Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Schädling/Datei hat sich ungebeten installiert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.10.2014, 12:32   #1
rvh
 
Schädling/Datei hat sich ungebeten installiert - Standard

Schädling/Datei hat sich ungebeten installiert



Hallo,
heute habe ich im Internet gesurft, als mir für einige Sekunden ein kleines Fenster im Browser aufgefallen ist. Es zeigte zwei Ordner, zwischen denen eine Animation lief - das gleiche Bild, das auch immer kommt, wenn man bspw. im Windows Explorer Dateien kopiert und einfügt.
Wenig später kam dann die Warnung, dass mein Virenschutz deaktivert wäre. Ich habe den Browser beendet und wollte Avira wieder aktivieren, das war aber schon wieder automatisch geschehen.
Ich vermute nun, dass sich ein Schädling eingenistet hat.

Meine Schritte:
- Scan der lokalen Festplatten (mit AVIRA), kein Befund
- Scan mit den Programmen, die hier im Forum in den Anleitungen zu finden sind.


frst.txt

Code:
ATTFilter
 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Tim (administrator) on TIMSPC on 07-10-2014 12:54:57
Running from C:\Users\Tim\Downloads
Loaded Profile: Tim (Available profiles: Tim)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Pokki) C:\Users\Tim\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Spotify Ltd) C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Pokki) C:\Users\Tim\AppData\Local\Pokki\Engine\HostAppService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Pokki) C:\Users\Tim\AppData\Local\Pokki\Engine\HostAppService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-08-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2013-12-19] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-12-19] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-19] (Intel Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-07-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-564833548-2393907387-3086590010-1001\...\Run: [Pokki] => C:\WINDOWS\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\S-1-5-21-564833548-2393907387-3086590010-1001\...\Run: [icq] => C:\Users\Tim\AppData\Roaming\ICQM\icq.exe [33664344 2014-02-10] (ICQ)
HKU\S-1-5-21-564833548-2393907387-3086590010-1001\...\Run: [Spotify Web Helper] => C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-07] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 217.12.201.22:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {3574BF3E-9093-4CED-9435-ADF5DD27F1CA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {3574BF3E-9093-4CED-9435-ADF5DD27F1CA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 - DefaultScope {3574BF3E-9093-4CED-9435-ADF5DD27F1CA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {3574BF3E-9093-4CED-9435-ADF5DD27F1CA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKCU - DefaultScope {3574BF3E-9093-4CED-9435-ADF5DD27F1CA} URL = 
SearchScopes: HKCU - {3574BF3E-9093-4CED-9435-ADF5DD27F1CA} URL = 
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)

Chrome: 
=======
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-10]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-10]
CHR Extension: (Google-Suche) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-10]
CHR Extension: (Avira SafeSearch) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-08-05]
CHR Extension: (Avira Browser Safety) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-05]
CHR Extension: (AdBlock) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-11]
CHR Extension: (Webseite Blocher (Beta)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2014-02-14]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-10]
CHR Extension: (Google Mail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-29] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-02] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-12-19] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-04-29] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-24] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385784 2013-06-27] (Motorola Solutions, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-07-19] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-07 12:54 - 2014-10-07 12:55 - 00018549 _____ () C:\Users\Tim\Downloads\FRST.txt
2014-10-07 12:54 - 2014-10-07 12:55 - 00000000 ____D () C:\FRST
2014-10-07 12:53 - 2014-10-07 12:54 - 02109952 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe
2014-10-07 12:53 - 2014-10-07 12:53 - 00000468 _____ () C:\Users\Tim\Downloads\defogger_disable.log
2014-10-07 12:53 - 2014-10-07 12:53 - 00000000 _____ () C:\Users\Tim\defogger_reenable
2014-10-07 12:52 - 2014-10-07 12:52 - 00050477 _____ () C:\Users\Tim\Downloads\Defogger.exe
2014-10-06 16:47 - 2014-10-06 16:47 - 00085914 _____ () C:\Users\Tim\AppData\Local\recently-used.xbel
2014-10-02 20:11 - 2014-10-02 20:12 - 00000000 ____D () C:\Users\Tim\Desktop\tiere
2014-09-24 19:32 - 2014-09-24 19:32 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\RenPy
2014-09-24 19:31 - 2014-09-24 19:31 - 00000000 ____D () C:\Users\Tim\Downloads\COOT Demo 2014-all
2014-09-24 19:14 - 2014-09-24 19:25 - 200253499 _____ () C:\Users\Tim\Downloads\COOT Demo 2014-all.zip
2014-09-14 15:16 - 2014-07-24 17:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-09-14 15:16 - 2014-07-24 17:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-09-14 15:16 - 2014-07-24 17:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-09-14 15:16 - 2014-07-24 16:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-09-14 15:16 - 2014-07-24 15:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-09-14 15:16 - 2014-07-24 11:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-09-14 15:16 - 2014-07-24 11:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-09-14 15:16 - 2014-07-24 09:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-09-14 15:16 - 2014-07-24 09:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-09-14 15:16 - 2014-07-24 09:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-09-14 15:16 - 2014-07-24 09:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-09-14 15:16 - 2014-07-24 09:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-09-14 15:16 - 2014-07-24 09:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-09-14 15:16 - 2014-06-14 08:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-09-14 15:15 - 2014-07-24 17:28 - 00468288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-09-14 15:15 - 2014-07-24 17:28 - 00419648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-09-14 15:15 - 2014-07-24 17:28 - 00412992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-09-14 15:15 - 2014-07-24 17:28 - 00280384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2014-09-14 15:15 - 2014-07-24 17:28 - 00143680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2014-09-14 15:15 - 2014-07-24 17:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-14 15:15 - 2014-07-24 17:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-09-14 15:15 - 2014-07-24 17:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-09-14 15:15 - 2014-07-24 17:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-09-14 15:15 - 2014-07-24 17:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-09-14 15:15 - 2014-07-24 17:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-09-14 15:15 - 2014-07-24 17:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2014-09-14 15:15 - 2014-07-24 17:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-09-14 15:15 - 2014-07-24 17:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-09-14 15:15 - 2014-07-24 17:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-09-14 15:15 - 2014-07-24 17:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-09-14 15:15 - 2014-07-24 17:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-09-14 15:15 - 2014-07-24 17:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-09-14 15:15 - 2014-07-24 17:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-09-14 15:15 - 2014-07-24 17:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-09-14 15:15 - 2014-07-24 17:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-09-14 15:15 - 2014-07-24 17:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2014-09-14 15:15 - 2014-07-24 16:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-09-14 15:15 - 2014-07-24 15:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-09-14 15:15 - 2014-07-24 15:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-09-14 15:15 - 2014-07-24 15:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
2014-09-14 15:15 - 2014-07-24 15:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-09-14 15:15 - 2014-07-24 15:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-09-14 15:15 - 2014-07-24 15:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-09-14 15:15 - 2014-07-24 15:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-09-14 15:15 - 2014-07-24 15:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-09-14 15:15 - 2014-07-24 15:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2014-09-14 15:15 - 2014-07-24 13:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2014-09-14 15:15 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2014-09-14 15:15 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2014-09-14 15:15 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2014-09-14 15:15 - 2014-07-24 13:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2014-09-14 15:15 - 2014-07-24 13:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-09-14 15:15 - 2014-07-24 13:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-09-14 15:15 - 2014-07-24 13:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-09-14 15:15 - 2014-07-24 13:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2014-09-14 15:15 - 2014-07-24 13:42 - 01200640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-09-14 15:15 - 2014-07-24 13:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-09-14 15:15 - 2014-07-24 13:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2014-09-14 15:15 - 2014-07-24 13:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2014-09-14 15:15 - 2014-07-24 13:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-09-14 15:15 - 2014-07-24 13:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-09-14 15:15 - 2014-07-24 13:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2014-09-14 15:15 - 2014-07-24 13:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2014-09-14 15:15 - 2014-07-24 13:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-09-14 15:15 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2014-09-14 15:15 - 2014-07-24 12:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2014-09-14 15:15 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2014-09-14 15:15 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2014-09-14 15:15 - 2014-07-24 12:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2014-09-14 15:15 - 2014-07-24 12:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2014-09-14 15:15 - 2014-07-24 12:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-09-14 15:15 - 2014-07-24 12:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2014-09-14 15:15 - 2014-07-24 12:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2014-09-14 15:15 - 2014-07-24 12:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2014-09-14 15:15 - 2014-07-24 12:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2014-09-14 15:15 - 2014-07-24 12:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-09-14 15:15 - 2014-07-24 12:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-09-14 15:15 - 2014-07-24 12:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-09-14 15:15 - 2014-07-24 12:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2014-09-14 15:15 - 2014-07-24 12:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-09-14 15:15 - 2014-07-24 12:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-09-14 15:15 - 2014-07-24 12:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-09-14 15:15 - 2014-07-24 11:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2014-09-14 15:15 - 2014-07-24 11:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2014-09-14 15:15 - 2014-07-24 11:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2014-09-14 15:15 - 2014-07-24 11:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2014-09-14 15:15 - 2014-07-24 11:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-09-14 15:15 - 2014-07-24 11:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2014-09-14 15:15 - 2014-07-24 11:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2014-09-14 15:15 - 2014-07-24 11:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-09-14 15:15 - 2014-07-24 11:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-09-14 15:15 - 2014-07-24 11:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2014-09-14 15:15 - 2014-07-24 11:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-09-14 15:15 - 2014-07-24 11:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-09-14 15:15 - 2014-07-24 11:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2014-09-14 15:15 - 2014-07-24 11:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2014-09-14 15:15 - 2014-07-24 11:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2014-09-14 15:15 - 2014-07-24 11:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2014-09-14 15:15 - 2014-07-24 11:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2014-09-14 15:15 - 2014-07-24 11:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2014-09-14 15:15 - 2014-07-24 11:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2014-09-14 15:15 - 2014-07-24 11:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-09-14 15:15 - 2014-07-24 11:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-09-14 15:15 - 2014-07-24 11:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-09-14 15:15 - 2014-07-24 11:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-09-14 15:15 - 2014-07-24 10:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2014-09-14 15:15 - 2014-07-24 10:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-09-14 15:15 - 2014-07-24 10:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-09-14 15:15 - 2014-07-24 10:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-09-14 15:15 - 2014-07-24 10:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-09-14 15:15 - 2014-07-24 10:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-09-14 15:15 - 2014-07-24 10:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-09-14 15:15 - 2014-07-24 10:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2014-09-14 15:15 - 2014-07-24 10:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-09-14 15:15 - 2014-07-24 10:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2014-09-14 15:15 - 2014-07-24 10:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-09-14 15:15 - 2014-07-24 10:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-09-14 15:15 - 2014-07-24 10:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-09-14 15:15 - 2014-07-24 10:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-09-14 15:15 - 2014-07-24 10:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-14 15:15 - 2014-07-24 10:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2014-09-14 15:15 - 2014-07-24 10:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-09-14 15:15 - 2014-07-24 10:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-09-14 15:15 - 2014-07-24 10:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-09-14 15:15 - 2014-07-24 10:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-09-14 15:15 - 2014-07-24 10:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-09-14 15:15 - 2014-07-24 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2014-09-14 15:15 - 2014-07-24 10:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-14 15:15 - 2014-07-24 10:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2014-09-14 15:15 - 2014-07-24 10:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2014-09-14 15:15 - 2014-07-24 10:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2014-09-14 15:15 - 2014-07-24 10:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-14 15:15 - 2014-07-24 10:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2014-09-14 15:15 - 2014-07-24 10:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2014-09-14 15:15 - 2014-07-24 10:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-09-14 15:15 - 2014-07-24 10:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-09-14 15:15 - 2014-07-24 10:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-09-14 15:15 - 2014-07-24 10:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-09-14 15:15 - 2014-07-24 10:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2014-09-14 15:15 - 2014-07-24 10:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2014-09-14 15:15 - 2014-07-24 10:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-14 15:15 - 2014-07-24 10:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2014-09-14 15:15 - 2014-07-24 10:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-14 15:15 - 2014-07-24 10:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-14 15:15 - 2014-07-24 10:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-09-14 15:15 - 2014-07-24 10:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2014-09-14 15:15 - 2014-07-24 10:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-09-14 15:15 - 2014-07-24 09:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2014-09-14 15:15 - 2014-07-24 09:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2014-09-14 15:15 - 2014-07-24 09:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2014-09-14 15:15 - 2014-07-24 09:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2014-09-14 15:15 - 2014-07-24 09:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-09-14 15:15 - 2014-07-24 09:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2014-09-14 15:15 - 2014-07-24 09:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2014-09-14 15:15 - 2014-07-24 09:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
2014-09-14 15:15 - 2014-07-24 09:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-09-14 15:15 - 2014-07-24 09:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2014-09-14 15:15 - 2014-07-24 09:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2014-09-14 15:15 - 2014-07-24 09:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-09-14 15:15 - 2014-07-24 09:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-09-14 15:15 - 2014-07-24 06:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-09-14 15:15 - 2014-07-24 06:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
2014-09-14 15:15 - 2014-07-12 07:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2014-09-14 15:15 - 2014-07-12 06:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2014-09-14 15:15 - 2014-07-12 06:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-09-14 15:15 - 2014-07-04 14:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-09-14 15:15 - 2014-07-04 12:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2014-09-14 15:15 - 2014-07-04 12:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-09-14 15:15 - 2014-07-04 12:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2014-09-14 15:15 - 2014-07-04 12:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-09-14 15:15 - 2014-07-04 11:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2014-09-14 15:15 - 2014-07-04 11:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2014-09-14 15:15 - 2014-06-27 08:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-09-14 15:15 - 2014-06-26 02:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-09-14 15:15 - 2014-06-26 02:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2014-09-14 15:15 - 2014-06-20 01:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-09-14 15:15 - 2014-06-19 04:13 - 00310080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-09-14 15:15 - 2014-06-14 07:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-09-14 15:15 - 2014-06-07 14:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-09-14 15:15 - 2014-06-07 12:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-09-14 15:15 - 2014-06-05 16:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-09-14 15:15 - 2014-06-05 12:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-09-14 15:15 - 2014-06-05 11:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-09-14 15:15 - 2014-05-31 07:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2014-09-14 15:15 - 2014-05-31 06:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2014-09-14 15:15 - 2014-05-29 08:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-09-14 15:15 - 2014-05-29 07:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-09-14 15:15 - 2014-05-29 07:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-09-14 15:15 - 2014-05-29 06:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-09-14 15:15 - 2014-05-26 09:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2014-09-14 15:15 - 2014-05-10 12:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2014-09-14 15:15 - 2014-05-10 10:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2014-09-14 15:15 - 2014-05-06 06:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-09-14 15:15 - 2014-05-06 02:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-09-14 15:15 - 2014-03-25 04:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2014-09-14 15:15 - 2014-03-25 04:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2014-09-14 15:15 - 2014-03-25 03:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2014-09-14 15:15 - 2014-03-25 03:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2014-09-14 15:14 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2014-09-14 15:14 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2014-09-14 15:14 - 2014-07-24 13:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-09-14 15:14 - 2014-07-24 13:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2014-09-14 15:14 - 2014-07-24 13:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2014-09-14 15:14 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL
2014-09-14 15:14 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2014-09-14 15:14 - 2014-07-24 11:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-09-14 15:14 - 2014-07-24 11:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2014-09-14 15:14 - 2014-07-24 10:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2014-09-14 15:14 - 2014-07-24 10:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 15:14 - 2014-07-24 10:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2014-09-14 15:14 - 2014-07-24 10:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-14 15:14 - 2014-07-24 10:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2014-09-14 15:14 - 2014-07-24 10:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 15:14 - 2014-07-24 10:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-14 15:14 - 2014-07-24 10:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-09-14 15:14 - 2014-07-12 07:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-09-14 15:14 - 2014-07-12 06:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-09-14 15:14 - 2014-07-10 01:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-09-14 15:05 - 2014-08-23 09:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-14 15:05 - 2014-08-23 09:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-14 15:05 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-14 15:05 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-14 15:05 - 2014-08-23 06:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-14 15:05 - 2014-08-23 06:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-14 15:05 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-14 15:05 - 2014-08-23 06:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-14 15:05 - 2014-08-23 06:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-14 15:05 - 2014-07-30 03:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-14 15:05 - 2014-07-29 07:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-14 15:00 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-11 18:55 - 2014-09-11 18:55 - 00023294 _____ () C:\Users\Tim\Downloads\Private-Nachrichten-RvH-11.09.2014.txt
2014-09-11 18:42 - 2014-09-14 23:33 - 00000000 ____D () C:\Users\Tim\AppData\Local\Adobe
2014-09-11 14:16 - 2014-09-11 14:16 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-11 08:43 - 2014-09-05 04:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-11 08:43 - 2014-09-05 04:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-11 08:43 - 2014-09-05 02:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-11 07:50 - 2014-08-16 04:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-11 07:50 - 2014-08-16 04:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-11 07:50 - 2014-08-16 04:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-11 07:50 - 2014-08-16 04:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-11 07:50 - 2014-08-16 03:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-11 07:50 - 2014-08-16 03:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-11 07:50 - 2014-08-16 03:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-11 07:50 - 2014-08-16 03:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-11 07:50 - 2014-08-16 03:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-11 07:50 - 2014-08-16 03:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-11 07:50 - 2014-08-16 03:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-11 07:50 - 2014-08-16 03:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-11 07:50 - 2014-08-16 03:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-11 07:50 - 2014-08-16 03:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-11 07:50 - 2014-08-16 03:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-11 07:50 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-11 07:50 - 2014-08-16 03:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-11 07:50 - 2014-08-16 03:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-11 07:50 - 2014-08-16 03:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-11 07:50 - 2014-08-16 03:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-11 07:50 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-11 07:50 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 07:50 - 2014-08-16 02:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-11 07:50 - 2014-08-16 02:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-11 07:50 - 2014-08-16 02:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-11 07:50 - 2014-08-16 02:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-11 07:50 - 2014-08-16 02:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-11 07:50 - 2014-08-16 02:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-11 07:50 - 2014-08-16 02:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-11 07:50 - 2014-08-16 02:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-11 07:50 - 2014-08-16 02:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-11 07:50 - 2014-08-16 02:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-11 07:50 - 2014-08-16 02:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-11 07:50 - 2014-08-16 02:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-11 07:50 - 2014-08-16 02:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-11 06:16 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-11 06:14 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-11 06:14 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-07 12:55 - 2014-02-10 19:17 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-564833548-2393907387-3086590010-1001
2014-10-07 12:53 - 2014-02-10 19:08 - 00000000 ____D () C:\Users\Tim
2014-10-07 12:50 - 2014-02-10 20:41 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-07 12:50 - 2014-02-10 19:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-07 12:36 - 2013-12-19 04:15 - 01938752 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-07 12:22 - 2014-06-07 20:13 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-07 12:20 - 2014-02-10 19:45 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-07 12:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-07 11:13 - 2014-02-10 19:17 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DF7CA1D1-2044-4C69-A18C-440D153AF9DE}
2014-10-07 11:12 - 2014-03-04 10:50 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-10-07 11:12 - 2014-03-03 17:03 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-10-07 11:12 - 2014-03-03 17:03 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-10-07 11:12 - 2013-12-19 04:22 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-10-07 11:12 - 2013-12-19 04:22 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-10-07 11:12 - 2013-08-28 10:36 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-07 11:11 - 2014-02-10 19:08 - 00000000 ____D () C:\Users\Tim\AppData\Local\Pokki
2014-10-07 11:10 - 2014-03-15 14:44 - 00002165 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startmenü.lnk
2014-10-07 11:10 - 2014-02-10 19:45 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-07 11:10 - 2014-02-10 19:15 - 00000000 __RDO () C:\Users\Tim\SkyDrive
2014-10-07 02:29 - 2014-02-11 11:14 - 08028628 _____ () C:\Users\Public\CAFADEBUG.log
2014-10-07 00:09 - 2014-02-23 22:06 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Spotify
2014-10-06 16:47 - 2014-04-11 15:43 - 00000000 ____D () C:\Users\Tim\AppData\Local\gtk-2.0
2014-10-06 16:47 - 2014-04-11 15:06 - 00000000 ____D () C:\Users\Tim\.gimp-2.8
2014-10-06 12:51 - 2013-12-19 04:14 - 00025088 _____ () C:\WINDOWS\system32\VfService.trf
2014-10-06 09:08 - 2014-02-18 19:36 - 08924672 ___SH () C:\Users\Tim\Desktop\Thumbs.db
2014-10-05 14:49 - 2014-05-22 16:57 - 00337920 ___SH () C:\Users\Tim\Documents\Thumbs.db
2014-10-04 20:50 - 2014-02-23 22:07 - 00000000 ____D () C:\Users\Tim\AppData\Local\Spotify
2014-10-04 20:07 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-04 20:02 - 2014-02-10 19:22 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Nitro PDF
2014-10-02 20:08 - 2013-12-19 03:28 - 00013690 _____ () C:\WINDOWS\setupact.log
2014-09-29 17:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-28 15:05 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-28 15:03 - 2013-08-28 10:34 - 00113212 _____ () C:\WINDOWS\PFRO.log
2014-09-28 15:03 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-28 15:00 - 2013-08-22 21:12 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-09-28 15:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-09-26 15:15 - 2014-02-10 19:45 - 00004104 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-26 15:15 - 2014-02-10 19:45 - 00003868 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-26 14:37 - 2014-02-10 19:45 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 17:56 - 2013-08-22 17:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-11 18:48 - 2014-02-11 18:40 - 00000000 ____D () C:\ldiag
2014-09-11 14:16 - 2014-08-05 11:28 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-11 14:16 - 2014-03-03 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-11 14:16 - 2014-03-03 17:03 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-11 11:33 - 2014-07-09 16:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-09-11 11:33 - 2014-02-17 13:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-11 11:27 - 2014-02-17 13:41 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-11 07:51 - 2014-06-12 12:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-11 07:51 - 2014-06-12 12:51 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-11 07:51 - 2014-06-12 12:51 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-11 07:51 - 2014-06-12 12:51 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-11 07:51 - 2014-06-12 12:51 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-11 07:51 - 2014-06-12 12:51 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-11 07:51 - 2014-06-12 12:51 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-11 07:51 - 2014-06-12 12:51 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-11 07:51 - 2014-06-12 12:51 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-11 07:51 - 2014-06-12 12:51 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-11 07:51 - 2014-05-03 10:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-11 07:51 - 2014-02-12 16:49 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-11 07:50 - 2014-06-12 12:58 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-11 07:50 - 2014-06-12 12:51 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-11 07:50 - 2014-06-12 12:51 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-11 07:50 - 2014-06-12 12:51 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-09 19:22 - 2014-06-07 20:13 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\avgnt.exe
C:\Users\Tim\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Tim\AppData\Local\Temp\oct1E4F.tmp.exe
C:\Users\Tim\AppData\Local\Temp\oct562.tmp.exe
C:\Users\Tim\AppData\Local\Temp\octB6D2.tmp.exe
C:\Users\Tim\AppData\Local\Temp\SRLDetectionLibrary7783834573432956378.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-07 02:29

==================== End Of Log ============================
         
Addition.txt
Code:
ATTFilter
 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by Tim at 2014-10-07 12:56:33
Running from C:\Users\Tim\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ALTools Update (HKLM-x32\...\ALUpdate_is1) (Version: v11.4.28.1 - ESTsoft Corp.)
ALZip 8.51 (HKLM-x32\...\ALZip_is1) (Version: v8.51 - ESTsoft Corp.)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Benutzerhandbuch (x32 Version: 1.0.0.17 - Lenovo) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04063 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04063 - Cisco Systems, Inc.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.3.53 - Conexant)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PhotoDirector 3 (x32 Version: 3.0.1.4107 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
FaceGen Modeller 3.5 Free (HKLM-x32\...\{86BDD105-114A-4B20-BF8B-E46C7159A641}) (Version: 3.5.3 - Singular Inversions Inc.)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.3 - Google Inc.) Hidden
ICQ 8.2 (build 6901) (HKCU\...\ICQ) (Version: 8.2.6901.0 - ICQ)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1327.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.25.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
Nitro Pro 8 (HKLM\...\{C0EE31FB-F593-4128-8A86-FDB37BA2486D}) (Version: 8.5.6.5 - Nitro)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PNotes 9.3.0 (HKLM-x32\...\{949D34E5-F53F-4830-9A50-1E2C39109043}_is1) (Version: 9.3.0 - Andrey Gruber)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)
Skypeâ„¢ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Startmenü (HKCU\...\Pokki) (Version: 0.269.2.430 - Pokki)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BE94768F-5232-11E3-BD78-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Visionaire 3.7.1 (HKLM-x32\...\Visionaire_is1) (Version: v3.7.1 - Visionaire Team)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-564833548-2393907387-3086590010-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-564833548-2393907387-3086590010-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)

==================== Restore Points  =========================

14-09-2014 17:39:53 Windows Update
22-09-2014 18:38:19 Geplanter Prüfpunkt
05-10-2014 16:16:14 Geplanter Prüfpunkt
07-10-2014 10:50:53 Removed Vegas Pro 12.0 (64-bit)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0901906A-EE4B-49D3-8D14-B82CD3051ACE} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-25] (Lenovo)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {254ACE9F-F613-4A96-AF0C-E29482FD0839} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {27D8088A-0BBD-4835-B0E7-9774CA70C105} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {522A9D8F-FBC9-46B8-937E-5A8F28B14663} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)
Task: {56C66E61-C874-4C1B-A294-5A1BC44055B5} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {66B5DF60-FBE1-44E0-B62E-7A7520D58538} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {742B913B-5E8B-4984-A8B1-EDE70C2AF7FC} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {767B6349-0F04-4ED8-B19D-80A5AD7B4E05} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A620E400-D18E-4E2D-875C-ABDD9E98FA92} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {B0E0072E-D619-4DE8-A9B4-2DC356AC4CD3} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {C88038DC-0059-4781-B6FC-B0E1BD5D62F9} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E5FF274C-1A6B-4C6E-9B4A-5CD992048819} - System32\Tasks\Start Registry Reviver for TIMSPC@Tim(logon) => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E7881F17-F10E-4915-8CBD-B838E4F6A60E} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [2013-06-03] ()
Task: {E97F7AD0-2015-4D58-9708-C40C4691BD23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-10] (Google Inc.)
Task: {EA265D6D-C937-4B42-86F9-5BCBE56867CA} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {EA3369D5-6896-4277-9AF5-6B5FA77751FA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-11] (Microsoft Corporation)
Task: {F58360BE-E294-4D6D-B972-72AFDBFF264D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-10] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-19 04:10 - 2012-04-24 12:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-12-19 04:14 - 2013-12-19 04:14 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-12-19 04:14 - 2013-12-19 04:14 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2013-10-09 03:08 - 2013-09-19 23:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-19 23:29 - 2013-07-19 23:29 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2013-12-19 03:47 - 2013-08-08 23:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-01-17 18:32 - 2014-01-17 18:32 - 00569856 _____ () C:\Users\Tim\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2014-01-17 18:32 - 2014-01-17 18:32 - 01400846 _____ () C:\Users\Tim\AppData\Local\Pokki\Engine\avcodec-54.dll
2014-01-17 18:32 - 2014-01-17 18:32 - 00151054 _____ () C:\Users\Tim\AppData\Local\Pokki\Engine\avutil-51.dll
2014-01-17 18:32 - 2014-01-17 18:32 - 00222734 _____ () C:\Users\Tim\AppData\Local\Pokki\Engine\avformat-54.dll
2014-08-05 11:28 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Tim\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-25 15:19 - 2014-09-23 06:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 15:19 - 2014-09-23 06:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 15:19 - 2014-09-23 06:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 15:19 - 2014-09-23 06:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 15:19 - 2014-09-23 06:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Tim\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Tim\Desktop\Einladung zum Einstelltag Mercedes-Benz Werk Bremen - Sommer 2014.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-564833548-2393907387-3086590010-500 - Administrator - Disabled)
Gast (S-1-5-21-564833548-2393907387-3086590010-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-564833548-2393907387-3086590010-1003 - Limited - Enabled)
Tim (S-1-5-21-564833548-2393907387-3086590010-1001 - Administrator - Enabled) => C:\Users\Tim

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/07/2014 00:51:51 PM) (Source: MsiInstaller) (EventID: 11723) (User: TIMSPC)
Description: Produkt: Vegas Pro 12.0 (64-bit) -- Fehler 1723. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Eine für den Abschluss der Installation erforderliche DLL konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: SfMSILib_IsProcessRunning, Eintrag: SfMSILib_IsProcessRunning, Bibliothek: C:\ProgramData\Sony\customaction_x64.dll

Error: (10/07/2014 11:40:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/07/2014 11:11:13 AM) (Source: MsiInstaller) (EventID: 1024) (User: TIMSPC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/07/2014 01:20:48 AM) (Source: MsiInstaller) (EventID: 1024) (User: TIMSPC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/07/2014 00:55:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fm.exe, Version: 14.3.1.28944, Zeitstempel: 0x5342f333
Name des fehlerhaften Moduls: fm.exe, Version: 14.3.1.28944, Zeitstempel: 0x5342f333
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0091b60a
ID des fehlerhaften Prozesses: 0x3784
Startzeit der fehlerhaften Anwendung: 0xfm.exe0
Pfad der fehlerhaften Anwendung: fm.exe1
Pfad des fehlerhaften Moduls: fm.exe2
Berichtskennung: fm.exe3
Vollständiger Name des fehlerhaften Pakets: fm.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fm.exe5

Error: (10/06/2014 10:28:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fm.exe, Version: 14.3.1.28944, Zeitstempel: 0x5342f333
Name des fehlerhaften Moduls: fm.exe, Version: 14.3.1.28944, Zeitstempel: 0x5342f333
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0091b60a
ID des fehlerhaften Prozesses: 0xbf4
Startzeit der fehlerhaften Anwendung: 0xfm.exe0
Pfad der fehlerhaften Anwendung: fm.exe1
Pfad des fehlerhaften Moduls: fm.exe2
Berichtskennung: fm.exe3
Vollständiger Name des fehlerhaften Pakets: fm.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fm.exe5

Error: (10/06/2014 04:50:22 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/06/2014 04:11:39 PM) (Source: MsiInstaller) (EventID: 1024) (User: TIMSPC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/06/2014 00:50:58 PM) (Source: MsiInstaller) (EventID: 1024) (User: TIMSPC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/06/2014 08:51:40 AM) (Source: MsiInstaller) (EventID: 1024) (User: TIMSPC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (10/07/2014 01:13:51 AM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/07/2014 01:13:51 AM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/07/2014 01:13:47 AM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/07/2014 01:13:47 AM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/07/2014 01:13:44 AM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/07/2014 01:13:44 AM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/07/2014 01:13:42 AM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/07/2014 01:13:42 AM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/07/2014 01:13:42 AM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/07/2014 01:13:42 AM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (10/07/2014 00:51:51 PM) (Source: MsiInstaller) (EventID: 11723) (User: TIMSPC)
Description: Produkt: Vegas Pro 12.0 (64-bit) -- Fehler 1723. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Eine für den Abschluss der Installation erforderliche DLL konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: SfMSILib_IsProcessRunning, Eintrag: SfMSILib_IsProcessRunning, Bibliothek: C:\ProgramData\Sony\customaction_x64.dll (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/07/2014 11:40:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/07/2014 11:11:13 AM) (Source: MsiInstaller) (EventID: 1024) (User: TIMSPC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

Error: (10/07/2014 01:20:48 AM) (Source: MsiInstaller) (EventID: 1024) (User: TIMSPC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

Error: (10/07/2014 00:55:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: fm.exe14.3.1.289445342f333fm.exe14.3.1.289445342f333c00000050091b60a378401cfe1a422ff4462C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exeC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exece3959a8-4dab-11e4-8277-201a068b885f

Error: (10/06/2014 10:28:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fm.exe14.3.1.289445342f333fm.exe14.3.1.289445342f333c00000050091b60abf401cfe177cf494fb6C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exeC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exe4d587dda-4d97-11e4-8277-201a068b885f

Error: (10/06/2014 04:50:22 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/06/2014 04:11:39 PM) (Source: MsiInstaller) (EventID: 1024) (User: TIMSPC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

Error: (10/06/2014 00:50:58 PM) (Source: MsiInstaller) (EventID: 1024) (User: TIMSPC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

Error: (10/06/2014 08:51:40 AM) (Source: MsiInstaller) (EventID: 1024) (User: TIMSPC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 52%
Total physical RAM: 3993.77 MB
Available physical RAM: 1903.98 MB
Total Pagefile: 6136.45 MB
Available Pagefile: 3317.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.54 GB) (Free:319.14 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6D1D11D8)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
GMER Log

Code:
ATTFilter
 GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-07 13:11:30
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002d ST500LT012-9WS142 rev.0001LVM1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Tim\AppData\Local\Temp\kwtdipoc.sys


---- User code sections - GMER 2.1 ----

.text    C:\Windows\System32\igfxpers.exe[11112] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                       00007ff9467e169a 4 bytes [7E, 46, F9, 7F]
.text    C:\Windows\System32\igfxpers.exe[11112] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                       00007ff9467e16a2 4 bytes [7E, 46, F9, 7F]
.text    C:\Windows\System32\igfxpers.exe[11112] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                          00007ff9467e181a 4 bytes [7E, 46, F9, 7F]
.text    C:\Windows\System32\igfxpers.exe[11112] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                          00007ff9467e1832 4 bytes [7E, 46, F9, 7F]
.text    C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[7992] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506                                                                           00007ff9467e169a 4 bytes [7E, 46, F9, 7F]
.text    C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[7992] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514                                                                           00007ff9467e16a2 4 bytes [7E, 46, F9, 7F]
.text    C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[7992] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118                                                                              00007ff9467e181a 4 bytes [7E, 46, F9, 7F]
.text    C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[7992] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142                                                                              00007ff9467e1832 4 bytes [7E, 46, F9, 7F]

---- Threads - GMER 2.1 ----

Thread   C:\WINDOWS\system32\csrss.exe [10496:13400]                                                                                                                                                          fffff960009b4b90
---- Processes - GMER 2.1 ----

Library  C:\Users\Tim\AppData\Local\Pokki\Engine\libPokki.dll (*** suspicious ***) @ C:\Users\Tim\AppData\Local\Pokki\Engine\HostAppService.exe [10592] (Chromium/The Chromium Authors)(2014-03-20 22:40:48)  0000000060d50000
Library  C:\Users\Tim\AppData\Local\Pokki\Engine\icudt.dll (*** suspicious ***) @ C:\Users\Tim\AppData\Local\Pokki\Engine\HostAppService.exe [10592] (ICU Data DLL/The ICU Project)(2014-01-17 16:32:58)      0000000068300000
Library  C:\Users\Tim\AppData\Local\Pokki\Engine\libPokki.dll (*** suspicious ***) @ C:\Users\Tim\AppData\Local\Pokki\Engine\HostAppService.exe [9576] (Chromium/The Chromium Authors)(2014-03-20 22:40:48)   0000000060d50000
Library  C:\Users\Tim\AppData\Local\Pokki\Engine\icudt.dll (*** suspicious ***) @ C:\Users\Tim\AppData\Local\Pokki\Engine\HostAppService.exe [9576] (ICU Data DLL/The ICU Project)(2014-01-17 16:32:58)       0000000068300000
Library  C:\Users\Tim\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll (*** suspicious ***) @ C:\Users\Tim\AppData\Local\Pokki\Engine\HostAppService.exe [9576](2014-01-17 16:32:58)                   0000000066770000
Library  C:\Users\Tim\AppData\Local\Pokki\Engine\avcodec-54.dll (*** suspicious ***) @ C:\Users\Tim\AppData\Local\Pokki\Engine\HostAppService.exe [9576](2014-01-17 16:32:58)                                 0000000066570000
Library  C:\Users\Tim\AppData\Local\Pokki\Engine\avutil-51.dll (*** suspicious ***) @ C:\Users\Tim\AppData\Local\Pokki\Engine\HostAppService.exe [9576](2014-01-17 16:32:56)                                  000000006a500000
Library  C:\Users\Tim\AppData\Local\Pokki\Engine\avformat-54.dll (*** suspicious ***) @ C:\Users\Tim\AppData\Local\Pokki\Engine\HostAppService.exe [9576](2014-01-17 16:32:56)                                0000000069a80000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                unknown MBR code

---- EOF - GMER 2.1 ----
         
Hinweis: Bei GMER habe ich zwei Fehlermeldungen bekommen, weil auf Dateien nicht zugegriffen werden konnte, da sie schon von anderen Programmen benutzt werden. Die genauen Dateinamen habe ich leider nicht mehr im Kopf, eine enthielt "system", die andere "user". Habe ich da falsch was gemacht oder kommt die Meldung immer? Ich müsste den Scan sonst noch einmal neu machen.



Vielen Dank für eure Hilfe!

Alt 07.10.2014, 12:34   #2
rvh
 
Schädling/Datei hat sich ungebeten installiert - Standard

Schädling/Datei hat sich ungebeten installiert



Ich habe den Avira Bericht vergessen. Falls er von Interesse ist.
Avira Bericht:
Code:
ATTFilter
 

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 7. Oktober 2014  11:17


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Antivirus Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows 8.1
Windowsversion : (plain)  [6.2.9200]
Boot Modus     : Normal gebootet
Benutzername   : Tim
Computername   : TIMSPC

Versionsinformationen:
BUILD.DAT      : 14.0.7.306     92015 Bytes  24.09.2014 12:44:00
AVSCAN.EXE     : 14.0.7.266   1014576 Bytes  07.10.2014 09:12:34
AVSCANRC.DLL   : 14.0.7.220     65272 Bytes  07.10.2014 09:12:34
LUKE.DLL       : 14.0.7.220     59696 Bytes  07.10.2014 09:13:09
AVSCPLR.DLL    : 14.0.7.266     94512 Bytes  07.10.2014 09:12:34
REPAIR.DLL     : 14.0.7.266    366328 Bytes  07.10.2014 09:12:30
REPAIR.RDF     : 1.0.1.98      484383 Bytes  07.10.2014 09:13:19
AVREG.DLL      : 14.0.7.220    264952 Bytes  07.10.2014 09:12:29
AVLODE.DLL     : 14.0.7.266    563448 Bytes  07.10.2014 09:12:28
AVLODE.RDF     : 14.0.4.46      64835 Bytes  08.09.2014 12:59:09
XBV00010.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:34
XBV00011.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:34
XBV00012.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:34
XBV00013.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:34
XBV00014.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:34
XBV00015.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:34
XBV00016.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:34
XBV00017.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:34
XBV00018.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:34
XBV00019.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:34
XBV00020.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:34
XBV00021.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:34
XBV00022.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:34
XBV00023.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:35
XBV00024.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:35
XBV00025.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:35
XBV00026.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:35
XBV00027.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:35
XBV00028.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:35
XBV00029.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:35
XBV00030.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:35
XBV00031.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:35
XBV00032.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:35
XBV00033.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:35
XBV00034.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:35
XBV00035.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:35
XBV00036.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:35
XBV00037.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:35
XBV00038.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:35
XBV00039.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:35
XBV00040.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:35
XBV00041.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 14:00:35
XBV00111.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:38
XBV00112.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:38
XBV00113.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:38
XBV00114.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:38
XBV00115.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:38
XBV00116.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:38
XBV00117.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:38
XBV00118.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:38
XBV00119.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:38
XBV00120.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:38
XBV00121.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:38
XBV00122.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:39
XBV00123.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:39
XBV00124.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:39
XBV00125.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:39
XBV00126.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:39
XBV00127.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:39
XBV00128.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:39
XBV00129.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:39
XBV00130.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:39
XBV00131.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:39
XBV00132.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:39
XBV00133.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:40
XBV00134.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:40
XBV00135.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:40
XBV00136.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:40
XBV00137.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:40
XBV00138.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:40
XBV00139.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:40
XBV00140.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:40
XBV00141.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:40
XBV00142.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:40
XBV00143.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:41
XBV00144.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:41
XBV00145.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:41
XBV00146.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:41
XBV00147.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:41
XBV00148.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:41
XBV00149.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:41
XBV00150.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:42
XBV00151.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:42
XBV00152.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:42
XBV00153.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:42
XBV00154.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:42
XBV00155.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:42
XBV00156.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:42
XBV00157.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:42
XBV00158.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:43
XBV00159.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:43
XBV00160.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:43
XBV00161.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:43
XBV00162.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:43
XBV00163.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:43
XBV00164.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:43
XBV00165.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:43
XBV00166.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:43
XBV00167.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:44
XBV00168.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:44
XBV00169.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:44
XBV00170.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:44
XBV00171.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:44
XBV00172.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:44
XBV00173.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:44
XBV00174.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:44
XBV00175.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:44
XBV00176.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:44
XBV00177.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:45
XBV00178.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:46
XBV00179.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:46
XBV00180.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:46
XBV00181.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:46
XBV00182.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:47
XBV00183.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:47
XBV00184.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:47
XBV00185.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:47
XBV00186.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:47
XBV00187.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:47
XBV00188.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:47
XBV00189.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:47
XBV00190.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:48
XBV00191.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:48
XBV00192.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:48
XBV00193.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:48
XBV00194.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:48
XBV00195.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:48
XBV00196.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:48
XBV00197.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:48
XBV00198.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:48
XBV00199.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:48
XBV00200.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:48
XBV00201.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:49
XBV00202.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:49
XBV00203.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:49
XBV00204.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:49
XBV00205.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:49
XBV00206.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:49
XBV00207.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:50
XBV00208.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:50
XBV00209.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:50
XBV00210.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:50
XBV00211.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:50
XBV00212.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:50
XBV00213.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:50
XBV00214.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:50
XBV00215.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:50
XBV00216.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:50
XBV00217.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:50
XBV00218.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:51
XBV00219.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:51
XBV00220.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:51
XBV00221.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:51
XBV00222.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:51
XBV00223.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:51
XBV00224.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:51
XBV00225.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:51
XBV00226.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:51
XBV00227.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:51
XBV00228.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:51
XBV00229.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:51
XBV00230.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:52
XBV00231.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:52
XBV00232.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:52
XBV00233.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:52
XBV00234.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:52
XBV00235.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:52
XBV00236.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:52
XBV00237.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:52
XBV00238.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:52
XBV00239.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:52
XBV00240.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:52
XBV00241.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:52
XBV00242.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:53
XBV00243.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:53
XBV00244.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:53
XBV00245.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:53
XBV00246.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:53
XBV00247.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:53
XBV00248.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:53
XBV00249.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:53
XBV00250.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:53
XBV00251.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:53
XBV00252.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:53
XBV00253.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:53
XBV00254.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:54
XBV00255.VDF   : 8.11.175.172     2048 Bytes  30.09.2014 17:59:54
XBV00000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 10:00:51
XBV00001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 10:00:51
XBV00002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 10:00:51
XBV00003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 10:00:51
XBV00004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 10:00:51
XBV00005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 10:00:51
XBV00006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 15:43:36
XBV00007.VDF   : 7.11.152.100  4193792 Bytes  02.06.2014 11:01:57
XBV00008.VDF   : 8.11.165.192  4251136 Bytes  07.08.2014 14:00:34
XBV00009.VDF   : 8.11.172.30  2094080 Bytes  15.09.2014 20:32:04
XBV00042.VDF   : 8.11.175.172  1208832 Bytes  30.09.2014 17:59:31
XBV00043.VDF   : 8.11.175.174    36864 Bytes  30.09.2014 17:59:31
XBV00044.VDF   : 8.11.175.178     5632 Bytes  30.09.2014 17:59:31
XBV00045.VDF   : 8.11.175.180    11264 Bytes  30.09.2014 06:18:08
XBV00046.VDF   : 8.11.175.194     9728 Bytes  30.09.2014 06:18:08
XBV00047.VDF   : 8.11.175.206     3072 Bytes  30.09.2014 06:18:08
XBV00048.VDF   : 8.11.175.218     2560 Bytes  30.09.2014 06:18:08
XBV00049.VDF   : 8.11.175.222    24576 Bytes  01.10.2014 06:18:08
XBV00050.VDF   : 8.11.175.224    28160 Bytes  01.10.2014 13:34:42
XBV00051.VDF   : 8.11.175.230     3072 Bytes  01.10.2014 13:34:42
XBV00052.VDF   : 8.11.175.232    17408 Bytes  01.10.2014 13:34:42
XBV00053.VDF   : 8.11.175.234    19456 Bytes  01.10.2014 19:32:39
XBV00054.VDF   : 8.11.175.236    11264 Bytes  01.10.2014 19:32:39
XBV00055.VDF   : 8.11.175.238    12288 Bytes  01.10.2014 19:32:39
XBV00056.VDF   : 8.11.175.254    10240 Bytes  01.10.2014 15:44:40
XBV00057.VDF   : 8.11.176.8      5120 Bytes  01.10.2014 15:44:40
XBV00058.VDF   : 8.11.176.18     5120 Bytes  01.10.2014 15:44:40
XBV00059.VDF   : 8.11.176.20     6144 Bytes  02.10.2014 15:44:40
XBV00060.VDF   : 8.11.176.26    27136 Bytes  02.10.2014 15:44:40
XBV00061.VDF   : 8.11.176.28    16384 Bytes  02.10.2014 15:44:40
XBV00062.VDF   : 8.11.176.30    17408 Bytes  02.10.2014 15:44:40
XBV00063.VDF   : 8.11.176.40     2048 Bytes  02.10.2014 15:44:40
XBV00064.VDF   : 8.11.176.50    11264 Bytes  02.10.2014 15:44:40
XBV00065.VDF   : 8.11.176.60     5632 Bytes  02.10.2014 15:44:40
XBV00066.VDF   : 8.11.176.70     2048 Bytes  02.10.2014 15:44:40
XBV00067.VDF   : 8.11.176.82    11264 Bytes  02.10.2014 06:38:43
XBV00068.VDF   : 8.11.176.86    18944 Bytes  02.10.2014 06:38:43
XBV00069.VDF   : 8.11.176.88     2048 Bytes  02.10.2014 06:38:43
XBV00070.VDF   : 8.11.176.90     9216 Bytes  02.10.2014 06:38:43
XBV00071.VDF   : 8.11.176.92     2048 Bytes  03.10.2014 06:38:43
XBV00072.VDF   : 8.11.176.96    31744 Bytes  03.10.2014 06:38:43
XBV00073.VDF   : 8.11.176.98    18432 Bytes  03.10.2014 18:00:34
XBV00074.VDF   : 8.11.176.108    17408 Bytes  03.10.2014 18:00:34
XBV00075.VDF   : 8.11.176.116    11264 Bytes  03.10.2014 18:00:34
XBV00076.VDF   : 8.11.176.124    16384 Bytes  03.10.2014 18:00:34
XBV00077.VDF   : 8.11.176.126     6144 Bytes  03.10.2014 18:00:34
XBV00078.VDF   : 8.11.176.128     8192 Bytes  03.10.2014 18:00:34
XBV00079.VDF   : 8.11.176.130     5632 Bytes  03.10.2014 18:00:34
XBV00080.VDF   : 8.11.176.132    12288 Bytes  03.10.2014 18:00:34
XBV00081.VDF   : 8.11.176.134    10752 Bytes  03.10.2014 18:00:34
XBV00082.VDF   : 8.11.176.136    14848 Bytes  03.10.2014 18:00:34
XBV00083.VDF   : 8.11.176.138    12800 Bytes  03.10.2014 18:00:35
XBV00084.VDF   : 8.11.176.140     5632 Bytes  03.10.2014 18:00:35
XBV00085.VDF   : 8.11.176.142     8704 Bytes  03.10.2014 18:00:35
XBV00086.VDF   : 8.11.176.144    61440 Bytes  04.10.2014 18:00:35
XBV00087.VDF   : 8.11.176.146    17920 Bytes  04.10.2014 18:00:35
XBV00088.VDF   : 8.11.176.148    11264 Bytes  04.10.2014 18:00:35
XBV00089.VDF   : 8.11.176.150    57856 Bytes  05.10.2014 15:00:31
XBV00090.VDF   : 8.11.176.158     3072 Bytes  05.10.2014 15:00:31
XBV00091.VDF   : 8.11.176.166     7680 Bytes  05.10.2014 15:00:31
XBV00092.VDF   : 8.11.176.180     2048 Bytes  05.10.2014 15:00:31
XBV00093.VDF   : 8.11.176.188    50176 Bytes  06.10.2014 06:52:46
XBV00094.VDF   : 8.11.176.190     2048 Bytes  06.10.2014 06:52:46
XBV00095.VDF   : 8.11.176.192    10752 Bytes  06.10.2014 14:12:48
XBV00096.VDF   : 8.11.176.194     4608 Bytes  06.10.2014 14:12:48
XBV00097.VDF   : 8.11.176.202     4608 Bytes  06.10.2014 14:12:48
XBV00098.VDF   : 8.11.176.208    66560 Bytes  06.10.2014 20:11:38
XBV00099.VDF   : 8.11.176.214     2048 Bytes  06.10.2014 20:11:38
XBV00100.VDF   : 8.11.176.226     2048 Bytes  06.10.2014 20:11:38
XBV00101.VDF   : 8.11.176.238    31232 Bytes  06.10.2014 20:11:39
XBV00102.VDF   : 8.11.176.244    12288 Bytes  06.10.2014 20:11:39
XBV00103.VDF   : 8.11.176.250    18944 Bytes  06.10.2014 20:11:39
XBV00104.VDF   : 8.11.176.254    17408 Bytes  06.10.2014 09:13:18
XBV00105.VDF   : 8.11.177.0      6656 Bytes  07.10.2014 09:13:18
XBV00106.VDF   : 8.11.177.4     15872 Bytes  07.10.2014 09:13:18
XBV00107.VDF   : 8.11.177.6      4608 Bytes  07.10.2014 09:13:18
XBV00108.VDF   : 8.11.177.12     6144 Bytes  07.10.2014 09:13:18
XBV00109.VDF   : 8.11.177.16     3072 Bytes  07.10.2014 09:13:18
XBV00110.VDF   : 8.11.177.20     8704 Bytes  07.10.2014 09:13:18
LOCAL001.VDF   : 8.11.177.20 112053760 Bytes  07.10.2014 09:13:46
Engineversion  : 8.3.24.34 
AEVDF.DLL      : 8.3.1.6       133992 Bytes  20.08.2014 14:37:47
AESCRIPT.DLL   : 8.2.0.28      436136 Bytes  02.10.2014 15:44:40
AESCN.DLL      : 8.3.2.2       139456 Bytes  21.07.2014 10:59:13
AESBX.DLL      : 8.2.20.24    1409224 Bytes  08.05.2014 16:14:34
AERDL.DLL      : 8.2.0.138     704888 Bytes  14.02.2014 10:00:46
AEPACK.DLL     : 8.4.0.54      788392 Bytes  24.09.2014 13:36:35
AEOFFICE.DLL   : 8.3.0.30      223144 Bytes  06.10.2014 14:12:48
AEHEUR.DLL     : 8.1.4.1310   7564144 Bytes  26.09.2014 12:37:40
AEHELP.DLL     : 8.3.1.0       278728 Bytes  30.05.2014 14:11:24
AEGEN.DLL      : 8.1.7.30      453480 Bytes  26.09.2014 12:37:32
AEEXP.DLL      : 8.4.2.32      247712 Bytes  02.09.2014 19:38:32
AEEMU.DLL      : 8.1.3.4       399264 Bytes  07.08.2014 14:00:16
AEDROID.DLL    : 8.4.2.24      442568 Bytes  04.06.2014 13:33:06
AECORE.DLL     : 8.3.2.6       243712 Bytes  07.08.2014 14:00:16
AEBB.DLL       : 8.1.2.0        60448 Bytes  07.08.2014 14:00:16
AVWINLL.DLL    : 14.0.7.220     25904 Bytes  07.10.2014 09:12:23
AVPREF.DLL     : 14.0.7.220     52016 Bytes  07.10.2014 09:12:29
AVREP.DLL      : 14.0.7.220    220976 Bytes  07.10.2014 09:12:29
AVARKT.DLL     : 14.0.7.220    227632 Bytes  07.10.2014 09:12:24
AVEVTLOG.DLL   : 14.0.7.220    185080 Bytes  07.10.2014 09:12:26
SQLITE3.DLL    : 14.0.7.220    453936 Bytes  07.10.2014 09:13:17
AVSMTP.DLL     : 14.0.7.220     79096 Bytes  07.10.2014 09:12:34
NETNT.DLL      : 14.0.7.220     15152 Bytes  07.10.2014 09:13:09
RCIMAGE.DLL    : 14.0.7.220   4865328 Bytes  07.10.2014 09:12:23
RCTEXT.DLL     : 14.0.7.240     77048 Bytes  07.10.2014 09:12:23

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldiscs.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Dienstag, 7. Oktober 2014  11:17

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '196' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'CxAudMsg64.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'dashost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDService.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibtrksrv.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'NitroPDFDriverService8x64.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'NLSSRV32.EXE' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo64.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'SAsrv.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'VfConnectorService.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICCProxy.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'devmonsrv.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'obexsrv.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrl.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhostex.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '223' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrlHelper.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDIntelligent.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'skydrive.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'CAudioFilterAgent64.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'RTFTrack.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Energy Management.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'utility.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'StartMenuIndexer.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpotifyWebHelper.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnui.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'HostAppService.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD10Serv.EXE' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'HostAppService.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '131' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'WinLogon.exe' - '25' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '6450' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Windows8_OS>
C:\swapfile.sys
  [WARNUNG]   Die Datei konnte nicht geöffnet werden!
Beginne mit der Suche in 'D:\' <LENOVO>


Ende des Suchlaufs: Dienstag, 7. Oktober 2014  12:39
Benötigte Zeit:  1:21:56 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  41891 Verzeichnisse wurden überprüft
 630099 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      1 Dateien konnten nicht durchsucht werden
 630098 Dateien ohne Befall
   5846 Archive wurden durchsucht
      1 Warnungen
      0 Hinweise
         
__________________


Alt 07.10.2014, 13:36   #3
schrauber
/// the machine
/// TB-Ausbilder
 

Schädling/Datei hat sich ungebeten installiert - Standard

Schädling/Datei hat sich ungebeten installiert



hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
__________________

Alt 07.10.2014, 16:12   #4
rvh
 
Schädling/Datei hat sich ungebeten installiert - Standard

Schädling/Datei hat sich ungebeten installiert



Hallo.
Hier ist der Bericht vom Scan. Es wurde aber nichts gefunden.

Code:
ATTFilter
17:09:13.0536 0x0d34  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
17:09:13.0536 0x0d34  UEFI system
17:09:16.0989 0x0d34  ============================================================
17:09:16.0989 0x0d34  Current date / time: 2014/10/07 17:09:16.0989
17:09:16.0989 0x0d34  SystemInfo:
17:09:16.0989 0x0d34  
17:09:16.0989 0x0d34  OS Version: 6.3.9600 ServicePack: 0.0
17:09:16.0989 0x0d34  Product type: Workstation
17:09:16.0989 0x0d34  ComputerName: TIMSPC
17:09:16.0989 0x0d34  UserName: Tim
17:09:16.0989 0x0d34  Windows directory: C:\WINDOWS
17:09:16.0989 0x0d34  System windows directory: C:\WINDOWS
17:09:16.0989 0x0d34  Running under WOW64
17:09:16.0989 0x0d34  Processor architecture: Intel x64
17:09:16.0989 0x0d34  Number of processors: 4
17:09:16.0989 0x0d34  Page size: 0x1000
17:09:16.0989 0x0d34  Boot type: Normal boot
17:09:16.0989 0x0d34  ============================================================
17:09:17.0849 0x0d34  KLMD registered as C:\WINDOWS\system32\drivers\27398566.sys
17:09:18.0114 0x0d34  System UUID: {2B1238F7-0A94-7A99-437C-E7D9797D7097}
17:09:18.0646 0x0d34  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:09:18.0661 0x0d34  ============================================================
17:09:18.0661 0x0d34  \Device\Harddisk0\DR0:
17:09:18.0661 0x0d34  GPT partitions:
17:09:18.0661 0x0d34  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {3A74B91D-D55D-4226-8DD5-0898908503F9}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1F4000
17:09:18.0661 0x0d34  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {D2B3DC4B-B873-4ABB-BBE6-DBF2913DD513}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
17:09:18.0661 0x0d34  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {D098AC90-107E-40BF-8A73-E43B7895451B}, Name: Basic data partition, StartLBA 0x276800, BlocksNum 0x1F4000
17:09:18.0661 0x0d34  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {C746C97F-422C-4F1D-A7D0-10AC29F1FC71}, Name: Microsoft reserved partition, StartLBA 0x46A800, BlocksNum 0x40000
17:09:18.0661 0x0d34  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A4611B2C-9E04-4023-8CB0-8590707455A4}, Name: Basic data partition, StartLBA 0x4AA800, BlocksNum 0x35514800
17:09:18.0661 0x0d34  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {F41262A8-31EB-4973-BE4F-589B84148F91}, Name: Basic data partition, StartLBA 0x359BF000, BlocksNum 0x3200000
17:09:18.0661 0x0d34  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {88765824-D0CD-4F35-A521-5C21CFAD2168}, Name: Basic data partition, StartLBA 0x38BBF000, BlocksNum 0x17C7000
17:09:18.0661 0x0d34  MBR partitions:
17:09:18.0661 0x0d34  ============================================================
17:09:18.0692 0x0d34  C: <-> \Device\Harddisk0\DR0\Partition5
17:09:18.0755 0x0d34  D: <-> \Device\Harddisk0\DR0\Partition6
17:09:18.0755 0x0d34  ============================================================
17:09:18.0755 0x0d34  Initialize success
17:09:18.0755 0x0d34  ============================================================
17:09:25.0115 0x1548  ============================================================
17:09:25.0115 0x1548  Scan started
17:09:25.0115 0x1548  Mode: Manual; SigCheck; TDLFS; 
17:09:25.0115 0x1548  ============================================================
17:09:25.0115 0x1548  KSN ping started
17:09:27.0412 0x1548  KSN ping finished: true
17:09:28.0631 0x1548  ================ Scan system memory ========================
17:09:28.0631 0x1548  System memory - ok
17:09:28.0631 0x1548  ================ Scan services =============================
17:09:28.0772 0x1548  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
17:09:28.0818 0x1548  1394ohci - ok
17:09:28.0834 0x1548  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
17:09:28.0850 0x1548  3ware - ok
17:09:28.0912 0x1548  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
17:09:28.0943 0x1548  ACPI - ok
17:09:28.0959 0x1548  [ A273E88FAC37A4F819ED99FE4B642F4D, 994DC229B7B4379852928DF0B22E8E575AB239FD8904AF580AA36A44ED717CD9 ] acpials         C:\WINDOWS\system32\DRIVERS\acpials.sys
17:09:28.0975 0x1548  acpials - ok
17:09:28.0990 0x1548  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
17:09:29.0006 0x1548  acpiex - ok
17:09:29.0006 0x1548  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
17:09:29.0006 0x1548  acpipagr - ok
17:09:29.0022 0x1548  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
17:09:29.0022 0x1548  AcpiPmi - ok
17:09:29.0037 0x1548  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
17:09:29.0053 0x1548  acpitime - ok
17:09:29.0068 0x1548  [ AF7A18603B0B82DFA5B420456FAF2201, 64AD831433778BB0B0B1615EEA7682960ED5815A091A9EFEE95A862EFBDE6D69 ] ACPIVPC         C:\WINDOWS\System32\drivers\AcpiVpc.sys
17:09:29.0084 0x1548  ACPIVPC - ok
17:09:29.0115 0x1548  [ 5AE65DCD983077278A6173C2872BCA99, 81C4DE30A3C20338761D04121773C7B4BB88F8A0AF82F55B8EBF3C84194AD9B6 ] acsock          C:\WINDOWS\system32\DRIVERS\acsock64.sys
17:09:29.0131 0x1548  acsock - ok
17:09:29.0193 0x1548  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:09:29.0209 0x1548  AdobeARMservice - ok
17:09:29.0318 0x1548  [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:09:29.0318 0x1548  AdobeFlashPlayerUpdateSvc - ok
17:09:29.0397 0x1548  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
17:09:29.0428 0x1548  ADP80XX - ok
17:09:29.0490 0x1548  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
17:09:29.0522 0x1548  AeLookupSvc - ok
17:09:29.0584 0x1548  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
17:09:29.0615 0x1548  AFD - ok
17:09:29.0631 0x1548  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
17:09:29.0631 0x1548  agp440 - ok
17:09:29.0662 0x1548  [ 8E8E34B7BA059050EED827410D0697A2, 85B6684709F24729A6497563812A90A54068AC2DD9EEA03037CB1EEF5C85AAA9 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
17:09:29.0662 0x1548  ahcache - ok
17:09:29.0709 0x1548  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG             C:\WINDOWS\System32\alg.exe
17:09:29.0725 0x1548  ALG - ok
17:09:29.0772 0x1548  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
17:09:29.0787 0x1548  AmdK8 - ok
17:09:29.0803 0x1548  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
17:09:29.0818 0x1548  AmdPPM - ok
17:09:29.0850 0x1548  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
17:09:29.0850 0x1548  amdsata - ok
17:09:29.0865 0x1548  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
17:09:29.0881 0x1548  amdsbs - ok
17:09:29.0881 0x1548  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
17:09:29.0897 0x1548  amdxata - ok
17:09:29.0975 0x1548  [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:09:30.0006 0x1548  AntiVirSchedulerService - ok
17:09:30.0037 0x1548  [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:09:30.0068 0x1548  AntiVirService - ok
17:09:30.0100 0x1548  [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID           C:\WINDOWS\system32\drivers\appid.sys
17:09:30.0115 0x1548  AppID - ok
17:09:30.0131 0x1548  [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
17:09:30.0147 0x1548  AppIDSvc - ok
17:09:30.0178 0x1548  [ 8D6F535461F6CFF75A8ADDF83024C904, F2A97EC4A6284F28B685A3CE2D450F61E75EE8692D718A6AA352D5734BBBAD7B ] Appinfo         C:\WINDOWS\System32\appinfo.dll
17:09:30.0193 0x1548  Appinfo - ok
17:09:30.0287 0x1548  [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
17:09:30.0318 0x1548  AppReadiness - ok
17:09:30.0381 0x1548  [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
17:09:30.0428 0x1548  AppXSvc - ok
17:09:30.0459 0x1548  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
17:09:30.0475 0x1548  arcsas - ok
17:09:30.0522 0x1548  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
17:09:30.0537 0x1548  atapi - ok
17:09:30.0584 0x1548  [ 886767FD022213F7885416134E9082E5, E248D82210FBEBF62C23EBEC74A976B2D1A4E62D3B7638D95B2574B77BA05DD0 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
17:09:30.0600 0x1548  AudioEndpointBuilder - ok
17:09:30.0662 0x1548  [ 79B134ECE836B406B212E28C24011538, 1B875DD23CCAD8A2759DCDBCDCF3DE14231B9DB5EEC8E84FE081E41A52A047A1 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
17:09:30.0709 0x1548  Audiosrv - ok
17:09:30.0740 0x1548  [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:09:30.0740 0x1548  avgntflt - ok
17:09:30.0772 0x1548  [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:09:30.0787 0x1548  avipbb - ok
17:09:30.0850 0x1548  [ 05ABC09DC0DFA5DF79A0BB39F60636B7, FEDE900D991F1FB40BA0A44E05181A6A506DC8B5F365E78E523CB6DF2CDACC15 ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
17:09:30.0865 0x1548  Avira.OE.ServiceHost - ok
17:09:30.0881 0x1548  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:09:30.0897 0x1548  avkmgr - ok
17:09:30.0943 0x1548  [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
17:09:30.0959 0x1548  AxInstSV - ok
17:09:31.0006 0x1548  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
17:09:31.0037 0x1548  b06bdrv - ok
17:09:31.0053 0x1548  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
17:09:31.0053 0x1548  BasicDisplay - ok
17:09:31.0100 0x1548  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
17:09:31.0115 0x1548  BasicRender - ok
17:09:31.0131 0x1548  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
17:09:31.0147 0x1548  bcmfn2 - ok
17:09:31.0209 0x1548  [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
17:09:31.0240 0x1548  BDESVC - ok
17:09:31.0256 0x1548  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:09:31.0272 0x1548  Beep - ok
17:09:31.0303 0x1548  [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE             C:\WINDOWS\System32\bfe.dll
17:09:31.0334 0x1548  BFE - ok
17:09:31.0381 0x1548  [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS            C:\WINDOWS\System32\qmgr.dll
17:09:31.0412 0x1548  BITS - ok
17:09:31.0522 0x1548  [ E7429ECD0C47CC065EEACF7E9D0E6341, 10D8231E14C908A0949108EB5F84E17BA10ABFC370D0C5F65945B23879AB12BF ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
17:09:31.0553 0x1548  Bluetooth Device Monitor - ok
17:09:31.0600 0x1548  [ 9C0FDB0E3CFE542847E5140FAF17E89F, 290C08C0F8413D15BA41BEFC3D5A9D3E97FB6C55B91FE80D518BEA95A2838173 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
17:09:31.0631 0x1548  Bluetooth OBEX Service - ok
17:09:31.0647 0x1548  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
17:09:31.0662 0x1548  bowser - ok
17:09:31.0740 0x1548  [ F2559A492AF8D653D1F47ADABA4C3E97, 77347915FB433023769699DFC9511F54E69C7FC7AB75F57FDC1A58E64A7126DE ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
17:09:31.0772 0x1548  BrokerInfrastructure - ok
17:09:31.0803 0x1548  [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser         C:\WINDOWS\System32\browser.dll
17:09:31.0819 0x1548  Browser - ok
17:09:31.0850 0x1548  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
17:09:31.0881 0x1548  BthAvrcpTg - ok
17:09:31.0897 0x1548  [ 131F1C8573E7BFB41C54FBF5309CCD94, DAFE51E3BADBD82A33B580F212B2D6520A120877C23F6D675521FEA2F4BA5A1F ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
17:09:31.0912 0x1548  BthEnum - ok
17:09:31.0928 0x1548  [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
17:09:31.0959 0x1548  BthHFEnum - ok
17:09:31.0959 0x1548  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
17:09:31.0975 0x1548  bthhfhid - ok
17:09:32.0022 0x1548  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\WINDOWS\System32\drivers\BthLEEnum.sys
17:09:32.0037 0x1548  BthLEEnum - ok
17:09:32.0069 0x1548  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
17:09:32.0069 0x1548  BTHMODEM - ok
17:09:32.0100 0x1548  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\WINDOWS\System32\drivers\bthpan.sys
17:09:32.0115 0x1548  BthPan - ok
17:09:32.0194 0x1548  [ 97B9076611291AE4C4C107BC915BD026, 0A77873AAF1ADB76CAB98A84D2242781E34E2699632E45EB92ED7DB20B2BE0C1 ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys
17:09:32.0256 0x1548  BTHPORT - ok
17:09:32.0272 0x1548  [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv         C:\WINDOWS\system32\bthserv.dll
17:09:32.0287 0x1548  bthserv - ok
17:09:32.0319 0x1548  [ 23E75BED9076F856B36F5F934BBD5795, CCEB72B788522B7D52A6C07646005EBC68F9599D3714ECACF3A194CA47A1BE85 ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys
17:09:32.0350 0x1548  BTHUSB - ok
17:09:32.0381 0x1548  [ 5B8D71504FA8BFA308F6E1169B89D322, 1DC0CF47C5F655EA0F0992020C17A86D05637F55ACBB17380283EBB883A4D14D ] btmaux          C:\WINDOWS\system32\DRIVERS\btmaux.sys
17:09:32.0397 0x1548  btmaux - ok
17:09:32.0475 0x1548  [ E36C1C48F1BC6EFFAEC0930C33DF052A, 0980B5222F4C53DD0F6602AF412850385A0418F2E8685AF85DC430C411AC79B7 ] btmhsf          C:\WINDOWS\system32\DRIVERS\btmhsf.sys
17:09:32.0506 0x1548  btmhsf - ok
17:09:32.0522 0x1548  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
17:09:32.0537 0x1548  cdfs - ok
17:09:32.0553 0x1548  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
17:09:32.0569 0x1548  cdrom - ok
17:09:32.0584 0x1548  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
17:09:32.0600 0x1548  CertPropSvc - ok
17:09:32.0600 0x1548  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
17:09:32.0615 0x1548  circlass - ok
17:09:32.0662 0x1548  [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
17:09:32.0694 0x1548  CLFS - ok
17:09:32.0709 0x1548  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
17:09:32.0725 0x1548  CmBatt - ok
17:09:32.0787 0x1548  [ 1CD3A907D64D08F49208DA00B69BF35E, ABBD70FFCA0DE2274D855AFC08BF7BC0AA6D44EFC9FDBF7DF44B73CD5C210E28 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
17:09:32.0834 0x1548  CNG - ok
17:09:32.0928 0x1548  [ 3C0FF49CC525A561A25D2BA3AA6A83E7, FA8E661E8E57BEA11A23B6AC59B3FDB21A61C20AA1E134810D62C2A5A32F6259 ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDRT64.sys
17:09:32.0959 0x1548  CnxtHdAudService - ok
17:09:32.0990 0x1548  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
17:09:33.0006 0x1548  CompositeBus - ok
17:09:33.0006 0x1548  COMSysApp - ok
17:09:33.0022 0x1548  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
17:09:33.0053 0x1548  condrv - ok
17:09:33.0115 0x1548  [ F9693D45B0F1B346CCDEEC1F341AD389, 342C81EFB434EAC29865F8BB049051635C644D7EF355D0F5FB3ADD9DDCE55D82 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
17:09:33.0147 0x1548  cphs - ok
17:09:33.0178 0x1548  [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
17:09:33.0194 0x1548  CryptSvc - ok
17:09:33.0225 0x1548  [ 4E6337DE03F36BCE168110E6B59F6A5B, 2DB940EBBA971B3801E273B80D8CBD975040A8B87908E7E0733E4DBB0EFC2611 ] CxAudMsg        C:\WINDOWS\system32\CxAudMsg64.exe
17:09:33.0240 0x1548  CxAudMsg - ok
17:09:33.0240 0x1548  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
17:09:33.0256 0x1548  dam - ok
17:09:33.0319 0x1548  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
17:09:33.0350 0x1548  DcomLaunch - ok
17:09:33.0397 0x1548  [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
17:09:33.0412 0x1548  defragsvc - ok
17:09:33.0444 0x1548  [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\WINDOWS\system32\das.dll
17:09:33.0459 0x1548  DeviceAssociationService - ok
17:09:33.0490 0x1548  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
17:09:33.0506 0x1548  DeviceInstall - ok
17:09:33.0522 0x1548  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
17:09:33.0537 0x1548  Dfsc - ok
17:09:33.0584 0x1548  [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
17:09:33.0600 0x1548  Dhcp - ok
17:09:33.0616 0x1548  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
17:09:33.0631 0x1548  disk - ok
17:09:33.0647 0x1548  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
17:09:33.0662 0x1548  dmvsc - ok
17:09:33.0678 0x1548  [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
17:09:33.0694 0x1548  Dnscache - ok
17:09:33.0725 0x1548  [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
17:09:33.0740 0x1548  dot3svc - ok
17:09:33.0756 0x1548  [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS             C:\WINDOWS\system32\dps.dll
17:09:33.0772 0x1548  DPS - ok
17:09:33.0787 0x1548  [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
17:09:33.0787 0x1548  drmkaud - ok
17:09:33.0819 0x1548  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
17:09:33.0834 0x1548  DsmSvc - ok
17:09:33.0928 0x1548  [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
17:09:33.0990 0x1548  DXGKrnl - ok
17:09:34.0006 0x1548  [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
17:09:34.0022 0x1548  Eaphost - ok
17:09:34.0131 0x1548  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
17:09:34.0225 0x1548  ebdrv - ok
17:09:34.0256 0x1548  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS             C:\WINDOWS\System32\lsass.exe
17:09:34.0287 0x1548  EFS - ok
17:09:34.0287 0x1548  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
17:09:34.0319 0x1548  EhStorClass - ok
17:09:34.0350 0x1548  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
17:09:34.0366 0x1548  EhStorTcgDrv - ok
17:09:34.0381 0x1548  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
17:09:34.0412 0x1548  ErrDev - ok
17:09:34.0459 0x1548  [ F5971ABF3E23EDB7D2DE7040FFBC8CC9, 73B9503A9AA5B7462CCBCA837494ECD1EF7266385F68038D8D779B48E5892F36 ] ETD             C:\WINDOWS\system32\DRIVERS\ETD.sys
17:09:34.0475 0x1548  ETD - ok
17:09:34.0553 0x1548  [ 20B6699ECD1FE57520960B4F393CA8AF, 1B68D5E0E796B65F1A8A780587173A062772BF79E6893A26EB196F4F1284E8C2 ] ETDService      C:\Program Files\Elantech\ETDService.exe
17:09:34.0569 0x1548  ETDService - ok
17:09:34.0616 0x1548  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem     C:\WINDOWS\system32\es.dll
17:09:34.0631 0x1548  EventSystem - ok
17:09:34.0662 0x1548  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
17:09:34.0678 0x1548  exfat - ok
17:09:34.0709 0x1548  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
17:09:34.0725 0x1548  fastfat - ok
17:09:34.0772 0x1548  [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax             C:\WINDOWS\system32\fxssvc.exe
17:09:34.0803 0x1548  Fax - ok
17:09:34.0834 0x1548  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
17:09:34.0850 0x1548  fdc - ok
17:09:34.0866 0x1548  [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
17:09:34.0897 0x1548  fdPHost - ok
17:09:34.0912 0x1548  [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
17:09:34.0928 0x1548  FDResPub - ok
17:09:34.0944 0x1548  [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
17:09:34.0959 0x1548  fhsvc - ok
17:09:35.0006 0x1548  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
17:09:35.0022 0x1548  FileInfo - ok
17:09:35.0037 0x1548  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
17:09:35.0053 0x1548  Filetrace - ok
17:09:35.0069 0x1548  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
17:09:35.0084 0x1548  flpydisk - ok
17:09:35.0116 0x1548  [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
17:09:35.0147 0x1548  FltMgr - ok
17:09:35.0241 0x1548  [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache       C:\WINDOWS\system32\FntCache.dll
17:09:35.0272 0x1548  FontCache - ok
17:09:35.0334 0x1548  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:09:35.0350 0x1548  FontCache3.0.0.0 - ok
17:09:35.0381 0x1548  [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
17:09:35.0397 0x1548  FsDepends - ok
17:09:35.0412 0x1548  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:09:35.0428 0x1548  Fs_Rec - ok
17:09:35.0491 0x1548  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
17:09:35.0537 0x1548  fvevol - ok
17:09:35.0553 0x1548  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
17:09:35.0569 0x1548  FxPPM - ok
17:09:35.0584 0x1548  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
17:09:35.0600 0x1548  gagp30kx - ok
17:09:35.0631 0x1548  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
17:09:35.0647 0x1548  gencounter - ok
17:09:35.0678 0x1548  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
17:09:35.0694 0x1548  GPIOClx0101 - ok
17:09:35.0787 0x1548  [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
17:09:35.0834 0x1548  gpsvc - ok
17:09:35.0897 0x1548  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:09:35.0912 0x1548  gupdate - ok
17:09:35.0912 0x1548  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:09:35.0928 0x1548  gupdatem - ok
17:09:35.0975 0x1548  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
17:09:36.0006 0x1548  HdAudAddService - ok
17:09:36.0037 0x1548  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
17:09:36.0053 0x1548  HDAudBus - ok
17:09:36.0069 0x1548  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
17:09:36.0084 0x1548  HidBatt - ok
17:09:36.0100 0x1548  [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
17:09:36.0116 0x1548  HidBth - ok
17:09:36.0131 0x1548  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
17:09:36.0131 0x1548  hidi2c - ok
17:09:36.0147 0x1548  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
17:09:36.0162 0x1548  HidIr - ok
17:09:36.0194 0x1548  [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv         C:\WINDOWS\system32\hidserv.dll
17:09:36.0209 0x1548  hidserv - ok
17:09:36.0256 0x1548  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
17:09:36.0272 0x1548  HidUsb - ok
17:09:36.0303 0x1548  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
17:09:36.0334 0x1548  hkmsvc - ok
17:09:36.0350 0x1548  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
17:09:36.0381 0x1548  HomeGroupListener - ok
17:09:36.0444 0x1548  [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
17:09:36.0459 0x1548  HomeGroupProvider - ok
17:09:36.0491 0x1548  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
17:09:36.0491 0x1548  HpSAMD - ok
17:09:36.0584 0x1548  [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
17:09:36.0616 0x1548  HTTP - ok
17:09:36.0631 0x1548  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
17:09:36.0631 0x1548  hwpolicy - ok
17:09:36.0647 0x1548  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
17:09:36.0647 0x1548  hyperkbd - ok
17:09:36.0662 0x1548  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
17:09:36.0662 0x1548  HyperVideo - ok
17:09:36.0678 0x1548  [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
17:09:36.0694 0x1548  i8042prt - ok
17:09:36.0694 0x1548  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
17:09:36.0709 0x1548  iaLPSSi_GPIO - ok
17:09:36.0709 0x1548  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
17:09:36.0725 0x1548  iaLPSSi_I2C - ok
17:09:36.0756 0x1548  [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
17:09:36.0788 0x1548  iaStorA - ok
17:09:36.0819 0x1548  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
17:09:36.0834 0x1548  iaStorAV - ok
17:09:36.0881 0x1548  [ 20E83F4632E15A5E9E716FF2E8AC7FAE, 7CA1A4924F432AD30ED7FA6247C6513DA173EE31132AE115E85C0ED7E5971029 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:09:36.0897 0x1548  IAStorDataMgrSvc - ok
17:09:36.0928 0x1548  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
17:09:36.0975 0x1548  iaStorV - ok
17:09:37.0006 0x1548  [ 23E22B130EFE5A225E279467BE146317, 2302C119FE9C57F3A71DFE504489423B6F7140E2DFF5D501883AD971CB671CB4 ] ibtfltcoex      C:\WINDOWS\system32\DRIVERS\iBtFltCoex.sys
17:09:37.0022 0x1548  ibtfltcoex - ok
17:09:37.0069 0x1548  [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
17:09:37.0084 0x1548  ICCS - ok
17:09:37.0100 0x1548  IEEtwCollectorService - ok
17:09:37.0225 0x1548  [ 16D939A13CFB82DEE0B9DB12E45C7B4E, D09C57DE3EF7F6BEDD354FEEDB46260FDCF9F9A0F2D096FFD518509AD041AAC5 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
17:09:37.0319 0x1548  igfx - ok
17:09:37.0413 0x1548  [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
17:09:37.0444 0x1548  IKEEXT - ok
17:09:37.0475 0x1548  [ DB65573521AB51941F4FA799D0968136, 418F5E3FE725B7B114F3DAEBDCEBCE7F4AD8ECAAFF572C02BA9ACCE86D55BFD8 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
17:09:37.0475 0x1548  intaud_WaveExtensible - ok
17:09:37.0506 0x1548  [ D6A22510D795928E8840619900D672B4, 296F232B0A6D42840A745E4706D2815F6D2E4279DBD90112CBFBFF8833B724AF ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
17:09:37.0522 0x1548  IntcDAud - ok
17:09:37.0553 0x1548  [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
17:09:37.0569 0x1548  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
17:09:39.0928 0x1548  Detect skipped due to KSN trusted
17:09:39.0928 0x1548  Intel(R) Capability Licensing Service Interface - ok
17:09:40.0038 0x1548  [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
17:09:40.0069 0x1548  Intel(R) Capability Licensing Service TCP IP Interface - ok
17:09:40.0116 0x1548  [ AB62699812B02E9268F4DA68F2791512, 7E108FDC5AB41731EAEDFBFB68FEE58F2B0FE6F04BAE0E95A635D12A06269FAA ] Intel(R) Wireless Bluetooth(R) 4.0 Radio Management C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
17:09:40.0116 0x1548  Intel(R) Wireless Bluetooth(R) 4.0 Radio Management - ok
17:09:40.0131 0x1548  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
17:09:40.0147 0x1548  intelide - ok
17:09:40.0178 0x1548  [ 139CFCDCD36B1B1782FD8C0014AC9B0E, E0D7E0E9B46A8CECE138D689820023BFA650FB689E4FD62855BED37E04F2D9FF ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
17:09:40.0194 0x1548  intelpep - ok
17:09:40.0225 0x1548  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
17:09:40.0241 0x1548  intelppm - ok
17:09:40.0256 0x1548  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:09:40.0288 0x1548  IpFilterDriver - ok
17:09:40.0366 0x1548  [ 1670A274ED1A815311BA33CD27B0D0E8, 28378D3908DCFA2C0E8FCF83E5AFEF643C89BBB285FA0F1692FE576AEA2F4E45 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
17:09:40.0397 0x1548  iphlpsvc - ok
17:09:40.0428 0x1548  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
17:09:40.0460 0x1548  IPMIDRV - ok
17:09:40.0491 0x1548  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
17:09:40.0506 0x1548  IPNAT - ok
17:09:40.0522 0x1548  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
17:09:40.0553 0x1548  IRENUM - ok
17:09:40.0569 0x1548  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
17:09:40.0585 0x1548  isapnp - ok
17:09:40.0631 0x1548  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
17:09:40.0663 0x1548  iScsiPrt - ok
17:09:40.0710 0x1548  [ 2C04ACF9070282AC9AA837C52CA3C128, 2C68FE2E876E5089F27021038E868E21288F694F3ED0390AED5B4712CC7567EC ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
17:09:40.0710 0x1548  iwdbus - ok
17:09:40.0772 0x1548  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
17:09:40.0788 0x1548  jhi_service - ok
17:09:40.0819 0x1548  [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
17:09:40.0835 0x1548  kbdclass - ok
17:09:40.0866 0x1548  [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
17:09:40.0881 0x1548  kbdhid - ok
17:09:40.0881 0x1548  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
17:09:40.0913 0x1548  kdnic - ok
17:09:40.0928 0x1548  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso          C:\WINDOWS\system32\lsass.exe
17:09:40.0944 0x1548  KeyIso - ok
17:09:40.0975 0x1548  [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
17:09:40.0991 0x1548  KSecDD - ok
17:09:41.0038 0x1548  [ F88CC88F4A6D8476F1664E805CA18CC2, 2C61EE5EEA4FD45AA3FA927CC16E34EF90BD44324EAB14198AF65C3A27617991 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
17:09:41.0069 0x1548  KSecPkg - ok
17:09:41.0085 0x1548  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
17:09:41.0100 0x1548  ksthunk - ok
17:09:41.0178 0x1548  [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
17:09:41.0210 0x1548  KtmRm - ok
17:09:41.0272 0x1548  [ 4E5EA006CFFB96E0BAFC767D659AAB9A, A24A334955FB98D0903971454FADAC639D535BD32BB48964BD95019C7F6C454E ] L1C             C:\WINDOWS\system32\DRIVERS\L1C63x64.sys
17:09:41.0288 0x1548  L1C - ok
17:09:41.0350 0x1548  [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
17:09:41.0381 0x1548  LanmanServer - ok
17:09:41.0428 0x1548  [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
17:09:41.0444 0x1548  LanmanWorkstation - ok
17:09:41.0491 0x1548  [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
17:09:41.0522 0x1548  lfsvc - ok
17:09:41.0553 0x1548  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\WINDOWS\system32\DRIVERS\LhdX64.sys
17:09:41.0553 0x1548  LHDmgr - ok
17:09:41.0569 0x1548  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
17:09:41.0585 0x1548  lltdio - ok
17:09:41.0616 0x1548  [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
17:09:41.0631 0x1548  lltdsvc - ok
17:09:41.0663 0x1548  [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
17:09:41.0663 0x1548  lmhosts - ok
17:09:41.0725 0x1548  [ B16F2A40E738277AB75515D4B024305E, 38F48CCD72FA2B32DFD3123C0864AB724AC673414EEE09C6F582754177CD4B98 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:09:41.0741 0x1548  LMS - ok
17:09:41.0897 0x1548  [ 649982D990F825800FAA8BDAD98A1C30, 1871CDA2817F89F7A563B76EBE60913843CA09917DFE3EB1CD78F674DF1578B9 ] LSCWinService   C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
17:09:41.0944 0x1548  LSCWinService - ok
17:09:42.0147 0x1548  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
17:09:42.0163 0x1548  LSI_SAS - ok
17:09:42.0178 0x1548  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
17:09:42.0194 0x1548  LSI_SAS2 - ok
17:09:42.0194 0x1548  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
17:09:42.0210 0x1548  LSI_SAS3 - ok
17:09:42.0225 0x1548  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
17:09:42.0225 0x1548  LSI_SSS - ok
17:09:42.0303 0x1548  [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM             C:\WINDOWS\System32\lsm.dll
17:09:42.0335 0x1548  LSM - ok
17:09:42.0538 0x1548  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
17:09:42.0553 0x1548  luafv - ok
17:09:42.0663 0x1548  [ 1704A8189EE5580AB147CFD25C5C8770, DFA076FD36B5CC844D4BE3B865E9A1F809E14CCB1D78D82A2D8D8EE38210E6EB ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
17:09:42.0678 0x1548  McComponentHostService - ok
17:09:42.0694 0x1548  McMPFSvc - ok
17:09:42.0710 0x1548  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
17:09:42.0725 0x1548  megasas - ok
17:09:42.0757 0x1548  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
17:09:42.0788 0x1548  megasr - ok
17:09:42.0835 0x1548  [ 18B9AD128EC84E8D16A83F70CF36594F, 199DF15D68E2A079794E5DD325162C1A68A65EF26EEF5A6C6154281DDE57279A ] MEIx64          C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
17:09:42.0850 0x1548  MEIx64 - ok
17:09:42.0882 0x1548  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS           C:\WINDOWS\system32\mmcss.dll
17:09:42.0882 0x1548  MMCSS - ok
17:09:42.0913 0x1548  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
17:09:42.0913 0x1548  Modem - ok
17:09:42.0928 0x1548  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
17:09:42.0944 0x1548  monitor - ok
17:09:42.0960 0x1548  [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
17:09:42.0960 0x1548  mouclass - ok
17:09:42.0975 0x1548  [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
17:09:42.0991 0x1548  mouhid - ok
17:09:43.0007 0x1548  [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
17:09:43.0007 0x1548  mountmgr - ok
17:09:43.0053 0x1548  [ F60E017313E0F1EEB21D87C434CF538D, 5418A716AD23E21FFF7CDACD0C4EF2CD7F1D45E391E72196B4D036DBF9E9559C ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:09:43.0085 0x1548  MozillaMaintenance - ok
17:09:43.0100 0x1548  [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
17:09:43.0132 0x1548  mpsdrv - ok
17:09:43.0194 0x1548  [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
17:09:43.0241 0x1548  MpsSvc - ok
17:09:43.0288 0x1548  [ 1D55DADC22D21883A2F80297F5A5AE48, B79DF4AFC2A9CBC54E74233596544D6E41C8CAA0516BD57CA695D051EC780265 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
17:09:43.0288 0x1548  MRxDAV - ok
17:09:43.0335 0x1548  [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:09:43.0366 0x1548  mrxsmb - ok
17:09:43.0382 0x1548  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
17:09:43.0397 0x1548  mrxsmb10 - ok
17:09:43.0428 0x1548  [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
17:09:43.0444 0x1548  mrxsmb20 - ok
17:09:43.0460 0x1548  [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
17:09:43.0475 0x1548  MsBridge - ok
17:09:43.0507 0x1548  [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
17:09:43.0522 0x1548  MSDTC - ok
17:09:43.0554 0x1548  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
17:09:43.0554 0x1548  Msfs - ok
17:09:43.0569 0x1548  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
17:09:43.0585 0x1548  msgpiowin32 - ok
17:09:43.0600 0x1548  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
17:09:43.0600 0x1548  mshidkmdf - ok
17:09:43.0616 0x1548  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
17:09:43.0632 0x1548  mshidumdf - ok
17:09:43.0647 0x1548  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
17:09:43.0663 0x1548  msisadrv - ok
17:09:43.0679 0x1548  [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
17:09:43.0694 0x1548  MSiSCSI - ok
17:09:43.0694 0x1548  msiserver - ok
17:09:43.0725 0x1548  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:09:43.0725 0x1548  MSKSSRV - ok
17:09:43.0757 0x1548  [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
17:09:43.0772 0x1548  MsLldp - ok
17:09:43.0772 0x1548  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:09:43.0788 0x1548  MSPCLOCK - ok
17:09:43.0804 0x1548  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
17:09:43.0819 0x1548  MSPQM - ok
17:09:43.0866 0x1548  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
17:09:43.0897 0x1548  MsRPC - ok
17:09:43.0913 0x1548  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
17:09:43.0929 0x1548  mssmbios - ok
17:09:43.0929 0x1548  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
17:09:43.0944 0x1548  MSTEE - ok
17:09:43.0960 0x1548  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
17:09:43.0960 0x1548  MTConfig - ok
17:09:43.0975 0x1548  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
17:09:43.0991 0x1548  Mup - ok
17:09:43.0991 0x1548  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
17:09:44.0007 0x1548  mvumis - ok
17:09:44.0038 0x1548  [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent        C:\WINDOWS\system32\qagentRT.dll
17:09:44.0069 0x1548  napagent - ok
17:09:44.0100 0x1548  [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
17:09:44.0132 0x1548  NativeWifiP - ok
17:09:44.0163 0x1548  [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
17:09:44.0179 0x1548  NcaSvc - ok
17:09:44.0194 0x1548  [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
17:09:44.0210 0x1548  NcbService - ok
17:09:44.0225 0x1548  [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
17:09:44.0241 0x1548  NcdAutoSetup - ok
17:09:44.0304 0x1548  [ E4B4BE2D7750849C07589DA0B0AABA01, BB5AA727BA018A94B5DE2C4E0B594DD2E7A2B3457885446EE568F3A1E18AB3B0 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
17:09:44.0350 0x1548  NDIS - ok
17:09:44.0366 0x1548  [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
17:09:44.0366 0x1548  NdisCap - ok
17:09:44.0397 0x1548  [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
17:09:44.0413 0x1548  NdisImPlatform - ok
17:09:44.0429 0x1548  [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:09:44.0444 0x1548  NdisTapi - ok
17:09:44.0460 0x1548  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:09:44.0475 0x1548  Ndisuio - ok
17:09:44.0491 0x1548  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
17:09:44.0507 0x1548  NdisVirtualBus - ok
17:09:44.0522 0x1548  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:09:44.0538 0x1548  NdisWan - ok
17:09:44.0538 0x1548  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:09:44.0554 0x1548  NdisWanLegacy - ok
17:09:44.0569 0x1548  [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
17:09:44.0569 0x1548  NDProxy - ok
17:09:44.0585 0x1548  [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
17:09:44.0600 0x1548  Ndu - ok
17:09:44.0616 0x1548  [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
17:09:44.0632 0x1548  NetBIOS - ok
17:09:44.0647 0x1548  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
17:09:44.0663 0x1548  NetBT - ok
17:09:44.0679 0x1548  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon        C:\WINDOWS\system32\lsass.exe
17:09:44.0679 0x1548  Netlogon - ok
17:09:44.0710 0x1548  [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman          C:\WINDOWS\System32\netman.dll
17:09:44.0725 0x1548  Netman - ok
17:09:44.0757 0x1548  [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
17:09:44.0788 0x1548  netprofm - ok
17:09:44.0835 0x1548  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:09:44.0866 0x1548  NetTcpPortSharing - ok
17:09:44.0897 0x1548  [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc          C:\WINDOWS\system32\DRIVERS\netvsc63.sys
17:09:44.0913 0x1548  netvsc - ok
17:09:45.0054 0x1548  [ 3483D44E1B24F17E622870801403AD13, EF9C5290777A4E277D47C87A174FF9441BE23CAD2F456D35B808463041F4675C ] NETwNe64        C:\WINDOWS\system32\DRIVERS\NETwew00.sys
17:09:45.0132 0x1548  NETwNe64 - ok
17:09:45.0179 0x1548  [ 91F2181AFA421D16B44712C40F46762E, 30FD4DE7C10E773F4591669A0C5ACDDCBFE81DDBAB0EDC65063CBDB816A82F6D ] NitroDriverReadSpool8 C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
17:09:45.0179 0x1548  NitroDriverReadSpool8 - ok
17:09:45.0210 0x1548  [ 3A280F3B3C7A46E29C404ACD46ECBF5E, 81C3367A2A212DBCC65B8A0166FD092E3205AB31A146B4B737061335CEC51F9D ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
17:09:45.0257 0x1548  NlaSvc - ok
17:09:45.0319 0x1548  [ 71E7DA06FE7E8DE4BB472DCB57C82F37, C4EE8A733389BB04478A702164B10A84A2245EAA5A0BFD1270FD26A8E2BDE70C ] nlsX86cc        C:\WINDOWS\SysWOW64\NLSSRV32.EXE
17:09:45.0335 0x1548  nlsX86cc - ok
17:09:45.0351 0x1548  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
17:09:45.0351 0x1548  Npfs - ok
17:09:45.0366 0x1548  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
17:09:45.0382 0x1548  npsvctrig - ok
17:09:45.0397 0x1548  [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi             C:\WINDOWS\system32\nsisvc.dll
17:09:45.0413 0x1548  nsi - ok
17:09:45.0413 0x1548  [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
17:09:45.0429 0x1548  nsiproxy - ok
17:09:45.0538 0x1548  [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
17:09:45.0601 0x1548  Ntfs - ok
17:09:45.0616 0x1548  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
17:09:45.0647 0x1548  Null - ok
17:09:45.0663 0x1548  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
17:09:45.0694 0x1548  nvraid - ok
17:09:45.0710 0x1548  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
17:09:45.0726 0x1548  nvstor - ok
17:09:45.0741 0x1548  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
17:09:45.0757 0x1548  nv_agp - ok
17:09:45.0788 0x1548  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
17:09:45.0819 0x1548  p2pimsvc - ok
17:09:45.0866 0x1548  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
17:09:45.0882 0x1548  p2psvc - ok
17:09:45.0898 0x1548  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
17:09:45.0913 0x1548  Parport - ok
17:09:45.0929 0x1548  [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
17:09:45.0944 0x1548  partmgr - ok
17:09:45.0991 0x1548  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
17:09:46.0023 0x1548  PcaSvc - ok
17:09:46.0085 0x1548  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
17:09:46.0116 0x1548  pci - ok
17:09:46.0132 0x1548  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
17:09:46.0148 0x1548  pciide - ok
17:09:46.0163 0x1548  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
17:09:46.0194 0x1548  pcmcia - ok
17:09:46.0226 0x1548  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
17:09:46.0241 0x1548  pcw - ok
17:09:46.0288 0x1548  [ B9D968D8E2B0F9C6301CEB39CFC9B9E4, 83F32831B0727F18B56DC3CAF37E45A3523D2BBCD54D1421F0DE5A0179D8A404 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
17:09:46.0304 0x1548  pdc - ok
17:09:46.0366 0x1548  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
17:09:46.0398 0x1548  PEAUTH - ok
17:09:46.0429 0x1548  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
17:09:46.0444 0x1548  PerfHost - ok
17:09:46.0538 0x1548  [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla             C:\WINDOWS\system32\pla.dll
17:09:46.0585 0x1548  pla - ok
17:09:46.0616 0x1548  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
17:09:46.0648 0x1548  PlugPlay - ok
17:09:46.0663 0x1548  [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
17:09:46.0679 0x1548  PNRPAutoReg - ok
17:09:46.0695 0x1548  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
17:09:46.0726 0x1548  PNRPsvc - ok
17:09:46.0757 0x1548  [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
17:09:46.0773 0x1548  PolicyAgent - ok
17:09:46.0819 0x1548  [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power           C:\WINDOWS\system32\umpo.dll
17:09:46.0851 0x1548  Power - ok
17:09:47.0007 0x1548  [ C0B3AD50136FE57C2548BD75CAC49DA2, B5661CE7631C5D1B1C50F36EE66AF6DF2E9E69DA1D9BA7C852E74D206F72D8DB ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
17:09:47.0069 0x1548  PrintNotify - ok
17:09:47.0101 0x1548  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
17:09:47.0132 0x1548  Processor - ok
17:09:47.0179 0x1548  [ EF1F8B57323E5D3FC6A0A25F98F90DBC, F50E81151604DCD59BB647FD6767C1631AE48B5FCA6D3423C4E32535C94D6369 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
17:09:47.0194 0x1548  ProfSvc - ok
17:09:47.0226 0x1548  [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
17:09:47.0241 0x1548  Psched - ok
17:09:47.0273 0x1548  [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE           C:\WINDOWS\system32\qwave.dll
17:09:47.0288 0x1548  QWAVE - ok
17:09:47.0304 0x1548  [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
17:09:47.0319 0x1548  QWAVEdrv - ok
17:09:47.0319 0x1548  [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:09:47.0335 0x1548  RasAcd - ok
17:09:47.0351 0x1548  [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
17:09:47.0366 0x1548  RasAuto - ok
17:09:47.0429 0x1548  [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan          C:\WINDOWS\System32\rasmans.dll
17:09:47.0476 0x1548  RasMan - ok
17:09:47.0491 0x1548  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:09:47.0523 0x1548  RasPppoe - ok
17:09:47.0570 0x1548  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:09:47.0601 0x1548  rdbss - ok
17:09:47.0616 0x1548  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
17:09:47.0616 0x1548  rdpbus - ok
17:09:47.0648 0x1548  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
17:09:47.0663 0x1548  RDPDR - ok
17:09:47.0679 0x1548  [ 858776908AF838E3790F3261B799CDA6, 5BE4658540382D1B2F46E503CE175D74E3870FE492B8B8F37C3CFB34FF8E2DA8 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
17:09:47.0695 0x1548  RdpVideoMiniport - ok
17:09:47.0726 0x1548  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
17:09:47.0741 0x1548  rdyboost - ok
17:09:47.0804 0x1548  [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
17:09:47.0835 0x1548  ReFS - ok
17:09:47.0882 0x1548  [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:09:47.0898 0x1548  RemoteAccess - ok
17:09:47.0913 0x1548  [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
17:09:47.0945 0x1548  RemoteRegistry - ok
17:09:47.0960 0x1548  [ 0527EF6E23B9FAB37DDCBC479C6CFA28, C004CE600074AC434F8B24A3383F8C0ACFA5476D9E3B1493B40911C78B028D64 ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
17:09:47.0976 0x1548  RFCOMM - ok
17:09:48.0054 0x1548  [ FBA61BB4C484A01A655AFB18FF86C417, D53B2110CB09D0A909C4E330C468351BFE076BB056CCDDCB8ADA2FB91E96352E ] RichVideo64     C:\Program Files\CyberLink\Shared files\RichVideo64.exe
17:09:48.0070 0x1548  RichVideo64 - ok
17:09:48.0101 0x1548  [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
17:09:48.0101 0x1548  RpcEptMapper - ok
17:09:48.0132 0x1548  [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator      C:\WINDOWS\system32\locator.exe
17:09:48.0132 0x1548  RpcLocator - ok
17:09:48.0195 0x1548  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
17:09:48.0226 0x1548  RpcSs - ok
17:09:48.0257 0x1548  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
17:09:48.0273 0x1548  rspndr - ok
17:09:48.0304 0x1548  [ 4EC89C0725CE4B98994B88F19B30C288, 4FA73C24A2E18D04CE27EEF17C9AE847D0251B711F60D116139F6166F90CD08F ] RSUSBVSTOR      C:\WINDOWS\System32\Drivers\RtsUVStor.sys
17:09:48.0320 0x1548  RSUSBVSTOR - ok
17:09:48.0398 0x1548  [ B0A0260A3C03156937ECDB67CE5C6FE5, 88102D22976398599FA6165E9DBC1213EF2A001C99602E2195C9A7BAB0A127D7 ] RtlWlanu        C:\WINDOWS\system32\DRIVERS\rtwlanu.sys
17:09:48.0445 0x1548  RtlWlanu - ok
17:09:48.0710 0x1548  [ 993E6A15FD3EAFC280B8EBB396FA31B2, F268BEE5FFA81A42314DEA4E209FA9D737E50EBE49F76C64B23554F90499A334 ] rtsuvc          C:\WINDOWS\system32\DRIVERS\rtsuvc.sys
17:09:48.0882 0x1548  rtsuvc - ok
17:09:48.0898 0x1548  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
17:09:48.0913 0x1548  s3cap - ok
17:09:48.0929 0x1548  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs           C:\WINDOWS\system32\lsass.exe
17:09:48.0945 0x1548  SamSs - ok
17:09:48.0945 0x1548  SAService - ok
17:09:48.0960 0x1548  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
17:09:48.0976 0x1548  sbp2port - ok
17:09:48.0991 0x1548  [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
17:09:49.0007 0x1548  SCardSvr - ok
17:09:49.0038 0x1548  [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
17:09:49.0054 0x1548  ScDeviceEnum - ok
17:09:49.0070 0x1548  [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
17:09:49.0070 0x1548  scfilter - ok
17:09:49.0148 0x1548  [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
17:09:49.0195 0x1548  Schedule - ok
17:09:49.0226 0x1548  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
17:09:49.0241 0x1548  SCPolicySvc - ok
17:09:49.0351 0x1548  [ FDEC5799BA499D18AFA3A540538866E7, 551EE0945FE4EC213FFF623E524500B57531EFEA2D76FA7ED1D2D605E7E2168F ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
17:09:49.0382 0x1548  sdbus - ok
17:09:49.0413 0x1548  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
17:09:49.0429 0x1548  sdstor - ok
17:09:49.0445 0x1548  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
17:09:49.0460 0x1548  secdrv - ok
17:09:49.0476 0x1548  [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon        C:\WINDOWS\system32\seclogon.dll
17:09:49.0507 0x1548  seclogon - ok
17:09:49.0523 0x1548  [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS            C:\WINDOWS\System32\sens.dll
17:09:49.0554 0x1548  SENS - ok
17:09:49.0601 0x1548  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] SensorsAlsDriver C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
17:09:49.0616 0x1548  SensorsAlsDriver - ok
17:09:49.0632 0x1548  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] SensorsHIDClassDriver C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
17:09:49.0648 0x1548  SensorsHIDClassDriver - ok
17:09:49.0663 0x1548  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] SensorsServiceDriver C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
17:09:49.0679 0x1548  SensorsServiceDriver - ok
17:09:49.0695 0x1548  [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
17:09:49.0710 0x1548  SensrSvc - ok
17:09:49.0742 0x1548  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
17:09:49.0742 0x1548  SerCx - ok
17:09:49.0773 0x1548  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
17:09:49.0788 0x1548  SerCx2 - ok
17:09:49.0804 0x1548  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
17:09:49.0804 0x1548  Serenum - ok
17:09:49.0820 0x1548  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
17:09:49.0835 0x1548  Serial - ok
17:09:49.0835 0x1548  [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
17:09:49.0851 0x1548  sermouse - ok
17:09:49.0898 0x1548  [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
17:09:49.0929 0x1548  SessionEnv - ok
17:09:49.0945 0x1548  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
17:09:49.0960 0x1548  sfloppy - ok
17:09:50.0023 0x1548  [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:09:50.0054 0x1548  SharedAccess - ok
17:09:50.0101 0x1548  [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:09:50.0148 0x1548  ShellHWDetection - ok
17:09:50.0163 0x1548  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
17:09:50.0179 0x1548  SiSRaid2 - ok
17:09:50.0195 0x1548  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
17:09:50.0195 0x1548  SiSRaid4 - ok
17:09:50.0257 0x1548  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:09:50.0288 0x1548  SkypeUpdate - ok
17:09:50.0304 0x1548  [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost         C:\WINDOWS\System32\smphost.dll
17:09:50.0304 0x1548  smphost - ok
17:09:50.0335 0x1548  [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
17:09:50.0351 0x1548  SNMPTRAP - ok
17:09:50.0398 0x1548  [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
17:09:50.0445 0x1548  spaceport - ok
17:09:50.0445 0x1548  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
17:09:50.0460 0x1548  SpbCx - ok
17:09:50.0523 0x1548  [ 42FEA9E0BA9761D9E65A4F167D91515B, 9A34CE83F3ACD50608671BDABE5E475F8E0C8335D3B8B7B3D7E84B2A319FA29F ] Spooler         C:\WINDOWS\System32\spoolsv.exe
17:09:50.0554 0x1548  Spooler - ok
17:09:50.0757 0x1548  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
17:09:50.0929 0x1548  sppsvc - ok
17:09:50.0960 0x1548  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
17:09:50.0976 0x1548  srv - ok
17:09:51.0007 0x1548  [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
17:09:51.0038 0x1548  srv2 - ok
17:09:51.0054 0x1548  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
17:09:51.0070 0x1548  srvnet - ok
17:09:51.0101 0x1548  [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:09:51.0117 0x1548  SSDPSRV - ok
17:09:51.0132 0x1548  [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
17:09:51.0148 0x1548  SstpSvc - ok
17:09:51.0210 0x1548  [ AFE32AFD30464FC59CB8E88DC72F66FA, 24644F8AA47E61B98EF867BE18A9BE383822D64F3AADF2ED35E42FBFBA7B340F ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
17:09:51.0242 0x1548  Steam Client Service - ok
17:09:51.0273 0x1548  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
17:09:51.0288 0x1548  stexstor - ok
17:09:51.0320 0x1548  [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
17:09:51.0335 0x1548  stisvc - ok
17:09:51.0351 0x1548  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
17:09:51.0351 0x1548  storahci - ok
17:09:51.0367 0x1548  [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt         C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
17:09:51.0382 0x1548  storflt - ok
17:09:51.0414 0x1548  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
17:09:51.0429 0x1548  stornvme - ok
17:09:51.0445 0x1548  [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
17:09:51.0476 0x1548  StorSvc - ok
17:09:51.0492 0x1548  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
17:09:51.0507 0x1548  storvsc - ok
17:09:51.0523 0x1548  [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc           C:\WINDOWS\system32\svsvc.dll
17:09:51.0554 0x1548  svsvc - ok
17:09:51.0554 0x1548  [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
17:09:51.0570 0x1548  swenum - ok
17:09:51.0632 0x1548  [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv           C:\WINDOWS\System32\swprv.dll
17:09:51.0663 0x1548  swprv - ok
17:09:51.0757 0x1548  [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain         C:\WINDOWS\system32\sysmain.dll
17:09:51.0804 0x1548  SysMain - ok
17:09:51.0835 0x1548  [ D65B1C952AEB864C2BAC7A770B17ECCE, 3EFAAFFF73390D9CB660E0F42B305512396CF66ED06E4A20ED67E8722FB4355B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
17:09:51.0851 0x1548  SystemEventsBroker - ok
17:09:51.0867 0x1548  [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
17:09:51.0882 0x1548  TabletInputService - ok
17:09:51.0914 0x1548  [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:09:51.0929 0x1548  TapiSrv - ok
17:09:52.0054 0x1548  [ FEBAA7D782E30882FFF1CBCBBE8AD467, B54333F52CF901CADB3B71334BFAFA63C508A0F7EA7E700C5578FC20D780403E ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
17:09:52.0117 0x1548  Tcpip - ok
17:09:52.0226 0x1548  [ FEBAA7D782E30882FFF1CBCBBE8AD467, B54333F52CF901CADB3B71334BFAFA63C508A0F7EA7E700C5578FC20D780403E ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:09:52.0304 0x1548  TCPIP6 - ok
17:09:52.0335 0x1548  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
17:09:52.0351 0x1548  tcpipreg - ok
17:09:52.0382 0x1548  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
17:09:52.0414 0x1548  tdx - ok
17:09:52.0429 0x1548  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
17:09:52.0445 0x1548  terminpt - ok
17:09:52.0539 0x1548  [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService     C:\WINDOWS\System32\termsrv.dll
17:09:52.0570 0x1548  TermService - ok
17:09:52.0585 0x1548  [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes          C:\WINDOWS\system32\themeservice.dll
17:09:52.0617 0x1548  Themes - ok
17:09:52.0648 0x1548  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
17:09:52.0664 0x1548  THREADORDER - ok
17:09:52.0695 0x1548  [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
17:09:52.0726 0x1548  TimeBroker - ok
17:09:52.0757 0x1548  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
17:09:52.0773 0x1548  TPM - ok
17:09:52.0789 0x1548  [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
17:09:52.0804 0x1548  TrkWks - ok
17:09:52.0851 0x1548  [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
17:09:52.0882 0x1548  TrustedInstaller - ok
17:09:52.0898 0x1548  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
17:09:52.0914 0x1548  TsUsbFlt - ok
17:09:52.0929 0x1548  [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
17:09:52.0945 0x1548  TsUsbGD - ok
17:09:52.0960 0x1548  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
17:09:52.0992 0x1548  tunnel - ok
17:09:52.0992 0x1548  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
17:09:53.0007 0x1548  uagp35 - ok
17:09:53.0023 0x1548  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
17:09:53.0039 0x1548  UASPStor - ok
17:09:53.0054 0x1548  [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
17:09:53.0070 0x1548  UCX01000 - ok
17:09:53.0101 0x1548  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
17:09:53.0117 0x1548  udfs - ok
17:09:53.0132 0x1548  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
17:09:53.0148 0x1548  UEFI - ok
17:09:53.0179 0x1548  [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
17:09:53.0210 0x1548  UI0Detect - ok
17:09:53.0226 0x1548  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
17:09:53.0242 0x1548  uliagpkx - ok
17:09:53.0273 0x1548  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
17:09:53.0289 0x1548  umbus - ok
17:09:53.0304 0x1548  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
17:09:53.0320 0x1548  UmPass - ok
17:09:53.0335 0x1548  [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
17:09:53.0367 0x1548  UmRdpService - ok
17:09:53.0398 0x1548  [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:09:53.0429 0x1548  upnphost - ok
17:09:53.0460 0x1548  [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
17:09:53.0476 0x1548  usbaudio - ok
17:09:53.0507 0x1548  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
17:09:53.0523 0x1548  usbccgp - ok
17:09:53.0554 0x1548  [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
17:09:53.0570 0x1548  usbcir - ok
17:09:53.0601 0x1548  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
17:09:53.0617 0x1548  usbehci - ok
17:09:53.0632 0x1548  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
17:09:53.0664 0x1548  usbhub - ok
17:09:53.0679 0x1548  [ 65392F3F3F65E4C6CC82A0F4F8A0B051, C11B662A28D95820717DFFC6B76DBB755E4876009A2342E5E3992DE32D6BFF61 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
17:09:53.0695 0x1548  USBHUB3 - ok
17:09:53.0726 0x1548  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
17:09:53.0726 0x1548  usbohci - ok
17:09:53.0742 0x1548  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
17:09:53.0757 0x1548  usbprint - ok
17:09:53.0789 0x1548  [ EA23453240137F6773174E0D93F61A69, 579AD09FB428C2BB8B4055128620A7AADD1B606C1EA44B87A01D69A84232A5D9 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
17:09:53.0804 0x1548  USBSTOR - ok
17:09:53.0820 0x1548  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
17:09:53.0835 0x1548  usbuhci - ok
17:09:53.0851 0x1548  [ 18F744E8CCEB2670040EBAF7AD77B8C6, C5E2DF4EA0D946B4DA67DE29FA9D0F079DED35EC59B98E532C4C2D5F8E86DA0A ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
17:09:53.0867 0x1548  usbvideo - ok
17:09:53.0914 0x1548  [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
17:09:53.0929 0x1548  USBXHCI - ok
17:09:53.0945 0x1548  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
17:09:53.0960 0x1548  VaultSvc - ok
17:09:53.0976 0x1548  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
17:09:53.0976 0x1548  vdrvroot - ok
17:09:54.0023 0x1548  [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds             C:\WINDOWS\System32\vds.exe
17:09:54.0070 0x1548  vds - ok
17:09:54.0117 0x1548  [ F7579733F4E8FF9B534C3F7D38F25C2C, 449FED49F2178D2A8000549B180606D050751762F53E600C13CFBEC91601DE87 ] VeriFaceSrv     C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
17:09:54.0132 0x1548  VeriFaceSrv - ok
17:09:54.0164 0x1548  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
17:09:54.0195 0x1548  VerifierExt - ok
17:09:54.0257 0x1548  [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
17:09:54.0289 0x1548  vhdmp - ok
17:09:54.0304 0x1548  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
17:09:54.0320 0x1548  viaide - ok
17:09:54.0335 0x1548  [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
17:09:54.0351 0x1548  vmbus - ok
17:09:54.0367 0x1548  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
17:09:54.0382 0x1548  VMBusHID - ok
17:09:54.0429 0x1548  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
17:09:54.0461 0x1548  vmicguestinterface - ok
17:09:54.0476 0x1548  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
17:09:54.0492 0x1548  vmicheartbeat - ok
17:09:54.0523 0x1548  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
17:09:54.0539 0x1548  vmickvpexchange - ok
17:09:54.0554 0x1548  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
17:09:54.0586 0x1548  vmicrdv - ok
17:09:54.0586 0x1548  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
17:09:54.0617 0x1548  vmicshutdown - ok
17:09:54.0648 0x1548  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
17:09:54.0664 0x1548  vmictimesync - ok
17:09:54.0679 0x1548  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
17:09:54.0695 0x1548  vmicvss - ok
17:09:54.0711 0x1548  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
17:09:54.0726 0x1548  volmgr - ok
17:09:54.0742 0x1548  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
17:09:54.0757 0x1548  volmgrx - ok
17:09:54.0804 0x1548  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
17:09:54.0836 0x1548  volsnap - ok
17:09:54.0867 0x1548  [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
17:09:54.0867 0x1548  vpci - ok
17:09:54.0976 0x1548  [ 5C180CD2A33051642A589A7C6090A035, 2045BFA86EBCA6D3F9C029DA9D84BE22BCC183907A1073699A65AB700F20605A ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
17:09:54.0992 0x1548  vpnagent - ok
17:09:55.0023 0x1548  [ 5B3644AB5E8E210F60869EA6895DE822, 0D713C1C92E73BE8886DD1E9D5D37721427598B3B8DD93B30E522B0825E2082E ] vpnva           C:\WINDOWS\system32\DRIVERS\vpnva64-6.sys
17:09:55.0023 0x1548  vpnva - ok
17:09:55.0070 0x1548  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
17:09:55.0086 0x1548  vsmraid - ok
17:09:55.0179 0x1548  [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS             C:\WINDOWS\system32\vssvc.exe
17:09:55.0226 0x1548  VSS - ok
17:09:55.0242 0x1548  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
17:09:55.0257 0x1548  VSTXRAID - ok
17:09:55.0304 0x1548  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
17:09:55.0320 0x1548  vwifibus - ok
17:09:55.0367 0x1548  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
17:09:55.0382 0x1548  vwififlt - ok
17:09:55.0398 0x1548  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
17:09:55.0414 0x1548  vwifimp - ok
17:09:55.0445 0x1548  [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time         C:\WINDOWS\system32\w32time.dll
17:09:55.0492 0x1548  W32Time - ok
17:09:55.0507 0x1548  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
17:09:55.0523 0x1548  WacomPen - ok
17:09:55.0601 0x1548  [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
17:09:55.0648 0x1548  wbengine - ok
17:09:55.0711 0x1548  [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
17:09:55.0742 0x1548  WbioSrvc - ok
17:09:55.0789 0x1548  [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
17:09:55.0820 0x1548  Wcmsvc - ok
17:09:55.0867 0x1548  [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
17:09:55.0882 0x1548  wcncsvc - ok
17:09:55.0914 0x1548  [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
17:09:55.0914 0x1548  WcsPlugInService - ok
17:09:55.0961 0x1548  [ F5D4FA3E1F4879C361FFF3855259D2C2, 48C60FE4AAB011E2250157506FF0624031BFA346F8F2F8C6DFDF6F3CAA4F3F42 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
17:09:55.0976 0x1548  WdBoot - ok
17:09:56.0039 0x1548  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
17:09:56.0070 0x1548  Wdf01000 - ok
17:09:56.0086 0x1548  [ 019CC610AD95FF47EAD7C08B7A683B96, BB9D42F8ED90ECA2E7B8C906E06A1EA859FAD9BD1B3492BB1E28C0D00004812A ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
17:09:56.0101 0x1548  WdFilter - ok
17:09:56.0132 0x1548  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
17:09:56.0148 0x1548  WdiServiceHost - ok
17:09:56.0148 0x1548  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
17:09:56.0164 0x1548  WdiSystemHost - ok
17:09:56.0179 0x1548  [ 6CC1BB8F6851A262E2E824F0E92D5EEF, 45A88A984179BBA38C1F4434C4D6C2823C1FE6AFBE8CB0F656DAE0092D1D5611 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
17:09:56.0195 0x1548  WdNisDrv - ok
17:09:56.0211 0x1548  WdNisSvc - ok
17:09:56.0257 0x1548  [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:09:56.0289 0x1548  WebClient - ok
17:09:56.0304 0x1548  [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
17:09:56.0320 0x1548  Wecsvc - ok
17:09:56.0336 0x1548  [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
17:09:56.0351 0x1548  WEPHOSTSVC - ok
17:09:56.0382 0x1548  [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
17:09:56.0398 0x1548  wercplsupport - ok
17:09:56.0445 0x1548  [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
17:09:56.0461 0x1548  WerSvc - ok
17:09:56.0539 0x1548  [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
17:09:56.0570 0x1548  WFPLWFS - ok
17:09:56.0633 0x1548  [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
17:09:56.0648 0x1548  WiaRpc - ok
17:09:56.0726 0x1548  [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
17:09:56.0757 0x1548  WIMMount - ok
17:09:56.0757 0x1548  WinDefend - ok
17:09:57.0086 0x1548  [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
17:09:57.0117 0x1548  WinHttpAutoProxySvc - ok
17:09:57.0226 0x1548  [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
17:09:57.0258 0x1548  Winmgmt - ok
17:09:57.0445 0x1548  [ C8D6344BDE2691A196E61C0D3372EAB7, FF8EB79D8A7E298343C22B83276FF68293D08A9DA438BB22600BEFC4CA93A91D ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
17:09:57.0508 0x1548  WinRM - ok
17:09:57.0836 0x1548  [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
17:09:57.0883 0x1548  WlanSvc - ok
17:09:58.0008 0x1548  [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
17:09:58.0070 0x1548  wlidsvc - ok
17:09:58.0133 0x1548  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
17:09:58.0148 0x1548  WmiAcpi - ok
17:09:58.0211 0x1548  [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
17:09:58.0242 0x1548  wmiApSrv - ok
17:09:58.0289 0x1548  WMPNetworkSvc - ok
17:09:58.0383 0x1548  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
17:09:58.0414 0x1548  Wof - ok
17:09:58.0601 0x1548  [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
17:09:58.0648 0x1548  workfolderssvc - ok
17:09:58.0695 0x1548  [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
17:09:58.0726 0x1548  wpcfltr - ok
17:09:58.0773 0x1548  [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
17:09:58.0789 0x1548  WPCSvc - ok
17:09:58.0929 0x1548  [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
17:09:58.0945 0x1548  WPDBusEnum - ok
17:09:58.0992 0x1548  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
17:09:59.0008 0x1548  WpdUpFltr - ok
17:09:59.0054 0x1548  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
17:09:59.0070 0x1548  ws2ifsl - ok
17:09:59.0117 0x1548  [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
17:09:59.0148 0x1548  wscsvc - ok
17:09:59.0148 0x1548  WSearch - ok
17:09:59.0508 0x1548  [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService       C:\WINDOWS\System32\WSService.dll
17:09:59.0601 0x1548  WSService - ok
17:09:59.0695 0x1548  [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd            C:\WINDOWS\system32\DRIVERS\wsvd.sys
17:09:59.0711 0x1548  wsvd - ok
17:10:00.0039 0x1548  [ D24002EB2F4A8A04897703067E81CC5D, 03806198D26DD7BA3E27EFE0911B49E5B48CAD8A05EC4F56AF45CF1E3FAD6916 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
17:10:00.0133 0x1548  wuauserv - ok
17:10:00.0211 0x1548  [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
17:10:00.0226 0x1548  WudfPf - ok
17:10:00.0258 0x1548  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
17:10:00.0289 0x1548  WUDFRd - ok
17:10:00.0320 0x1548  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP    C:\WINDOWS\System32\drivers\WUDFRd.sys
17:10:00.0351 0x1548  WUDFSensorLP - ok
17:10:00.0430 0x1548  [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
17:10:00.0461 0x1548  wudfsvc - ok
17:10:00.0476 0x1548  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
17:10:00.0492 0x1548  WUDFWpdFs - ok
17:10:00.0633 0x1548  [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
17:10:00.0680 0x1548  WwanSvc - ok
17:10:00.0680 0x1548  ================ Scan global ===============================
17:10:00.0758 0x1548  [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\WINDOWS\system32\basesrv.dll
17:10:00.0805 0x1548  [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\WINDOWS\system32\winsrv.dll
17:10:00.0851 0x1548  [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\WINDOWS\system32\sxssrv.dll
17:10:00.0945 0x1548  [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\WINDOWS\system32\services.exe
17:10:00.0961 0x1548  [ Global ] - ok
17:10:00.0961 0x1548  ================ Scan MBR ==================================
17:10:01.0039 0x1548  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
17:10:01.0695 0x1548  \Device\Harddisk0\DR0 - ok
17:10:01.0695 0x1548  ================ Scan VBR ==================================
17:10:01.0789 0x1548  [ 62381FC9A72C0BBEFA6583CA575D2B75 ] \Device\Harddisk0\DR0\Partition1
17:10:01.0789 0x1548  \Device\Harddisk0\DR0\Partition1 - ok
17:10:01.0852 0x1548  [ A69A74691040F222CBCA623083EB273F ] \Device\Harddisk0\DR0\Partition2
17:10:01.0867 0x1548  \Device\Harddisk0\DR0\Partition2 - ok
17:10:01.0898 0x1548  [ BF1AC84C00475F68F384D05AB1608D78 ] \Device\Harddisk0\DR0\Partition3
17:10:01.0930 0x1548  \Device\Harddisk0\DR0\Partition3 - ok
17:10:01.0977 0x1548  [ 12CA558EEB1FE85B772FD1B4B89752AA ] \Device\Harddisk0\DR0\Partition4
17:10:01.0977 0x1548  \Device\Harddisk0\DR0\Partition4 - ok
17:10:02.0023 0x1548  [ 7B48BBD836FA56EE42D99F962D41C126 ] \Device\Harddisk0\DR0\Partition5
17:10:02.0086 0x1548  \Device\Harddisk0\DR0\Partition5 - ok
17:10:02.0461 0x1548  [ 58FF96B3F919DFD39125EA23B3D72747 ] \Device\Harddisk0\DR0\Partition6
17:10:02.0539 0x1548  \Device\Harddisk0\DR0\Partition6 - ok
17:10:02.0555 0x1548  [ 165C30A64162C5DCCEF1512B98671467 ] \Device\Harddisk0\DR0\Partition7
17:10:02.0555 0x1548  \Device\Harddisk0\DR0\Partition7 - ok
17:10:02.0555 0x1548  ================ Scan generic autorun ======================
17:10:02.0617 0x1548  [ CFF4C979AA720C73EC93918D9730B9E9, 0DC04ACD258DD5FC4A7EA81AC3F8876675424EC35F7ECB996B7C132BAB430A33 ] C:\WINDOWS\system32\igfxtray.exe
17:10:02.0648 0x1548  IgfxTray - ok
17:10:02.0773 0x1548  [ 4B9D449ED9880477DEFBA85D512E05F9, B50C589A1F8953617FAD961363CA3538F6C0539FA06D7FAA2EA88320410C7F43 ] C:\WINDOWS\system32\hkcmd.exe
17:10:02.0805 0x1548  HotKeysCmds - ok
17:10:02.0914 0x1548  [ 2498449B5CA65A640125164EE0019B14, F4EF4EA34A656984C83DB3BFCD8390ACD76C922A1C253335104C31D371EEDA17 ] C:\WINDOWS\system32\igfxpers.exe
17:10:02.0945 0x1548  Persistence - ok
17:10:03.0070 0x1548  [ 4A0477ADCD07EC9D21257A2E456B16C5, CEF9C81730C12283A7600C3D921D89A62B14D1C46544B493F3AF7520DD2D1F79 ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
17:10:03.0070 0x1548  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
17:10:05.0414 0x1548  Detect skipped due to KSN trusted
17:10:05.0414 0x1548  IAStorIcon - ok
17:10:05.0555 0x1548  [ 18A8ED924A58263AB9E80CE164612CCB, 347BB04D76DFF6AAA57039D3386A1942F9227B170C605F369A3382CC747F1A7D ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
17:10:05.0586 0x1548  cAudioFilterAgent - ok
17:10:05.0680 0x1548  [ 8970A59A838FF1CDC3D62D85823AA61E, 5842DAFD20C1A024CF8984652A08D12DBA1DE15788794D01FF6070D4E24D2479 ] C:\Program Files\CONEXANT\SAII\SACpl.exe
17:10:05.0727 0x1548  SmartAudio - detected UnsignedFile.Multi.Generic ( 1 )
17:10:08.0133 0x1548  Detect skipped due to KSN trusted
17:10:08.0133 0x1548  SmartAudio - ok
17:10:08.0133 0x1548  BTMTrayAgent - ok
17:10:08.0399 0x1548  [ 6546BB9B4B32BE17C66479EBCF6F34BF, 79FF9DD229C8218499FE10ECE258CCAFF3FF258790840769948E4D05B017E9B8 ] C:\WINDOWS\RTFTrack.exe
17:10:08.0539 0x1548  RtsFT - ok
17:10:08.0539 0x1548  ETDCtrl - ok
17:10:09.0039 0x1548  [ 779BB814C5869E1DC2AE64122E1CA74E, 56FF9B00045AC23C9054889487683F460F54BBF06B2C133F2B52B37AFE2B09ED ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
17:10:09.0399 0x1548  Energy Management - ok
17:10:09.0430 0x1548  [ 7F19FEF6B2172A2A872B3FF350CCD213, 772CC5F9B28602A7C8554AFBD085D9B7BDC26D8039F041D6945426834565C106 ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
17:10:09.0446 0x1548  EnergyUtility - ok
17:10:09.0508 0x1548  [ 49CD8D25D932C5BF867EBFF00D432B75, D107F7736AC8D43CE93ABDE1A8038D8FE87779F25F41B3FD1E942DF439581236 ] C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
17:10:09.0524 0x1548  Lenovo App Shop - ok
17:10:09.0602 0x1548  [ 8F83160C43C61FC6775391B46B7C16BF, 648588126B2CD0B9F50F478BF4F7474137D1285061A3B22B56C1CB5B4FD3C3BF ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
17:10:09.0617 0x1548  UpdateP2GShortCut - ok
17:10:09.0696 0x1548  [ DAA21DC0AA2E688370D356757892816D, 97EBF3B8A4B8544B6C1379A391AA4079F38EB4D507931249BC1427D961F58F8C ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
17:10:09.0727 0x1548  avgnt - ok
17:10:09.0774 0x1548  [ 8A9C2479674B89BB71A36EC219B58D64, 9D777566B47057C20E19898F0E8ED4928488DDD5BE9A326FB414D42C590BB50C ] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
17:10:09.0789 0x1548  Cisco AnyConnect Secure Mobility Agent for Windows - ok
17:10:09.0883 0x1548  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
17:10:09.0930 0x1548  Adobe ARM - ok
17:10:10.0008 0x1548  [ 308F2EE28005510DE616409148CF077B, A2126CB185B0053086BDD6F0A16A503F6CA629AC677E4B7AE6D43C770061D087 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
17:10:10.0024 0x1548  SunJavaUpdateSched - ok
17:10:10.0086 0x1548  [ 845EB283583BD3C89F09636A10114EF3, BCB3002B867052FB381B1E44D31E381200751E1AD3F991EB4233B73E3E034A0E ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
17:10:10.0102 0x1548  Avira Systray - ok
17:10:10.0133 0x1548  [ 6E0BDFBEEED65B017F2E4C2C910B0520, 54D798C2E2804DCDB84E9650EA4A032C669B10C586B396D5505F16235D83882C ] C:\WINDOWS\system32\rundll32.exe
17:10:10.0164 0x1548  Pokki - ok
17:10:10.0243 0x1548  icq - ok
17:10:10.0368 0x1548  [ B66E0842FCF485F3E2D41BF0BA10966F, 966B8386B2D060167E8EAAE478509013A8729FE2CF11F890D3F9DCDA90768F34 ] C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
17:10:10.0399 0x1548  Spotify Web Helper - ok
17:10:10.0414 0x1548  Waiting for KSN requests completion. In queue: 118
17:10:11.0430 0x1548  Waiting for KSN requests completion. In queue: 118
17:10:12.0446 0x1548  Waiting for KSN requests completion. In queue: 118
17:10:13.0477 0x1548  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.266 ), 0x41000 ( enabled : updated )
17:10:13.0477 0x1548  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.5.218.0 ), 0x60100 ( disabled : updated )
17:10:13.0493 0x1548  Win FW state via NFP2: enabled
17:10:15.0852 0x1548  ============================================================
17:10:15.0852 0x1548  Scan finished
17:10:15.0852 0x1548  ============================================================
17:10:15.0852 0x0620  Detected object count: 0
17:10:15.0852 0x0620  Actual detected object count: 0
17:10:21.0446 0x092c  Deinitialize success
         

Alt 08.10.2014, 11:46   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Schädling/Datei hat sich ungebeten installiert - Standard

Schädling/Datei hat sich ungebeten installiert



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.10.2014, 15:17   #6
rvh
 
Schädling/Datei hat sich ungebeten installiert - Standard

Schädling/Datei hat sich ungebeten installiert



Hallo,

hier sind die neuen Logfiles von den genannten Programmen.

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 09.10.2014
Suchlauf-Zeit: 15:10:23
Logdatei: malwareneu.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.10.09.05
Rootkit Datenbank: v2014.10.08.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Tim

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 316699
Verstrichene Zeit: 24 Min, 25 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.Softonic.A, HKU\S-1-5-21-564833548-2393907387-3086590010-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [0d9cfe14f4888fa72e6b95a2c340d927], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 2
PUP.Optional.Softonic.A, C:\Users\Tim\Downloads\SoftonicDownloader_fuer_alzip.exe, In Quarantäne, [238616fc7b01290d4228240fcf320ef2], 
PUP.Optional.Somoto, C:\Users\Tim\Downloads\FLVPlayerSetup-bSsP71V.exe, In Quarantäne, [54557a986a1286b0b9bba29bb84d17e9], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.311 - Bericht erstellt am 09/10/2014 um 15:56:26
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Tim - TIMSPC
# Gestartet von : C:\Users\Tim\Desktop\AdwCleaner_3.311.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Public\Pokki
Ordner Gelöscht : C:\Users\Tim\AppData\Local\Pokki
Ordner Gelöscht : C:\Users\Tim\AppData\Local\Temp\OCS
Datei Gelöscht : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17278


-\\ Google Chrome v37.0.2062.124

[ Datei : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2148 octets] - [09/10/2014 15:52:56]
AdwCleaner[R1].txt - [2208 octets] - [09/10/2014 15:55:50]
AdwCleaner[S0].txt - [1980 octets] - [09/10/2014 15:56:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2040 octets] ##########
         
--- --- ---


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 8.1 x64
Ran by Tim on 09.10.2014 at 16:04:08,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\Singular Inversions



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.10.2014 at 16:06:10,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Tim (administrator) on TIMSPC on 09-10-2014 16:11:11
Running from C:\Users\Tim\Downloads
Loaded Profile: Tim (Available profiles: Tim)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Spotify Ltd) C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-08-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2013-12-19] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-12-19] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-19] (Intel Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-07-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-564833548-2393907387-3086590010-1001\...\Run: [icq] => C:\Users\Tim\AppData\Roaming\ICQM\icq.exe [33664344 2014-02-10] (ICQ)
HKU\S-1-5-21-564833548-2393907387-3086590010-1001\...\Run: [Spotify Web Helper] => C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-07] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 217.12.201.22:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - {3574BF3E-9093-4CED-9435-ADF5DD27F1CA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 - {3574BF3E-9093-4CED-9435-ADF5DD27F1CA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKCU - {3574BF3E-9093-4CED-9435-ADF5DD27F1CA} URL = 
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)

Chrome: 
=======
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-10]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-10]
CHR Extension: (Google-Suche) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-10]
CHR Extension: (Avira SafeSearch) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-08-05]
CHR Extension: (Avira Browser Safety) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-05]
CHR Extension: (AdBlock) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-11]
CHR Extension: (Webseite Blocher (Beta)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2014-02-14]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-10]
CHR Extension: (Google Mail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-29] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-02] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-12-19] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-04-29] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-24] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385784 2013-06-27] (Motorola Solutions, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-07-19] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-09 16:09 - 2014-10-09 16:09 - 00060536 _____ () C:\Users\Tim\Desktop\FRST.txt
2014-10-09 16:06 - 2014-10-09 16:06 - 00000681 _____ () C:\Users\Tim\Desktop\JRT.txt
2014-10-09 16:04 - 2014-10-09 16:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-10-09 16:02 - 2014-10-09 16:02 - 01705755 _____ (Thisisu) C:\Users\Tim\Desktop\JRT.exe
2014-10-09 16:01 - 2014-10-09 16:01 - 00002124 _____ () C:\Users\Tim\Desktop\AdwCleaner[S0].txt
2014-10-09 15:53 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-10-09 15:52 - 2014-10-09 16:01 - 00000000 ____D () C:\AdwCleaner
2014-10-09 15:48 - 2014-10-09 15:48 - 00000945 _____ () C:\Users\Tim\Desktop\AdwCleaner_3.311 - Verknüpfung.lnk
2014-10-09 15:47 - 2014-10-09 15:48 - 00000000 ____D () C:\Users\Tim\Desktop\Dokumente
2014-10-09 15:43 - 2014-10-09 15:43 - 01375089 _____ () C:\Users\Tim\Desktop\AdwCleaner_3.311.exe
2014-10-09 15:43 - 2014-10-09 15:43 - 00001558 _____ () C:\Users\Tim\Desktop\malwareneu.txt
2014-10-09 15:35 - 2014-10-09 15:35 - 00001161 _____ () C:\Users\Tim\Desktop\malwarebytesprotokoll.txt
2014-10-09 15:09 - 2014-10-09 15:42 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-09 15:08 - 2014-10-09 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-09 15:08 - 2014-10-09 15:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-09 15:08 - 2014-10-09 15:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-09 15:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-09 15:08 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-09 15:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-09 15:07 - 2014-10-09 15:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tim\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-07 17:02 - 2014-10-07 17:03 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Tim\Desktop\tdsskiller.exe
2014-10-07 13:21 - 2014-10-07 13:21 - 00054818 _____ () C:\Users\Tim\Desktop\AVSCAN-20141007-111733-0513A6C8.LOG
2014-10-07 13:11 - 2014-10-07 13:11 - 00004670 _____ () C:\Users\Tim\Desktop\gmer.txt
2014-10-07 13:07 - 2014-10-07 13:04 - 00380416 _____ () C:\Users\Tim\Desktop\Gmer-19357.exe
2014-10-07 13:04 - 2014-10-07 13:04 - 00380416 _____ () C:\Users\Tim\Downloads\Gmer-19357.exe
2014-10-07 12:56 - 2014-10-07 12:57 - 00030092 _____ () C:\Users\Tim\Downloads\Addition.txt
2014-10-07 12:54 - 2014-10-09 16:11 - 00017213 _____ () C:\Users\Tim\Downloads\FRST.txt
2014-10-07 12:54 - 2014-10-09 16:11 - 00000000 ____D () C:\FRST
2014-10-07 12:53 - 2014-10-07 12:54 - 02109952 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe
2014-10-07 12:53 - 2014-10-07 12:53 - 00000468 _____ () C:\Users\Tim\Downloads\defogger_disable.log
2014-10-07 12:53 - 2014-10-07 12:53 - 00000000 _____ () C:\Users\Tim\defogger_reenable
2014-10-07 12:52 - 2014-10-07 12:52 - 00050477 _____ () C:\Users\Tim\Downloads\Defogger.exe
2014-10-06 16:47 - 2014-10-06 16:47 - 00085914 _____ () C:\Users\Tim\AppData\Local\recently-used.xbel
2014-10-02 20:11 - 2014-10-02 20:12 - 00000000 ____D () C:\Users\Tim\Desktop\tiere
2014-09-24 19:32 - 2014-09-24 19:32 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\RenPy
2014-09-24 19:31 - 2014-09-24 19:31 - 00000000 ____D () C:\Users\Tim\Downloads\COOT Demo 2014-all
2014-09-24 19:14 - 2014-09-24 19:25 - 200253499 _____ () C:\Users\Tim\Downloads\COOT Demo 2014-all.zip
2014-09-14 15:16 - 2014-07-24 17:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-09-14 15:16 - 2014-07-24 17:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-09-14 15:16 - 2014-07-24 17:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-09-14 15:16 - 2014-07-24 16:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-09-14 15:16 - 2014-07-24 15:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-09-14 15:16 - 2014-07-24 11:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-09-14 15:16 - 2014-07-24 11:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-09-14 15:16 - 2014-07-24 09:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-09-14 15:16 - 2014-07-24 09:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-09-14 15:16 - 2014-07-24 09:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-09-14 15:16 - 2014-07-24 09:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-09-14 15:16 - 2014-07-24 09:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-09-14 15:16 - 2014-07-24 09:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-09-14 15:16 - 2014-06-14 08:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-09-14 15:15 - 2014-07-24 17:28 - 00468288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-09-14 15:15 - 2014-07-24 17:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-09-14 15:15 - 2014-07-24 17:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-09-14 15:15 - 2014-07-24 17:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2014-09-14 15:15 - 2014-07-24 17:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2014-09-14 15:15 - 2014-07-24 17:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-14 15:15 - 2014-07-24 17:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-09-14 15:15 - 2014-07-24 17:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-09-14 15:15 - 2014-07-24 17:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-09-14 15:15 - 2014-07-24 17:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-09-14 15:15 - 2014-07-24 17:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-09-14 15:15 - 2014-07-24 17:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2014-09-14 15:15 - 2014-07-24 17:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-09-14 15:15 - 2014-07-24 17:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-09-14 15:15 - 2014-07-24 17:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-09-14 15:15 - 2014-07-24 17:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-09-14 15:15 - 2014-07-24 17:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-09-14 15:15 - 2014-07-24 17:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-09-14 15:15 - 2014-07-24 17:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-09-14 15:15 - 2014-07-24 17:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-09-14 15:15 - 2014-07-24 17:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-09-14 15:15 - 2014-07-24 17:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2014-09-14 15:15 - 2014-07-24 16:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-09-14 15:15 - 2014-07-24 15:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-09-14 15:15 - 2014-07-24 15:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-09-14 15:15 - 2014-07-24 15:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
2014-09-14 15:15 - 2014-07-24 15:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-09-14 15:15 - 2014-07-24 15:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-09-14 15:15 - 2014-07-24 15:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-09-14 15:15 - 2014-07-24 15:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-09-14 15:15 - 2014-07-24 15:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-09-14 15:15 - 2014-07-24 15:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2014-09-14 15:15 - 2014-07-24 13:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2014-09-14 15:15 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2014-09-14 15:15 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2014-09-14 15:15 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2014-09-14 15:15 - 2014-07-24 13:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2014-09-14 15:15 - 2014-07-24 13:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-09-14 15:15 - 2014-07-24 13:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-09-14 15:15 - 2014-07-24 13:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-09-14 15:15 - 2014-07-24 13:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2014-09-14 15:15 - 2014-07-24 13:42 - 01200640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-09-14 15:15 - 2014-07-24 13:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-09-14 15:15 - 2014-07-24 13:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2014-09-14 15:15 - 2014-07-24 13:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2014-09-14 15:15 - 2014-07-24 13:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-09-14 15:15 - 2014-07-24 13:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-09-14 15:15 - 2014-07-24 13:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2014-09-14 15:15 - 2014-07-24 13:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2014-09-14 15:15 - 2014-07-24 13:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-09-14 15:15 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2014-09-14 15:15 - 2014-07-24 12:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2014-09-14 15:15 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2014-09-14 15:15 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2014-09-14 15:15 - 2014-07-24 12:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2014-09-14 15:15 - 2014-07-24 12:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2014-09-14 15:15 - 2014-07-24 12:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-09-14 15:15 - 2014-07-24 12:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2014-09-14 15:15 - 2014-07-24 12:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2014-09-14 15:15 - 2014-07-24 12:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2014-09-14 15:15 - 2014-07-24 12:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2014-09-14 15:15 - 2014-07-24 12:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-09-14 15:15 - 2014-07-24 12:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-09-14 15:15 - 2014-07-24 12:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-09-14 15:15 - 2014-07-24 12:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2014-09-14 15:15 - 2014-07-24 12:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-09-14 15:15 - 2014-07-24 12:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-09-14 15:15 - 2014-07-24 12:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-09-14 15:15 - 2014-07-24 11:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2014-09-14 15:15 - 2014-07-24 11:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2014-09-14 15:15 - 2014-07-24 11:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2014-09-14 15:15 - 2014-07-24 11:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2014-09-14 15:15 - 2014-07-24 11:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-09-14 15:15 - 2014-07-24 11:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2014-09-14 15:15 - 2014-07-24 11:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2014-09-14 15:15 - 2014-07-24 11:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-09-14 15:15 - 2014-07-24 11:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-09-14 15:15 - 2014-07-24 11:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2014-09-14 15:15 - 2014-07-24 11:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-09-14 15:15 - 2014-07-24 11:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-09-14 15:15 - 2014-07-24 11:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2014-09-14 15:15 - 2014-07-24 11:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2014-09-14 15:15 - 2014-07-24 11:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2014-09-14 15:15 - 2014-07-24 11:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2014-09-14 15:15 - 2014-07-24 11:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2014-09-14 15:15 - 2014-07-24 11:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2014-09-14 15:15 - 2014-07-24 11:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2014-09-14 15:15 - 2014-07-24 11:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-09-14 15:15 - 2014-07-24 11:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-09-14 15:15 - 2014-07-24 11:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-09-14 15:15 - 2014-07-24 11:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-09-14 15:15 - 2014-07-24 10:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2014-09-14 15:15 - 2014-07-24 10:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-09-14 15:15 - 2014-07-24 10:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-09-14 15:15 - 2014-07-24 10:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-09-14 15:15 - 2014-07-24 10:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-09-14 15:15 - 2014-07-24 10:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-09-14 15:15 - 2014-07-24 10:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-09-14 15:15 - 2014-07-24 10:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2014-09-14 15:15 - 2014-07-24 10:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-09-14 15:15 - 2014-07-24 10:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2014-09-14 15:15 - 2014-07-24 10:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-09-14 15:15 - 2014-07-24 10:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-09-14 15:15 - 2014-07-24 10:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-09-14 15:15 - 2014-07-24 10:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-09-14 15:15 - 2014-07-24 10:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-14 15:15 - 2014-07-24 10:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2014-09-14 15:15 - 2014-07-24 10:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-09-14 15:15 - 2014-07-24 10:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-09-14 15:15 - 2014-07-24 10:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-09-14 15:15 - 2014-07-24 10:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-09-14 15:15 - 2014-07-24 10:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-09-14 15:15 - 2014-07-24 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2014-09-14 15:15 - 2014-07-24 10:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-14 15:15 - 2014-07-24 10:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2014-09-14 15:15 - 2014-07-24 10:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2014-09-14 15:15 - 2014-07-24 10:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2014-09-14 15:15 - 2014-07-24 10:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-14 15:15 - 2014-07-24 10:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2014-09-14 15:15 - 2014-07-24 10:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2014-09-14 15:15 - 2014-07-24 10:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-09-14 15:15 - 2014-07-24 10:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-09-14 15:15 - 2014-07-24 10:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-09-14 15:15 - 2014-07-24 10:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-09-14 15:15 - 2014-07-24 10:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2014-09-14 15:15 - 2014-07-24 10:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2014-09-14 15:15 - 2014-07-24 10:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-14 15:15 - 2014-07-24 10:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2014-09-14 15:15 - 2014-07-24 10:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-14 15:15 - 2014-07-24 10:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-14 15:15 - 2014-07-24 10:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-09-14 15:15 - 2014-07-24 10:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2014-09-14 15:15 - 2014-07-24 10:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-09-14 15:15 - 2014-07-24 09:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2014-09-14 15:15 - 2014-07-24 09:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2014-09-14 15:15 - 2014-07-24 09:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2014-09-14 15:15 - 2014-07-24 09:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2014-09-14 15:15 - 2014-07-24 09:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-09-14 15:15 - 2014-07-24 09:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2014-09-14 15:15 - 2014-07-24 09:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2014-09-14 15:15 - 2014-07-24 09:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
2014-09-14 15:15 - 2014-07-24 09:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-09-14 15:15 - 2014-07-24 09:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2014-09-14 15:15 - 2014-07-24 09:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2014-09-14 15:15 - 2014-07-24 09:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-09-14 15:15 - 2014-07-24 09:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-09-14 15:15 - 2014-07-24 06:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-09-14 15:15 - 2014-07-24 06:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
2014-09-14 15:15 - 2014-07-12 07:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2014-09-14 15:15 - 2014-07-12 06:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2014-09-14 15:15 - 2014-07-12 06:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-09-14 15:15 - 2014-07-04 14:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-09-14 15:15 - 2014-07-04 12:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2014-09-14 15:15 - 2014-07-04 12:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-09-14 15:15 - 2014-07-04 12:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2014-09-14 15:15 - 2014-07-04 12:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-09-14 15:15 - 2014-07-04 11:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2014-09-14 15:15 - 2014-07-04 11:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2014-09-14 15:15 - 2014-06-27 08:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-09-14 15:15 - 2014-06-26 02:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-09-14 15:15 - 2014-06-26 02:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2014-09-14 15:15 - 2014-06-20 01:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-09-14 15:15 - 2014-06-19 04:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-09-14 15:15 - 2014-06-14 07:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-09-14 15:15 - 2014-06-07 14:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-09-14 15:15 - 2014-06-07 12:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-09-14 15:15 - 2014-06-05 16:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-09-14 15:15 - 2014-06-05 12:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-09-14 15:15 - 2014-06-05 11:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-09-14 15:15 - 2014-05-31 07:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2014-09-14 15:15 - 2014-05-31 06:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2014-09-14 15:15 - 2014-05-29 08:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-09-14 15:15 - 2014-05-29 07:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-09-14 15:15 - 2014-05-29 07:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-09-14 15:15 - 2014-05-29 06:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-09-14 15:15 - 2014-05-26 09:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2014-09-14 15:15 - 2014-05-10 12:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2014-09-14 15:15 - 2014-05-10 10:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2014-09-14 15:15 - 2014-05-06 06:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-09-14 15:15 - 2014-05-06 02:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-09-14 15:15 - 2014-03-25 04:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2014-09-14 15:15 - 2014-03-25 04:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2014-09-14 15:15 - 2014-03-25 03:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2014-09-14 15:15 - 2014-03-25 03:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2014-09-14 15:14 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2014-09-14 15:14 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2014-09-14 15:14 - 2014-07-24 13:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-09-14 15:14 - 2014-07-24 13:41 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2014-09-14 15:14 - 2014-07-24 13:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2014-09-14 15:14 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL
2014-09-14 15:14 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2014-09-14 15:14 - 2014-07-24 11:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-09-14 15:14 - 2014-07-24 11:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2014-09-14 15:14 - 2014-07-24 10:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2014-09-14 15:14 - 2014-07-24 10:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 15:14 - 2014-07-24 10:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2014-09-14 15:14 - 2014-07-24 10:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-14 15:14 - 2014-07-24 10:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2014-09-14 15:14 - 2014-07-24 10:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 15:14 - 2014-07-24 10:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-14 15:14 - 2014-07-24 10:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-09-14 15:14 - 2014-07-12 07:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-09-14 15:14 - 2014-07-12 06:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-09-14 15:14 - 2014-07-10 01:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-09-14 15:05 - 2014-08-23 09:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-14 15:05 - 2014-08-23 09:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-14 15:05 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-14 15:05 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-14 15:05 - 2014-08-23 06:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-14 15:05 - 2014-08-23 06:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-14 15:05 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-14 15:05 - 2014-08-23 06:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-14 15:05 - 2014-08-23 06:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-14 15:05 - 2014-07-30 03:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-14 15:05 - 2014-07-29 07:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-14 15:00 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-11 18:55 - 2014-09-11 18:55 - 00023294 _____ () C:\Users\Tim\Downloads\Private-Nachrichten-RvH-11.09.2014.txt
2014-09-11 18:42 - 2014-09-14 23:33 - 00000000 ____D () C:\Users\Tim\AppData\Local\Adobe
2014-09-11 14:16 - 2014-09-11 14:16 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-11 08:43 - 2014-09-05 04:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-11 08:43 - 2014-09-05 04:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-11 08:43 - 2014-09-05 02:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-11 07:50 - 2014-08-16 04:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-11 07:50 - 2014-08-16 04:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-11 07:50 - 2014-08-16 04:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-11 07:50 - 2014-08-16 04:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-11 07:50 - 2014-08-16 03:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-11 07:50 - 2014-08-16 03:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-11 07:50 - 2014-08-16 03:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-11 07:50 - 2014-08-16 03:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-11 07:50 - 2014-08-16 03:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-11 07:50 - 2014-08-16 03:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-11 07:50 - 2014-08-16 03:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-11 07:50 - 2014-08-16 03:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-11 07:50 - 2014-08-16 03:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-11 07:50 - 2014-08-16 03:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-11 07:50 - 2014-08-16 03:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-11 07:50 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-11 07:50 - 2014-08-16 03:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-11 07:50 - 2014-08-16 03:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-11 07:50 - 2014-08-16 03:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-11 07:50 - 2014-08-16 03:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-11 07:50 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-11 07:50 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 07:50 - 2014-08-16 02:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-11 07:50 - 2014-08-16 02:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-11 07:50 - 2014-08-16 02:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-11 07:50 - 2014-08-16 02:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-11 07:50 - 2014-08-16 02:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-11 07:50 - 2014-08-16 02:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-11 07:50 - 2014-08-16 02:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-11 07:50 - 2014-08-16 02:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-11 07:50 - 2014-08-16 02:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-11 07:50 - 2014-08-16 02:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-11 07:50 - 2014-08-16 02:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-11 07:50 - 2014-08-16 02:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-11 07:50 - 2014-08-16 02:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-11 06:16 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-11 06:14 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-11 06:14 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-09 16:09 - 2014-02-10 19:17 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-564833548-2393907387-3086590010-1001
2014-10-09 16:01 - 2014-02-10 19:15 - 00000000 __RDO () C:\Users\Tim\SkyDrive
2014-10-09 16:00 - 2014-02-10 19:22 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Nitro PDF
2014-10-09 15:59 - 2014-02-10 19:45 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-09 15:59 - 2013-08-28 10:34 - 00116948 _____ () C:\WINDOWS\PFRO.log
2014-10-09 15:59 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-09 15:58 - 2013-12-19 04:15 - 01091124 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-09 15:58 - 2013-12-19 04:14 - 00025088 _____ () C:\WINDOWS\system32\VfService.trf
2014-10-09 15:58 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-09 15:56 - 2014-02-11 11:14 - 11199972 _____ () C:\Users\Public\CAFADEBUG.log
2014-10-09 15:47 - 2014-03-31 17:53 - 00000000 ____D () C:\Users\Tim\Desktop\Football Manager 2014
2014-10-09 15:46 - 2014-02-18 19:36 - 09017856 ___SH () C:\Users\Tim\Desktop\Thumbs.db
2014-10-09 15:40 - 2014-03-15 14:44 - 00002165 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startmenü.lnk
2014-10-09 15:22 - 2014-06-07 20:13 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-09 15:20 - 2014-02-10 19:45 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-09 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-09 13:14 - 2014-02-10 19:17 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DF7CA1D1-2044-4C69-A18C-440D153AF9DE}
2014-10-09 13:12 - 2013-12-19 04:22 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-10-09 13:12 - 2013-12-19 04:22 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-10-09 13:12 - 2013-08-28 10:36 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-08 18:56 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-08 11:09 - 2014-02-10 19:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-08 00:18 - 2014-02-16 22:28 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Skype
2014-10-07 19:07 - 2013-12-19 03:28 - 00014205 _____ () C:\WINDOWS\setupact.log
2014-10-07 13:38 - 2013-08-22 16:44 - 00371584 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-07 12:53 - 2014-02-10 19:08 - 00000000 ____D () C:\Users\Tim
2014-10-07 12:50 - 2014-02-10 20:41 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-07 11:12 - 2014-03-04 10:50 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-10-07 11:12 - 2014-03-03 17:03 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-10-07 11:12 - 2014-03-03 17:03 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-10-07 00:09 - 2014-02-23 22:06 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Spotify
2014-10-06 16:47 - 2014-04-11 15:43 - 00000000 ____D () C:\Users\Tim\AppData\Local\gtk-2.0
2014-10-06 16:47 - 2014-04-11 15:06 - 00000000 ____D () C:\Users\Tim\.gimp-2.8
2014-10-05 14:49 - 2014-05-22 16:57 - 00337920 ___SH () C:\Users\Tim\Documents\Thumbs.db
2014-10-04 20:50 - 2014-02-23 22:07 - 00000000 ____D () C:\Users\Tim\AppData\Local\Spotify
2014-09-29 17:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-28 15:00 - 2013-08-22 21:12 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-09-28 15:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-09-26 15:15 - 2014-02-10 19:45 - 00004104 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-26 15:15 - 2014-02-10 19:45 - 00003868 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-26 14:37 - 2014-02-10 19:45 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 17:56 - 2013-08-22 17:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-11 18:48 - 2014-02-11 18:40 - 00000000 ____D () C:\ldiag
2014-09-11 14:16 - 2014-08-05 11:28 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-11 14:16 - 2014-03-03 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-11 14:16 - 2014-03-03 17:03 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-11 11:33 - 2014-07-09 16:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-09-11 11:33 - 2014-02-17 13:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-11 11:27 - 2014-02-17 13:41 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-11 07:51 - 2014-06-12 12:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-11 07:51 - 2014-06-12 12:51 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-11 07:51 - 2014-06-12 12:51 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-11 07:51 - 2014-06-12 12:51 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-11 07:51 - 2014-06-12 12:51 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-11 07:51 - 2014-06-12 12:51 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-11 07:51 - 2014-06-12 12:51 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-11 07:51 - 2014-06-12 12:51 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-11 07:51 - 2014-06-12 12:51 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-11 07:51 - 2014-06-12 12:51 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-11 07:51 - 2014-05-03 10:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-11 07:51 - 2014-02-12 16:49 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-11 07:50 - 2014-06-12 12:58 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-11 07:50 - 2014-06-12 12:51 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-11 07:50 - 2014-06-12 12:51 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-11 07:50 - 2014-06-12 12:51 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-09 19:22 - 2014-06-07 20:13 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\avgnt.exe
C:\Users\Tim\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Tim\AppData\Local\Temp\oct1E4F.tmp.exe
C:\Users\Tim\AppData\Local\Temp\oct562.tmp.exe
C:\Users\Tim\AppData\Local\Temp\octB6D2.tmp.exe
C:\Users\Tim\AppData\Local\Temp\Quarantine.exe
C:\Users\Tim\AppData\Local\Temp\SRLDetectionLibrary7783834573432956378.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-07 18:37

==================== End Of Log ============================
         
--- --- ---


Additional.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by Tim at 2014-10-09 16:11:37
Running from C:\Users\Tim\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ALTools Update (HKLM-x32\...\ALUpdate_is1) (Version: v11.4.28.1 - ESTsoft Corp.)
ALZip 8.51 (HKLM-x32\...\ALZip_is1) (Version: v8.51 - ESTsoft Corp.)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Benutzerhandbuch (x32 Version: 1.0.0.17 - Lenovo) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04063 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04063 - Cisco Systems, Inc.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.3.53 - Conexant)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PhotoDirector 3 (x32 Version: 3.0.1.4107 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
FaceGen Modeller 3.5 Free (HKLM-x32\...\{86BDD105-114A-4B20-BF8B-E46C7159A641}) (Version: 3.5.3 - Singular Inversions Inc.)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.3 - Google Inc.) Hidden
ICQ 8.2 (build 6901) (HKCU\...\ICQ) (Version: 8.2.6901.0 - ICQ)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1327.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.25.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
Nitro Pro 8 (HKLM\...\{C0EE31FB-F593-4128-8A86-FDB37BA2486D}) (Version: 8.5.6.5 - Nitro)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PNotes 9.3.0 (HKLM-x32\...\{949D34E5-F53F-4830-9A50-1E2C39109043}_is1) (Version: 9.3.0 - Andrey Gruber)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BE94768F-5232-11E3-BD78-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Visionaire 3.7.1 (HKLM-x32\...\Visionaire_is1) (Version: v3.7.1 - Visionaire Team)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-564833548-2393907387-3086590010-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-564833548-2393907387-3086590010-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)

==================== Restore Points  =========================

22-09-2014 18:38:19 Geplanter Prüfpunkt
05-10-2014 16:16:14 Geplanter Prüfpunkt
07-10-2014 10:50:53 Removed Vegas Pro 12.0 (64-bit)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0901906A-EE4B-49D3-8D14-B82CD3051ACE} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-25] (Lenovo)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {254ACE9F-F613-4A96-AF0C-E29482FD0839} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {27D8088A-0BBD-4835-B0E7-9774CA70C105} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {522A9D8F-FBC9-46B8-937E-5A8F28B14663} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)
Task: {56C66E61-C874-4C1B-A294-5A1BC44055B5} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {66B5DF60-FBE1-44E0-B62E-7A7520D58538} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {742B913B-5E8B-4984-A8B1-EDE70C2AF7FC} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {767B6349-0F04-4ED8-B19D-80A5AD7B4E05} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A620E400-D18E-4E2D-875C-ABDD9E98FA92} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {B0E0072E-D619-4DE8-A9B4-2DC356AC4CD3} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {C88038DC-0059-4781-B6FC-B0E1BD5D62F9} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E5FF274C-1A6B-4C6E-9B4A-5CD992048819} - System32\Tasks\Start Registry Reviver for TIMSPC@Tim(logon) => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E7881F17-F10E-4915-8CBD-B838E4F6A60E} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [2013-06-03] ()
Task: {E97F7AD0-2015-4D58-9708-C40C4691BD23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-10] (Google Inc.)
Task: {EA265D6D-C937-4B42-86F9-5BCBE56867CA} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {EA3369D5-6896-4277-9AF5-6B5FA77751FA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-11] (Microsoft Corporation)
Task: {F58360BE-E294-4D6D-B972-72AFDBFF264D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-10] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-19 04:10 - 2012-04-24 12:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-12-19 04:14 - 2013-12-19 04:14 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-12-19 04:14 - 2013-12-19 04:14 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2013-10-09 03:08 - 2013-09-19 23:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-19 23:29 - 2013-07-19 23:29 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-05 11:28 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Tim\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2013-12-19 03:47 - 2013-08-08 23:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-09-25 15:19 - 2014-09-23 06:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 15:19 - 2014-09-23 06:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 15:19 - 2014-09-23 06:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 15:19 - 2014-09-23 06:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 15:19 - 2014-09-23 06:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Tim\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Tim\Desktop\Einladung zum Einstelltag Mercedes-Benz Werk Bremen - Sommer 2014.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-564833548-2393907387-3086590010-500 - Administrator - Disabled)
Gast (S-1-5-21-564833548-2393907387-3086590010-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-564833548-2393907387-3086590010-1003 - Limited - Enabled)
Tim (S-1-5-21-564833548-2393907387-3086590010-1001 - Administrator - Enabled) => C:\Users\Tim

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (10/09/2014 04:11:42 PM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (10/09/2014 04:10:46 PM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (10/09/2014 04:10:16 PM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (10/09/2014 04:09:46 PM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (10/09/2014 04:09:16 PM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (10/09/2014 04:08:46 PM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 41%
Total physical RAM: 3993.77 MB
Available physical RAM: 2331.33 MB
Total Pagefile: 4697.77 MB
Available Pagefile: 2677.17 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.54 GB) (Free:319.98 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6D1D11D8)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Vielen Dank und mit freundlichen Grüßen,
rvh

Alt 09.10.2014, 23:56   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Schädling/Datei hat sich ungebeten installiert - Standard

Schädling/Datei hat sich ungebeten installiert




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.10.2014, 15:18   #8
rvh
 
Schädling/Datei hat sich ungebeten installiert - Standard

Schädling/Datei hat sich ungebeten installiert



Hi,

hier sind die neuen Logfiles:
FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Tim (administrator) on TIMSPC on 10-10-2014 16:08:54
Running from C:\Users\Tim\Downloads
Loaded Profile: Tim (Available profiles: Tim)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Spotify Ltd) C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-08-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2013-12-19] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-12-19] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-19] (Intel Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-07-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-564833548-2393907387-3086590010-1001\...\Run: [icq] => C:\Users\Tim\AppData\Roaming\ICQM\icq.exe [33664344 2014-02-10] (ICQ)
HKU\S-1-5-21-564833548-2393907387-3086590010-1001\...\Run: [Spotify Web Helper] => C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-07] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 217.12.201.22:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - {3574BF3E-9093-4CED-9435-ADF5DD27F1CA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 - {3574BF3E-9093-4CED-9435-ADF5DD27F1CA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKCU - {3574BF3E-9093-4CED-9435-ADF5DD27F1CA} URL = 
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)

Chrome: 
=======
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-10]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-10]
CHR Extension: (Google-Suche) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-10]
CHR Extension: (Avira SafeSearch) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-08-05]
CHR Extension: (Avira Browser Safety) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-05]
CHR Extension: (AdBlock) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-11]
CHR Extension: (Webseite Blocher (Beta)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2014-02-14]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-10]
CHR Extension: (Google Mail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-29] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-02] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-12-19] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-04-29] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-24] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385784 2013-06-27] (Motorola Solutions, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-07-19] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 16:06 - 2014-10-10 16:06 - 00000795 _____ () C:\Users\Tim\Desktop\checkup.txt
2014-10-10 16:05 - 2014-10-10 16:05 - 00854417 _____ () C:\Users\Tim\Downloads\SecurityCheck.exe
2014-10-10 14:41 - 2014-10-10 14:41 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-10 14:40 - 2014-10-10 14:40 - 02347384 _____ (ESET) C:\Users\Tim\Downloads\esetsmartinstaller_deu.exe
2014-10-10 11:27 - 2014-10-10 11:27 - 00103647 _____ () C:\Users\Tim\AppData\Local\recently-used.xbel
2014-10-09 23:45 - 2014-10-09 23:45 - 00000000 ____D () C:\Program Files (x86)\Singular Inversions
2014-10-09 19:46 - 2014-10-09 19:46 - 00000222 _____ () C:\Users\Tim\Desktop\The Testament of Sherlock Holmes.url
2014-10-09 16:09 - 2014-10-09 16:09 - 00060536 _____ () C:\Users\Tim\Desktop\FRST.txt
2014-10-09 16:06 - 2014-10-09 16:06 - 00000681 _____ () C:\Users\Tim\Desktop\JRT.txt
2014-10-09 16:04 - 2014-10-09 16:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-10-09 16:02 - 2014-10-09 16:02 - 01705755 _____ (Thisisu) C:\Users\Tim\Desktop\JRT.exe
2014-10-09 16:01 - 2014-10-09 16:01 - 00002124 _____ () C:\Users\Tim\Desktop\AdwCleaner[S0].txt
2014-10-09 15:53 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-10-09 15:52 - 2014-10-09 16:01 - 00000000 ____D () C:\AdwCleaner
2014-10-09 15:48 - 2014-10-09 15:48 - 00000945 _____ () C:\Users\Tim\Desktop\AdwCleaner_3.311 - Verknüpfung.lnk
2014-10-09 15:47 - 2014-10-09 15:48 - 00000000 ____D () C:\Users\Tim\Desktop\Dokumente
2014-10-09 15:43 - 2014-10-09 15:43 - 01375089 _____ () C:\Users\Tim\Desktop\AdwCleaner_3.311.exe
2014-10-09 15:43 - 2014-10-09 15:43 - 00001558 _____ () C:\Users\Tim\Desktop\malwareneu.txt
2014-10-09 15:35 - 2014-10-09 15:35 - 00001161 _____ () C:\Users\Tim\Desktop\malwarebytesprotokoll.txt
2014-10-09 15:09 - 2014-10-09 15:42 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-09 15:08 - 2014-10-09 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-09 15:08 - 2014-10-09 15:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-09 15:08 - 2014-10-09 15:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-09 15:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-09 15:08 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-09 15:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-09 15:07 - 2014-10-09 15:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tim\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-07 17:02 - 2014-10-07 17:03 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Tim\Desktop\tdsskiller.exe
2014-10-07 13:21 - 2014-10-07 13:21 - 00054818 _____ () C:\Users\Tim\Desktop\AVSCAN-20141007-111733-0513A6C8.LOG
2014-10-07 13:11 - 2014-10-07 13:11 - 00004670 _____ () C:\Users\Tim\Desktop\gmer.txt
2014-10-07 13:07 - 2014-10-07 13:04 - 00380416 _____ () C:\Users\Tim\Desktop\Gmer-19357.exe
2014-10-07 13:04 - 2014-10-07 13:04 - 00380416 _____ () C:\Users\Tim\Downloads\Gmer-19357.exe
2014-10-07 12:56 - 2014-10-09 16:12 - 00021806 _____ () C:\Users\Tim\Downloads\Addition.txt
2014-10-07 12:54 - 2014-10-10 16:09 - 00017358 _____ () C:\Users\Tim\Downloads\FRST.txt
2014-10-07 12:54 - 2014-10-10 16:09 - 00000000 ____D () C:\FRST
2014-10-07 12:53 - 2014-10-07 12:54 - 02109952 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe
2014-10-07 12:53 - 2014-10-07 12:53 - 00000468 _____ () C:\Users\Tim\Downloads\defogger_disable.log
2014-10-07 12:53 - 2014-10-07 12:53 - 00000000 _____ () C:\Users\Tim\defogger_reenable
2014-10-07 12:52 - 2014-10-07 12:52 - 00050477 _____ () C:\Users\Tim\Downloads\Defogger.exe
2014-10-02 20:11 - 2014-10-02 20:12 - 00000000 ____D () C:\Users\Tim\Desktop\tiere
2014-09-24 19:32 - 2014-09-24 19:32 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\RenPy
2014-09-24 19:31 - 2014-09-24 19:31 - 00000000 ____D () C:\Users\Tim\Downloads\COOT Demo 2014-all
2014-09-24 19:14 - 2014-09-24 19:25 - 200253499 _____ () C:\Users\Tim\Downloads\COOT Demo 2014-all.zip
2014-09-14 15:16 - 2014-07-24 17:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-09-14 15:16 - 2014-07-24 17:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-09-14 15:16 - 2014-07-24 17:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-09-14 15:16 - 2014-07-24 16:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-09-14 15:16 - 2014-07-24 15:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-09-14 15:16 - 2014-07-24 11:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-09-14 15:16 - 2014-07-24 11:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-09-14 15:16 - 2014-07-24 09:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-09-14 15:16 - 2014-07-24 09:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-09-14 15:16 - 2014-07-24 09:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-09-14 15:16 - 2014-07-24 09:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-09-14 15:16 - 2014-07-24 09:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-09-14 15:16 - 2014-07-24 09:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-09-14 15:16 - 2014-06-14 08:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-09-14 15:15 - 2014-07-24 17:28 - 00468288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-09-14 15:15 - 2014-07-24 17:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-09-14 15:15 - 2014-07-24 17:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-09-14 15:15 - 2014-07-24 17:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2014-09-14 15:15 - 2014-07-24 17:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2014-09-14 15:15 - 2014-07-24 17:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-14 15:15 - 2014-07-24 17:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-09-14 15:15 - 2014-07-24 17:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-09-14 15:15 - 2014-07-24 17:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-09-14 15:15 - 2014-07-24 17:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-09-14 15:15 - 2014-07-24 17:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-09-14 15:15 - 2014-07-24 17:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2014-09-14 15:15 - 2014-07-24 17:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-09-14 15:15 - 2014-07-24 17:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-09-14 15:15 - 2014-07-24 17:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-09-14 15:15 - 2014-07-24 17:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-09-14 15:15 - 2014-07-24 17:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-09-14 15:15 - 2014-07-24 17:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-09-14 15:15 - 2014-07-24 17:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-09-14 15:15 - 2014-07-24 17:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-09-14 15:15 - 2014-07-24 17:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-09-14 15:15 - 2014-07-24 17:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2014-09-14 15:15 - 2014-07-24 16:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-09-14 15:15 - 2014-07-24 15:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-09-14 15:15 - 2014-07-24 15:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-09-14 15:15 - 2014-07-24 15:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
2014-09-14 15:15 - 2014-07-24 15:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-09-14 15:15 - 2014-07-24 15:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-09-14 15:15 - 2014-07-24 15:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-09-14 15:15 - 2014-07-24 15:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-09-14 15:15 - 2014-07-24 15:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-09-14 15:15 - 2014-07-24 15:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2014-09-14 15:15 - 2014-07-24 13:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2014-09-14 15:15 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2014-09-14 15:15 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2014-09-14 15:15 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2014-09-14 15:15 - 2014-07-24 13:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2014-09-14 15:15 - 2014-07-24 13:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-09-14 15:15 - 2014-07-24 13:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-09-14 15:15 - 2014-07-24 13:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-09-14 15:15 - 2014-07-24 13:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2014-09-14 15:15 - 2014-07-24 13:42 - 01200640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-09-14 15:15 - 2014-07-24 13:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-09-14 15:15 - 2014-07-24 13:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2014-09-14 15:15 - 2014-07-24 13:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2014-09-14 15:15 - 2014-07-24 13:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-09-14 15:15 - 2014-07-24 13:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-09-14 15:15 - 2014-07-24 13:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2014-09-14 15:15 - 2014-07-24 13:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2014-09-14 15:15 - 2014-07-24 13:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-09-14 15:15 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2014-09-14 15:15 - 2014-07-24 12:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2014-09-14 15:15 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2014-09-14 15:15 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2014-09-14 15:15 - 2014-07-24 12:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2014-09-14 15:15 - 2014-07-24 12:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2014-09-14 15:15 - 2014-07-24 12:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-09-14 15:15 - 2014-07-24 12:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2014-09-14 15:15 - 2014-07-24 12:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2014-09-14 15:15 - 2014-07-24 12:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2014-09-14 15:15 - 2014-07-24 12:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2014-09-14 15:15 - 2014-07-24 12:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-09-14 15:15 - 2014-07-24 12:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-09-14 15:15 - 2014-07-24 12:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-09-14 15:15 - 2014-07-24 12:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2014-09-14 15:15 - 2014-07-24 12:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-09-14 15:15 - 2014-07-24 12:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-09-14 15:15 - 2014-07-24 12:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-09-14 15:15 - 2014-07-24 11:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2014-09-14 15:15 - 2014-07-24 11:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2014-09-14 15:15 - 2014-07-24 11:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2014-09-14 15:15 - 2014-07-24 11:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2014-09-14 15:15 - 2014-07-24 11:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-09-14 15:15 - 2014-07-24 11:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2014-09-14 15:15 - 2014-07-24 11:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2014-09-14 15:15 - 2014-07-24 11:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-09-14 15:15 - 2014-07-24 11:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-09-14 15:15 - 2014-07-24 11:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2014-09-14 15:15 - 2014-07-24 11:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-09-14 15:15 - 2014-07-24 11:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-09-14 15:15 - 2014-07-24 11:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2014-09-14 15:15 - 2014-07-24 11:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2014-09-14 15:15 - 2014-07-24 11:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2014-09-14 15:15 - 2014-07-24 11:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2014-09-14 15:15 - 2014-07-24 11:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2014-09-14 15:15 - 2014-07-24 11:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2014-09-14 15:15 - 2014-07-24 11:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2014-09-14 15:15 - 2014-07-24 11:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-09-14 15:15 - 2014-07-24 11:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-09-14 15:15 - 2014-07-24 11:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-09-14 15:15 - 2014-07-24 11:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-09-14 15:15 - 2014-07-24 10:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2014-09-14 15:15 - 2014-07-24 10:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-09-14 15:15 - 2014-07-24 10:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-09-14 15:15 - 2014-07-24 10:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-09-14 15:15 - 2014-07-24 10:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-09-14 15:15 - 2014-07-24 10:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-09-14 15:15 - 2014-07-24 10:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-09-14 15:15 - 2014-07-24 10:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2014-09-14 15:15 - 2014-07-24 10:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-09-14 15:15 - 2014-07-24 10:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2014-09-14 15:15 - 2014-07-24 10:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-09-14 15:15 - 2014-07-24 10:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-09-14 15:15 - 2014-07-24 10:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-09-14 15:15 - 2014-07-24 10:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-09-14 15:15 - 2014-07-24 10:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-14 15:15 - 2014-07-24 10:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2014-09-14 15:15 - 2014-07-24 10:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-09-14 15:15 - 2014-07-24 10:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-09-14 15:15 - 2014-07-24 10:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-09-14 15:15 - 2014-07-24 10:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-09-14 15:15 - 2014-07-24 10:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-09-14 15:15 - 2014-07-24 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2014-09-14 15:15 - 2014-07-24 10:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-14 15:15 - 2014-07-24 10:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2014-09-14 15:15 - 2014-07-24 10:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2014-09-14 15:15 - 2014-07-24 10:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2014-09-14 15:15 - 2014-07-24 10:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-14 15:15 - 2014-07-24 10:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2014-09-14 15:15 - 2014-07-24 10:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2014-09-14 15:15 - 2014-07-24 10:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-09-14 15:15 - 2014-07-24 10:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-09-14 15:15 - 2014-07-24 10:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-09-14 15:15 - 2014-07-24 10:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-09-14 15:15 - 2014-07-24 10:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2014-09-14 15:15 - 2014-07-24 10:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2014-09-14 15:15 - 2014-07-24 10:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-14 15:15 - 2014-07-24 10:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2014-09-14 15:15 - 2014-07-24 10:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-14 15:15 - 2014-07-24 10:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-14 15:15 - 2014-07-24 10:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-09-14 15:15 - 2014-07-24 10:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2014-09-14 15:15 - 2014-07-24 10:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-09-14 15:15 - 2014-07-24 09:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2014-09-14 15:15 - 2014-07-24 09:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2014-09-14 15:15 - 2014-07-24 09:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2014-09-14 15:15 - 2014-07-24 09:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2014-09-14 15:15 - 2014-07-24 09:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-09-14 15:15 - 2014-07-24 09:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2014-09-14 15:15 - 2014-07-24 09:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2014-09-14 15:15 - 2014-07-24 09:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
2014-09-14 15:15 - 2014-07-24 09:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-09-14 15:15 - 2014-07-24 09:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2014-09-14 15:15 - 2014-07-24 09:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2014-09-14 15:15 - 2014-07-24 09:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-09-14 15:15 - 2014-07-24 09:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-09-14 15:15 - 2014-07-24 06:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-09-14 15:15 - 2014-07-24 06:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
2014-09-14 15:15 - 2014-07-12 07:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2014-09-14 15:15 - 2014-07-12 06:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2014-09-14 15:15 - 2014-07-12 06:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-09-14 15:15 - 2014-07-04 14:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-09-14 15:15 - 2014-07-04 12:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2014-09-14 15:15 - 2014-07-04 12:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-09-14 15:15 - 2014-07-04 12:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2014-09-14 15:15 - 2014-07-04 12:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-09-14 15:15 - 2014-07-04 11:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2014-09-14 15:15 - 2014-07-04 11:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2014-09-14 15:15 - 2014-06-27 08:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-09-14 15:15 - 2014-06-26 02:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-09-14 15:15 - 2014-06-26 02:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2014-09-14 15:15 - 2014-06-20 01:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-09-14 15:15 - 2014-06-19 04:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-09-14 15:15 - 2014-06-14 07:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-09-14 15:15 - 2014-06-07 14:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-09-14 15:15 - 2014-06-07 12:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-09-14 15:15 - 2014-06-05 16:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-09-14 15:15 - 2014-06-05 12:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-09-14 15:15 - 2014-06-05 11:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-09-14 15:15 - 2014-05-31 07:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2014-09-14 15:15 - 2014-05-31 06:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2014-09-14 15:15 - 2014-05-29 08:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-09-14 15:15 - 2014-05-29 07:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-09-14 15:15 - 2014-05-29 07:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-09-14 15:15 - 2014-05-29 06:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-09-14 15:15 - 2014-05-26 09:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2014-09-14 15:15 - 2014-05-10 12:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2014-09-14 15:15 - 2014-05-10 10:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2014-09-14 15:15 - 2014-05-06 06:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-09-14 15:15 - 2014-05-06 02:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-09-14 15:15 - 2014-03-25 04:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2014-09-14 15:15 - 2014-03-25 04:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2014-09-14 15:15 - 2014-03-25 03:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2014-09-14 15:15 - 2014-03-25 03:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2014-09-14 15:14 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2014-09-14 15:14 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2014-09-14 15:14 - 2014-07-24 13:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-09-14 15:14 - 2014-07-24 13:41 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2014-09-14 15:14 - 2014-07-24 13:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2014-09-14 15:14 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL
2014-09-14 15:14 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2014-09-14 15:14 - 2014-07-24 11:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-09-14 15:14 - 2014-07-24 11:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2014-09-14 15:14 - 2014-07-24 10:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2014-09-14 15:14 - 2014-07-24 10:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 15:14 - 2014-07-24 10:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2014-09-14 15:14 - 2014-07-24 10:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-14 15:14 - 2014-07-24 10:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2014-09-14 15:14 - 2014-07-24 10:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 15:14 - 2014-07-24 10:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-14 15:14 - 2014-07-24 10:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-09-14 15:14 - 2014-07-12 07:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-09-14 15:14 - 2014-07-12 06:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-09-14 15:14 - 2014-07-10 01:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-09-14 15:05 - 2014-08-23 09:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-14 15:05 - 2014-08-23 09:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-14 15:05 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-14 15:05 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-14 15:05 - 2014-08-23 06:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-14 15:05 - 2014-08-23 06:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-14 15:05 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-14 15:05 - 2014-08-23 06:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-14 15:05 - 2014-08-23 06:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-14 15:05 - 2014-07-30 03:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-14 15:05 - 2014-07-29 07:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-14 15:00 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-11 18:55 - 2014-09-11 18:55 - 00023294 _____ () C:\Users\Tim\Downloads\Private-Nachrichten-RvH-11.09.2014.txt
2014-09-11 18:42 - 2014-09-14 23:33 - 00000000 ____D () C:\Users\Tim\AppData\Local\Adobe
2014-09-11 14:16 - 2014-09-11 14:16 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-11 08:43 - 2014-09-05 04:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-11 08:43 - 2014-09-05 04:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-11 08:43 - 2014-09-05 02:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-11 07:50 - 2014-08-16 04:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-11 07:50 - 2014-08-16 04:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-11 07:50 - 2014-08-16 04:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-11 07:50 - 2014-08-16 04:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-11 07:50 - 2014-08-16 03:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-11 07:50 - 2014-08-16 03:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-11 07:50 - 2014-08-16 03:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-11 07:50 - 2014-08-16 03:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-11 07:50 - 2014-08-16 03:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-11 07:50 - 2014-08-16 03:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-11 07:50 - 2014-08-16 03:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-11 07:50 - 2014-08-16 03:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-11 07:50 - 2014-08-16 03:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-11 07:50 - 2014-08-16 03:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-11 07:50 - 2014-08-16 03:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-11 07:50 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-11 07:50 - 2014-08-16 03:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-11 07:50 - 2014-08-16 03:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-11 07:50 - 2014-08-16 03:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-11 07:50 - 2014-08-16 03:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-11 07:50 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-11 07:50 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 07:50 - 2014-08-16 02:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-11 07:50 - 2014-08-16 02:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-11 07:50 - 2014-08-16 02:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-11 07:50 - 2014-08-16 02:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-11 07:50 - 2014-08-16 02:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-11 07:50 - 2014-08-16 02:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-11 07:50 - 2014-08-16 02:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-11 07:50 - 2014-08-16 02:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-11 07:50 - 2014-08-16 02:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-11 07:50 - 2014-08-16 02:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-11 07:50 - 2014-08-16 02:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-11 07:50 - 2014-08-16 02:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-11 07:50 - 2014-08-16 02:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-11 06:16 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-11 06:14 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-11 06:14 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-10 15:22 - 2014-06-07 20:13 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-10 15:20 - 2014-02-10 19:45 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-10 15:20 - 2014-02-10 19:45 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-10 14:56 - 2013-12-19 04:15 - 01250592 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-10 14:38 - 2013-12-19 04:22 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-10-10 14:38 - 2013-12-19 04:22 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-10-10 14:38 - 2013-08-28 10:36 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-10 14:36 - 2014-02-10 19:15 - 00000000 __RDO () C:\Users\Tim\SkyDrive
2014-10-10 13:33 - 2014-02-11 11:14 - 11221642 _____ () C:\Users\Public\CAFADEBUG.log
2014-10-10 12:32 - 2014-02-10 19:17 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-564833548-2393907387-3086590010-1001
2014-10-10 12:11 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-10 11:29 - 2014-04-11 15:06 - 00000000 ____D () C:\Users\Tim\.gimp-2.8
2014-10-10 11:27 - 2014-04-11 15:43 - 00000000 ____D () C:\Users\Tim\AppData\Local\gtk-2.0
2014-10-10 11:27 - 2014-02-18 19:36 - 09138176 ___SH () C:\Users\Tim\Desktop\Thumbs.db
2014-10-10 10:02 - 2014-02-10 19:17 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DF7CA1D1-2044-4C69-A18C-440D153AF9DE}
2014-10-09 23:45 - 2014-04-14 00:37 - 00003041 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FaceGen Modeller 3.5 Free.lnk
2014-10-09 19:53 - 2014-02-23 22:06 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Spotify
2014-10-09 19:46 - 2014-02-10 20:41 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-09 17:23 - 2014-02-23 22:07 - 00000000 ____D () C:\Users\Tim\AppData\Local\Spotify
2014-10-09 17:20 - 2014-02-10 19:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-09 16:11 - 2014-02-10 19:22 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Nitro PDF
2014-10-09 15:59 - 2013-08-28 10:34 - 00116948 _____ () C:\WINDOWS\PFRO.log
2014-10-09 15:59 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-09 15:58 - 2013-12-19 04:14 - 00025088 _____ () C:\WINDOWS\system32\VfService.trf
2014-10-09 15:58 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-09 15:47 - 2014-03-31 17:53 - 00000000 ____D () C:\Users\Tim\Desktop\Football Manager 2014
2014-10-09 15:40 - 2014-03-15 14:44 - 00002165 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startmenü.lnk
2014-10-08 00:18 - 2014-02-16 22:28 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Skype
2014-10-07 19:07 - 2013-12-19 03:28 - 00014205 _____ () C:\WINDOWS\setupact.log
2014-10-07 13:38 - 2013-08-22 16:44 - 00371584 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-07 12:53 - 2014-02-10 19:08 - 00000000 ____D () C:\Users\Tim
2014-10-07 11:12 - 2014-03-04 10:50 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-10-07 11:12 - 2014-03-03 17:03 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-10-07 11:12 - 2014-03-03 17:03 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-10-05 14:49 - 2014-05-22 16:57 - 00337920 ___SH () C:\Users\Tim\Documents\Thumbs.db
2014-09-29 17:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-28 15:00 - 2013-08-22 21:12 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
2014-09-28 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-09-28 15:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-09-26 15:15 - 2014-02-10 19:45 - 00004104 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-26 15:15 - 2014-02-10 19:45 - 00003868 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-26 14:37 - 2014-02-10 19:45 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 17:56 - 2013-08-22 17:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-11 18:48 - 2014-02-11 18:40 - 00000000 ____D () C:\ldiag
2014-09-11 14:16 - 2014-08-05 11:28 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-11 14:16 - 2014-03-03 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-11 14:16 - 2014-03-03 17:03 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-11 11:33 - 2014-07-09 16:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-09-11 11:33 - 2014-02-17 13:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-11 11:27 - 2014-02-17 13:41 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-11 07:51 - 2014-06-12 12:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-11 07:51 - 2014-06-12 12:51 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-11 07:51 - 2014-06-12 12:51 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-11 07:51 - 2014-06-12 12:51 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-11 07:51 - 2014-06-12 12:51 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-11 07:51 - 2014-06-12 12:51 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-11 07:51 - 2014-06-12 12:51 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-11 07:51 - 2014-06-12 12:51 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-11 07:51 - 2014-06-12 12:51 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-11 07:51 - 2014-06-12 12:51 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-11 07:51 - 2014-05-03 10:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-11 07:51 - 2014-02-12 16:49 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-11 07:50 - 2014-06-12 12:58 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-11 07:50 - 2014-06-12 12:51 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-11 07:50 - 2014-06-12 12:51 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-11 07:50 - 2014-06-12 12:51 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll

Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\avgnt.exe
C:\Users\Tim\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Tim\AppData\Local\Temp\oct1E4F.tmp.exe
C:\Users\Tim\AppData\Local\Temp\oct562.tmp.exe
C:\Users\Tim\AppData\Local\Temp\octB6D2.tmp.exe
C:\Users\Tim\AppData\Local\Temp\Quarantine.exe
C:\Users\Tim\AppData\Local\Temp\SRLDetectionLibrary7783834573432956378.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-07 18:37

==================== End Of Log ============================
         
Additional.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by Tim at 2014-10-10 16:10:33
Running from C:\Users\Tim\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ALTools Update (HKLM-x32\...\ALUpdate_is1) (Version: v11.4.28.1 - ESTsoft Corp.)
ALZip 8.51 (HKLM-x32\...\ALZip_is1) (Version: v8.51 - ESTsoft Corp.)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Benutzerhandbuch (x32 Version: 1.0.0.17 - Lenovo) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04063 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04063 - Cisco Systems, Inc.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.3.53 - Conexant)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PhotoDirector 3 (x32 Version: 3.0.1.4107 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FaceGen Modeller 3.5 Free (HKLM-x32\...\{86BDD105-114A-4B20-BF8B-E46C7159A641}) (Version: 3.5.3 - Singular Inversions Inc.)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.3 - Google Inc.) Hidden
ICQ 8.2 (build 6901) (HKCU\...\ICQ) (Version: 8.2.6901.0 - ICQ)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1327.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.25.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
Nitro Pro 8 (HKLM\...\{C0EE31FB-F593-4128-8A86-FDB37BA2486D}) (Version: 8.5.6.5 - Nitro)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PNotes 9.3.0 (HKLM-x32\...\{949D34E5-F53F-4830-9A50-1E2C39109043}_is1) (Version: 9.3.0 - Andrey Gruber)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
The Testament of Sherlock Holmes (HKLM-x32\...\Steam App 205650) (Version:  - Frogwares)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BE94768F-5232-11E3-BD78-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Visionaire 3.7.1 (HKLM-x32\...\Visionaire_is1) (Version: v3.7.1 - Visionaire Team)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-564833548-2393907387-3086590010-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-564833548-2393907387-3086590010-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)

==================== Restore Points  =========================

22-09-2014 18:38:19 Geplanter Prüfpunkt
05-10-2014 16:16:14 Geplanter Prüfpunkt
07-10-2014 10:50:53 Removed Vegas Pro 12.0 (64-bit)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0901906A-EE4B-49D3-8D14-B82CD3051ACE} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-25] (Lenovo)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {254ACE9F-F613-4A96-AF0C-E29482FD0839} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {27D8088A-0BBD-4835-B0E7-9774CA70C105} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {522A9D8F-FBC9-46B8-937E-5A8F28B14663} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)
Task: {56C66E61-C874-4C1B-A294-5A1BC44055B5} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {66B5DF60-FBE1-44E0-B62E-7A7520D58538} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {742B913B-5E8B-4984-A8B1-EDE70C2AF7FC} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {767B6349-0F04-4ED8-B19D-80A5AD7B4E05} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A620E400-D18E-4E2D-875C-ABDD9E98FA92} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {B0E0072E-D619-4DE8-A9B4-2DC356AC4CD3} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {C88038DC-0059-4781-B6FC-B0E1BD5D62F9} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D68A16A2-7AFA-470A-9C02-27BA04258C47} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-11] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E5FF274C-1A6B-4C6E-9B4A-5CD992048819} - System32\Tasks\Start Registry Reviver for TIMSPC@Tim(logon) => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E7881F17-F10E-4915-8CBD-B838E4F6A60E} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [2013-06-03] ()
Task: {E97F7AD0-2015-4D58-9708-C40C4691BD23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-10] (Google Inc.)
Task: {EA265D6D-C937-4B42-86F9-5BCBE56867CA} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {F58360BE-E294-4D6D-B972-72AFDBFF264D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-10] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-19 04:10 - 2012-04-24 12:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-12-19 04:14 - 2013-12-19 04:14 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-12-19 04:14 - 2013-12-19 04:14 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2013-10-09 03:08 - 2013-09-19 23:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-19 23:29 - 2013-07-19 23:29 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2013-12-19 03:47 - 2013-08-08 23:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-08-05 11:28 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Tim\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-25 15:19 - 2014-09-23 06:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 15:19 - 2014-09-23 06:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 15:19 - 2014-09-23 06:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 15:19 - 2014-09-23 06:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 15:19 - 2014-09-23 06:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Tim\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Tim\Desktop\Einladung zum Einstelltag Mercedes-Benz Werk Bremen - Sommer 2014.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-564833548-2393907387-3086590010-500 - Administrator - Disabled)
Gast (S-1-5-21-564833548-2393907387-3086590010-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-564833548-2393907387-3086590010-1003 - Limited - Enabled)
Tim (S-1-5-21-564833548-2393907387-3086590010-1001 - Administrator - Enabled) => C:\Users\Tim

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2014 04:07:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/10/2014 04:05:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/10/2014 03:17:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/10/2014 02:41:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/10/2014 02:41:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/10/2014 02:41:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/10/2014 02:41:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/10/2014 02:37:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: TIMSPC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/10/2014 09:59:59 AM) (Source: MsiInstaller) (EventID: 1024) (User: TIMSPC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/09/2014 11:48:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TIMSPC)
Description: Bei der Aktivierung der App „Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (10/10/2014 00:18:42 AM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/10/2014 00:18:42 AM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/10/2014 00:18:36 AM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/10/2014 00:18:36 AM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/10/2014 00:18:36 AM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/10/2014 00:18:36 AM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/10/2014 00:18:30 AM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/10/2014 00:18:30 AM) (Source: DCOM) (EventID: 10010) (User: TIMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/09/2014 11:46:00 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Programmkompatibilitäts-Assistent-Dienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (10/09/2014 11:46:00 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Gerätezuordnungsdienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056


Microsoft Office Sessions:
=========================
Error: (10/10/2014 04:07:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Tim\Downloads\esetsmartinstaller_deu.exe

Error: (10/10/2014 04:05:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (10/10/2014 03:17:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/10/2014 02:41:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Tim\Downloads\esetsmartinstaller_deu.exe

Error: (10/10/2014 02:41:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Tim\Downloads\esetsmartinstaller_deu.exe

Error: (10/10/2014 02:41:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Tim\Downloads\esetsmartinstaller_deu.exe

Error: (10/10/2014 02:41:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Tim\Downloads\esetsmartinstaller_deu.exe

Error: (10/10/2014 02:37:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: TIMSPC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

Error: (10/10/2014 09:59:59 AM) (Source: MsiInstaller) (EventID: 1024) (User: TIMSPC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

Error: (10/09/2014 11:48:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TIMSPC)
Description: Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance-2144927151


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 44%
Total physical RAM: 3993.77 MB
Available physical RAM: 2234.38 MB
Total Pagefile: 4697.77 MB
Available Pagefile: 2566.44 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.54 GB) (Free:309.37 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6D1D11D8)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4ee7b4861981744abbca88c7edaa410b
# engine=20535
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-10 02:02:30
# local_time=2014-10-10 04:02:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 21693 20581305 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 12767284 37831043 0 0
# scanned=255188
# found=7
# cleaned=0
# scan_time=4489
sh=99F97AD369E8621AB4D17DF53E80E60FEE99C727 ft=1 fh=42567613b862d846 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tim\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=B9A96D9AE94C4B42CA5499933F6DF218B3903768 ft=1 fh=966b3592656dc188 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=8E36D80CCE830F01F502A687D6982012B5B920DA ft=1 fh=87b12b42e3a04dec vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000"
sh=18CD6E982F1C2DC68CB0F655109C160A7F890AE9 ft=1 fh=73973d65ece782a2 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Tim\Downloads\avira_free_antivirus1403_de.exe"
sh=AF949ED77CAC00286BE4ECA2A039B24C3A0DCAD1 ft=1 fh=fa18d4a81178626d vn="Variante von Win32/BitCoinMiner.BJ potenziell unsichere Anwendung" ac=I fn="C:\Users\Tim\Downloads\dogecoin-qt-1_5_1-win-setup.exe"
sh=1AFE71AC47E8BFF68965763E4912141B8F006560 ft=1 fh=6b5d9090cb9c8294 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tim\Downloads\Sony Vegas Pro - CHIP-Downloader.exe"
sh=C170F328EAB4AC5F0A925A34CC4BECA8A0167272 ft=1 fh=039217e3e3ddbd10 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tim\Downloads\Thunderbird - CHIP-Installer.exe"
         
---> Die gefundenen Anwendungen habe ich nun erstmal so unverändert gelassen. Ist ein Löschen derzeit nicht notwendig?
Security Check:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop      
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Adobe Flash Player 	15.0.0.152  
 Adobe Reader XI  
 Mozilla Thunderbird (24.6.0) 
 Google Chrome 37.0.2062.120  
 Google Chrome 37.0.2062.124  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
MfG,
rvh

Alt 11.10.2014, 11:32   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Schädling/Datei hat sich ungebeten installiert - Standard

Schädling/Datei hat sich ungebeten installiert



Download Ordner leeren.

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
ProxyServer: 217.12.201.22:3128
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.10.2014, 20:46   #10
rvh
 
Schädling/Datei hat sich ungebeten installiert - Standard

Schädling/Datei hat sich ungebeten installiert



Hallo,
ich war leider so doof und habe DelFix ausgeführt, bevor ich hier die Fixlog.txt gepostet hatte und diese wurde nun auch entfernt. Es gab einen Eintrag, an den genauen Titel konnte ich mich nicht mehr erinnern (es war etwas mit "remove" und proxy"). Soll ich weitere Schritte ausführen um eine neue Fixlog.txt zu erzeugen oder ist es so auch ok?

Ich danke dir auf jeden Fall vielmals für dein Engagement und deine Zeit um mir zu helfen! Hattest du in den Logs eigentlich einen Schädling erkannt oder war mein Rechner nicht befallen?

Vielen Dank und mit freundlichen Grüßen,
rvh

Alt 13.10.2014, 14:52   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Schädling/Datei hat sich ungebeten installiert - Standard

Schädling/Datei hat sich ungebeten installiert



passt schon.

Ja war jede Menge Adware drauf.


Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Schädling/Datei hat sich ungebeten installiert
4d36e972-e325-11ce-bfc1-08002be10318, feedback, fehlercode 0xc0000005, fehlercode 1, fehlercode 22, pup.optional.softonic.a, pup.optional.somoto, spotify web helper, this device is disabled. (code 22), win32/bitcoinminer.bj, win32/bundled.toolbar.ask.d, win32/downloadsponsor.a, win32/somoto.a, windowsapps



Ähnliche Themen: Schädling/Datei hat sich ungebeten installiert


  1. Windows 8 : Goodgame Empire hat sich selbst installiert, lässt sich nicht löschen
    Log-Analyse und Auswertung - 27.01.2015 (1)
  2. Software installiert sich von alleine
    Log-Analyse und Auswertung - 15.12.2014 (1)
  3. Textdatei oui_mem_leak.txt auf dem Rechner gefunden. Handelt es sich um einen Schädling?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2014 (9)
  4. Firefox: Yahoo community smartbar hat sich selbst installiert und ließ sich schlecht entfernen
    Log-Analyse und Auswertung - 21.02.2014 (11)
  5. TubeSaver hat sich installiert. Virus?
    Plagegeister aller Art und deren Bekämpfung - 03.09.2013 (31)
  6. Adobe Acrobat XI (englisch) installiert sich von selbst, obwohl Acrobat XI Pro installiert ist
    Plagegeister aller Art und deren Bekämpfung - 21.01.2013 (19)
  7. Kann sich ein Schädling auf Hardware/Peripherie (z.b. einem Drucker) einnisten?
    Netzwerk und Hardware - 26.09.2011 (6)
  8. FLV direct Player installiert sich von selbst, Maus lässt sich nicht steuern
    Plagegeister aller Art und deren Bekämpfung - 30.07.2010 (5)
  9. Virus der sich immer wieder installiert!
    Antiviren-, Firewall- und andere Schutzprogramme - 28.05.2010 (10)
  10. schädling lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 14.03.2010 (0)
  11. Hat sich der Trojaner TR/Crypt.CC.53 installiert?
    Plagegeister aller Art und deren Bekämpfung - 08.07.2009 (2)
  12. mvc2007de.zip installiert sich statt scannertreiber
    Alles rund um Windows - 16.03.2009 (0)
  13. Antivir64 möchte sich installieren oder hat sich schon installiert. Wer kann helfen?
    Log-Analyse und Auswertung - 03.09.2008 (1)
  14. Killandclean hat sich installiert!
    Plagegeister aller Art und deren Bekämpfung - 16.08.2006 (1)
  15. SpywareStrike installiert sich schon zum 5 mal
    Plagegeister aller Art und deren Bekämpfung - 28.01.2006 (2)
  16. install.exe installiert sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 17.02.2005 (1)
  17. Schädling oder nicht Schädling ?!?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2004 (0)

Zum Thema Schädling/Datei hat sich ungebeten installiert - Hallo, heute habe ich im Internet gesurft, als mir für einige Sekunden ein kleines Fenster im Browser aufgefallen ist. Es zeigte zwei Ordner, zwischen denen eine Animation lief - das - Schädling/Datei hat sich ungebeten installiert...
Archiv
Du betrachtest: Schädling/Datei hat sich ungebeten installiert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.