvc - ok
21:04:52.0387 6796 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:04:52.0418 6796 WwanSvc - ok
21:04:52.0449 6796 [ 63DD9FFD416D66959C9DA57D8B001531 ] WwanUsbServ C:\Windows\system32\DRIVERS\WwanUsbMp64.sys
21:04:52.0480 6796 WwanUsbServ - ok
21:04:52.0496 6796 ================ Scan global ===============================
21:04:52.0496 6796 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:04:52.0527 6796 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
21:04:52.0543 6796 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
21:04:52.0543 6796 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:04:52.0558 6796 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:04:52.0574 6796 [Global] - ok
21:04:52.0574 6796 ================ Scan MBR ==================================
21:04:52.0574 6796 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:04:52.0901 6796 \Device\Harddisk0\DR0 - ok
21:04:52.0901 6796 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
21:04:53.0057 6796 \Device\Harddisk1\DR1 - ok
21:04:53.0057 6796 ================ Scan VBR ==================================
21:04:53.0073 6796 [ 997141A200AC0C7EEF3A1567D13B6B17 ] \Device\Harddisk0\DR0\Partition1
21:04:53.0073 6796 \Device\Harddisk0\DR0\Partition1 - ok
21:04:53.0073 6796 [ 4EE9CE445EA4B61FCF65DBA2A820877E ] \Device\Harddisk0\DR0\Partition2
21:04:53.0089 6796 \Device\Harddisk0\DR0\Partition2 - ok
21:04:53.0089 6796 [ 3DD903CA6A5FD87DC6DDA9B380E4E450 ] \Device\Harddisk1\DR1\Partition1
21:04:53.0089 6796 \Device\Harddisk1\DR1\Partition1 - ok
21:04:53.0089 6796 ============================================================
21:04:53.0089 6796 Scan finished
21:04:53.0089 6796 ============================================================
21:04:53.0104 7640 Detected object count: 7
21:04:53.0104 7640 Actual detected object count: 7
21:04:58.0580 7640 iGateway ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:58.0580 7640 iGateway ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:58.0580 7640 InoRPC ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:58.0580 7640 InoRPC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:58.0580 7640 InoRT ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:58.0580 7640 InoRT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:58.0580 7640 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:58.0580 7640 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:58.0580 7640 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:58.0580 7640 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:58.0580 7640 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:58.0580 7640 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:58.0580 7640 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:58.0580 7640 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip

Zitat:
Zitat von markusg Beitrag anzeigen
Hi
logs hier im forum posten.
führe den TDSS killer wie beschrieben aus, hänge das log an, bzw kopiere es rein.

Ich habe es gemacht und oben kopiert.

Alt 28.12.2012, 15:32   #14
markusg
/// Malware-holic
 
ihavenet / Umleitung falsche Internetseiten - Standard

ihavenet / Umleitung falsche Internetseiten



Hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.12.2012, 19:46   #15
hope41
 
ihavenet / Umleitung falsche Internetseiten - Standard

ihavenet / Umleitung falsche Internetseiten



Ich habe eine Frage, bevor ich nächsten Schritte durchführe.

Ich hatte dieses Problem weder bei IE noch beim Firefox. Nachdem ich ersten Schritt durchgeführt habe, kann ich mit Firefox wie normal im Interner surfen... einziges Problem ist nur der Startseite vom claro-search.com kann ich nicht ändern/ entfernen. Internet Explorer funktioniert jetzt fast gar nicht. Ich kann eine Seite öffnen (egal welche Seite)... dann aber kann man nicht mehr machen. In der geöffnete Seite klicke ich irgendwo aber passiert nichts oder lädt sehr sehr langsam...

Ich habe mir nicht gedacht dass es so kopmlex sein könnte... Ihr habt viel Mühe gegeben, dafür bin ich echt dankbar aber ich würde lieber den Notebook formatieren lassen, weil es Firmennotebook ist... Da ich keine Gelegenheit habe zu unserem Büro vorbei zu fahren, habe ich mir gedacht dass ich die Lösung allein schaffen kann aber nach Ihrer letzte Antwort, soll ich ehrlich sagen, dass ich keine Risiko gehen würde.

wie gesagt vielen vielen Dank für Eure Hilfe.

Antwort

Themen zu ihavenet / Umleitung falsche Internetseiten
avg, avg secure search, bho, bonjour, c:\windows\system32\cmd.exe, error, excel, fehler, festplatte, firefox, flash player, format, google, gruppe, iexplore.exe, index, install.exe, internet, internet explorer, intranet, lenovo, logfile, monitor, mozilla, msvcrt, nvidia update, nvpciflt.sys, pc performer, performer, plug-in, pwmtr64v.dll, registry, richtlinie, rundll, scan, secure search, software, udp, vcredist, virus, windows



Ähnliche Themen: ihavenet / Umleitung falsche Internetseiten


  1. Win 7: Selbständige Internetseiten und Umleitung auf Werbung
    Log-Analyse und Auswertung - 05.06.2014 (12)
  2. Trojaner - Umleitung bei Google-Suche (ihavenet)
    Log-Analyse und Auswertung - 30.09.2013 (30)
  3. Firefox Google Newsbuster/Ihavenet Umleitung
    Log-Analyse und Auswertung - 29.07.2013 (13)
  4. Newsbuster- ihavenet-Umleitung
    Log-Analyse und Auswertung - 25.07.2013 (15)
  5. Umleitung auf ihavenet & newsbusters und andere Seiten
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (9)
  6. Google! Falsche Weiterleitung http://www.ihavenet.com
    Log-Analyse und Auswertung - 02.06.2013 (16)
  7. ihavenet.com google Umleitung
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (14)
  8. Ihavenet.com Trojaner/Virus mit Umleitung von google-Suchanfragen - Verzweiflung
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (15)
  9. Google Umleitung ihavenet sporadisch
    Log-Analyse und Auswertung - 11.03.2013 (1)
  10. Problem mit ihavenet google-Umleitung im Firefox
    Log-Analyse und Auswertung - 24.12.2012 (12)
  11. Ihavenet Virus - Umleitung bei Googlesuchanfragen
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (16)
  12. Umleitung auf ihavenet.com
    Log-Analyse und Auswertung - 20.11.2012 (3)
  13. Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig
    Log-Analyse und Auswertung - 02.07.2012 (10)
  14. Ungewollte Umleitung auf seltsame Internetseiten bei Google Suchtreffern
    Plagegeister aller Art und deren Bekämpfung - 02.10.2010 (25)
  15. Umleitung auf falsche Internetseiten
    Log-Analyse und Auswertung - 14.02.2009 (28)
  16. Umleitung auf andere Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 09.08.2008 (9)
  17. Umleitung auf andere Internetseiten
    Log-Analyse und Auswertung - 10.10.2006 (3)

Zum Thema ihavenet / Umleitung falsche Internetseiten - Hallo Liber Freunde, Ich bin ganz neu hier und beim Suchen unter google bin ich Eure schöne Forum gelandet, da ich seit paar Tagen ärgerliche Probleme wegen einem Trojan/ Virus - ihavenet / Umleitung falsche Internetseiten...
Archiv
Du betrachtest: ihavenet / Umleitung falsche Internetseiten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.